cant run RootRepeal & rootkit unhooker - System infected?

[Eli211]

rootkit unhooker error: error loading driver, NTSTATUS code: C0000001

 

Rootrepeal error:

 

ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows Vista SP1
Exception Code: 0xc0000005
Exception Address: 0x00429d13
Attempt to write to address: 0x0131c000
 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16736
Run by Klais at 3:45:58 on 2013-11-25
Microsoft Windows 7 Enterprise   6.1.7601.1.1257.372.1033.18.1640.899 [GMT 2:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\!!\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{F7D01C2A-4BA0-425B-A4BB-36955049F769} : NameServer = 192.168.1.254
TCP: Interfaces\{F7D01C2A-4BA0-425B-A4BB-36955049F769} : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\klais\appdata\roaming\mozilla\firefox\profiles\vfwmnzg9.default\
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_152.dll
.
============= SERVICES / DRIVERS ===============
.
R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\drivers\netr28.sys [2013-11-12 1590880]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2013-11-12 521320]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-11-16 418376]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-11-16 701512]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-11-16 22856]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-11-14 1343400]
.
=============== Created Last 30 ================
.
2013-11-25 01:39:20    24448    ----a-w-    c:\windows\system32\drivers\rkhdrv40.sys
2013-11-25 01:20:45    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-11-25 01:20:39    --------    d-----w-    c:\users\klais\appdata\local\temp
2013-11-25 01:06:17    98816    ----a-w-    c:\windows\sed.exe
2013-11-25 01:06:17    256000    ----a-w-    c:\windows\PEV.exe
2013-11-25 01:06:17    208896    ----a-w-    c:\windows\MBR.exe
2013-11-25 01:06:04    --------    d-----w-    C:\ComboFix
2013-11-25 00:38:38    7772552    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{b90e31a5-54b3-4fdc-8bb4-8b41451da4db}\mpengine.dll
2013-11-25 00:38:32    --------    d-----w-    C:\80608dc998d28290d7
2013-11-24 23:06:33    --------    d-----w-    c:\users\klais\appdata\local\CrashDumps
2013-11-24 22:48:14    --------    d-----w-    c:\programdata\Max Secure
2013-11-24 22:39:05    --------    d-----w-    c:\users\klais\appdata\local\Max Secure Software
2013-11-24 22:35:00    --------    d-----w-    c:\users\klais\appdata\roaming\GetRightToGo
2013-11-24 19:55:13    --------    d-----w-    C:\RkUnhooker
2013-11-21 22:26:33    --------    d-----w-    c:\program files\pia_manager
2013-11-18 16:37:51    --------    d-----w-    C:\!!
2013-11-17 23:10:03    26840    ----a-w-    c:\windows\system32\drivers\GEARAspiWDM.sys
2013-11-17 23:09:09    --------    d-----w-    c:\program files\iPod
2013-11-17 23:09:08    --------    d-----w-    c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-17 23:09:08    --------    d-----w-    c:\program files\iTunes
2013-11-16 23:16:26    218184    ----a-w-    C:\rundll32.exe
2013-11-16 23:16:26    218184    ----a-w-    C:\mbam-chameleon.scr
2013-11-16 23:16:26    218184    ----a-w-    C:\mbam-chameleon.exe
2013-11-16 23:16:26    218184    ----a-w-    C:\mbam-chameleon.com
2013-11-16 23:16:26    218184    ----a-w-    C:\iexplore.exe
2013-11-16 23:16:26    218184    ----a-w-    C:\firefox.scr
2013-11-16 23:16:26    218184    ----a-w-    C:\firefox.exe
2013-11-16 23:16:26    218184    ----a-w-    C:\firefox.com
2013-11-16 00:17:26    --------    d-----w-    c:\programdata\Malwarebytes
2013-11-16 00:17:25    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-11-16 00:17:24    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-11-15 20:40:57    272496    ----a-w-    c:\program files\mozilla firefox\browser\components\browsercomps.dll
2013-11-15 18:30:49    --------    d-----w-    c:\program files\Synaptics
2013-11-15 12:55:21    --------    d-----w-    c:\users\klais\appdata\roaming\Foxit Software
2013-11-15 12:55:20    --------    d-----w-    c:\program files\Foxit Software
2013-11-14 20:28:50    76288    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2013-11-14 20:28:50    6016    ----a-w-    c:\windows\system32\drivers\usbd.sys
2013-11-14 20:28:50    43008    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2013-11-14 20:28:50    284672    ----a-w-    c:\windows\system32\drivers\usbport.sys
2013-11-14 20:28:50    258560    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2013-11-14 20:28:50    24064    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2013-11-14 20:28:50    20480    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2013-11-14 05:21:36    55808    ----a-w-    c:\windows\system32\drivers\hidclass.sys
2013-11-14 05:21:35    25728    ----a-w-    c:\windows\system32\drivers\hidparse.sys
2013-11-14 05:21:26    317440    ----a-w-    c:\windows\system32\spoolsv.exe
2013-11-14 05:20:36    15872    ----a-w-    c:\windows\system32\drivers\usb8023.sys
2013-11-14 05:20:18    376832    ----a-w-    c:\windows\system32\dpnet.dll
2013-11-14 05:20:09    196328    ----a-w-    c:\windows\system32\drivers\fvevol.sys
2013-11-14 05:19:59    67520    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2013-11-14 05:19:59    369848    ----a-w-    c:\windows\system32\drivers\cng.sys
2013-11-14 05:19:59    247808    ----a-w-    c:\windows\system32\schannel.dll
2013-11-14 05:19:59    136640    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2013-11-14 05:19:59    1038848    ----a-w-    c:\windows\system32\lsasrv.dll
2013-11-14 05:19:58    99840    ----a-w-    c:\windows\system32\sspicli.dll
2013-11-14 05:19:58    220160    ----a-w-    c:\windows\system32\ncrypt.dll
2013-11-14 05:19:58    22016    ----a-w-    c:\windows\system32\secur32.dll
2013-11-14 05:19:58    22016    ----a-w-    c:\windows\system32\lsass.exe
2013-11-14 05:19:58    15872    ----a-w-    c:\windows\system32\sspisrv.dll
2013-11-14 05:19:14    1230336    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2013-11-14 05:18:35    1168384    ----a-w-    c:\windows\system32\crypt32.dll
2013-11-14 05:18:09    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-11-14 05:17:39    86016    ----a-w-    c:\windows\system32\drivers\usbcir.sys
2013-11-14 05:17:39    146816    ----a-w-    c:\windows\system32\drivers\usbvideo.sys
2013-11-14 05:13:31    --------    d-----w-    c:\windows\system32\Wat
2013-11-13 06:04:23    --------    d-----r-    c:\program files\Skype
2013-11-13 00:33:08    293376    ----a-w-    c:\windows\system32\browserchoice.exe
2013-11-12 22:12:55    --------    d-----w-    c:\programdata\AVS4YOU
2013-11-12 22:12:42    --------    d-----w-    c:\users\klais\appdata\roaming\AVS4YOU
2013-11-12 21:49:05    1247744    ----a-w-    c:\windows\system32\DWrite.dll
2013-11-12 21:05:58    --------    d-----w-    c:\windows\system32\appmgmt
2013-11-12 20:48:44    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-11-12 20:48:44    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-11-12 20:48:44    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-11-12 20:48:44    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-11-12 20:48:44    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin.dll
2013-11-12 20:35:04    --------    d-----w-    c:\users\klais\appdata\local\Apple
2013-11-12 20:34:35    9728    ----a-w-    c:\windows\system32\Wdfres.dll
2013-11-12 20:34:35    47720    ----a-w-    c:\windows\system32\drivers\WdfLdr.sys
2013-11-12 20:34:29    --------    d-----w-    c:\users\klais\appdata\local\ElevatedDiagnostics
2013-11-12 20:33:11    --------    d-----w-    c:\program files\Bonjour
2013-11-12 20:30:02    66560    ----a-w-    c:\windows\system32\drivers\WUDFPf.sys
2013-11-12 20:30:02    155136    ----a-w-    c:\windows\system32\drivers\WUDFRd.sys
2013-11-12 20:30:01    73216    ----a-w-    c:\windows\system32\WUDFSvc.dll
2013-11-12 20:30:01    172032    ----a-w-    c:\windows\system32\WUDFPlatform.dll
2013-11-12 20:30:00    38912    ----a-w-    c:\windows\system32\WUDFCoinstaller.dll
2013-11-12 20:29:59    613888    ----a-w-    c:\windows\system32\WUDFx.dll
2013-11-12 20:29:59    196608    ----a-w-    c:\windows\system32\WUDFHost.exe
2013-11-12 20:26:39    --------    d-----w-    c:\users\klais\appdata\local\Macromedia
2013-11-12 20:23:27    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-12 20:23:27    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-11-12 20:21:07    --------    d-----w-    c:\users\klais\appdata\local\Adobe
2013-11-12 19:58:16    49152    ----a-w-    c:\windows\system32\taskhost.exe
2013-11-12 19:51:39    --------    d-----w-    c:\windows\system32\MRT
2013-11-12 19:46:43    46592    ----a-w-    c:\windows\system32\fpb.rs
2013-11-12 19:45:33    240496    ----a-w-    c:\windows\system32\drivers\netio.sys
2013-11-12 19:45:33    187752    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
2013-11-12 19:45:28    52224    ----a-w-    c:\windows\system32\nlaapi.dll
2013-11-12 19:45:28    499712    ----a-w-    c:\windows\system32\iphlpsvc.dll
2013-11-12 19:45:28    35328    ----a-w-    c:\windows\system32\drivers\tcpipreg.sys
2013-11-12 19:45:28    242176    ----a-w-    c:\windows\system32\nlasvc.dll
2013-11-12 19:45:28    18944    ----a-w-    c:\windows\system32\netevent.dll
2013-11-12 19:45:28    175104    ----a-w-    c:\windows\system32\netcorehc.dll
2013-11-12 19:45:28    156672    ----a-w-    c:\windows\system32\ncsi.dll
2013-11-12 19:45:16    1620992    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-11-12 19:45:14    164352    ----a-w-    c:\windows\system32\profsvc.dll
2013-11-12 19:43:23    175104    ----a-w-    c:\windows\system32\wintrust.dll
2013-11-12 19:43:23    140288    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-11-12 19:43:23    103936    ----a-w-    c:\windows\system32\cryptnet.dll
2013-11-12 19:43:05    1211752    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-11-12 19:41:57    2342400    ----a-w-    c:\windows\system32\msi.dll
2013-11-12 19:40:49    769024    ----a-w-    c:\windows\system32\localspl.dll
2013-11-12 19:36:15    --------    d-----w-    c:\users\klais\appdata\local\Apple Computer
2013-11-12 19:36:12    --------    d-----w-    c:\users\klais\appdata\roaming\Titanium
2013-11-12 19:34:02    26624    ----a-w-    c:\windows\system32\drivers\tap0901.sys
2013-11-12 19:32:14    44032    ----a-w-    c:\windows\system32\dhcpcsvc6.dll
2013-11-12 19:32:14    193536    ----a-w-    c:\windows\system32\dhcpcore6.dll
2013-11-12 18:25:59    --------    d-----w-    c:\users\klais\appdata\roaming\Mp3tag
2013-11-12 18:14:59    --------    d-----w-    c:\program files\Mp3tag
2013-11-12 18:12:54    47104    ----a-w-    c:\windows\system32\appinfo.dll
2013-11-12 18:12:54    101720    ----a-w-    c:\windows\system32\consent.exe
2013-11-12 17:55:01    --------    d-----w-    c:\users\klais\appdata\local\Google
2013-11-12 17:54:44    --------    d-----w-    c:\users\klais\appdata\local\Mozilla
2013-11-12 17:54:39    --------    d-----w-    c:\users\klais\appdata\local\Deployment
2013-11-12 17:54:39    --------    d-----w-    c:\users\klais\appdata\local\Apps
2013-11-12 17:54:29    --------    d-----w-    c:\program files\Mozilla Maintenance Service
2013-11-12 17:51:21    --------    dc----w-    c:\users\klais\appdata\local\MigWiz
2013-11-12 17:03:03    --------    d-----w-    c:\users\klais\appdata\roaming\Xilisoft
2013-11-12 17:01:33    --------    d-----w-    c:\programdata\Xilisoft
2013-11-12 17:01:33    --------    d-----w-    c:\program files\Xilisoft
2013-11-12 16:57:35    --------    d-----w-    c:\program files\WinPcap
2013-11-12 16:52:48    --------    d-----w-    c:\program files\WMR14
2013-11-12 16:51:20    --------    d-----w-    c:\programdata\regid.2000-02.com.flashfxp
2013-11-12 16:51:20    --------    d-----w-    c:\programdata\FlashFXP
2013-11-12 16:51:20    --------    d-----w-    c:\program files\FlashFXP 4
2013-11-12 16:51:18    --------    dc-h--w-    c:\programdata\{777DE26B-15BF-40A0-9281-1AFE590584B6}
2013-11-12 16:32:47    --------    d-----w-    c:\users\klais\appdata\roaming\Malwarebytes
2013-11-12 16:32:23    --------    d-----w-    c:\users\klais\appdata\local\Programs
2013-11-12 16:28:36    1700352    ----a-w-    c:\windows\system32\GdiPlus.dll
2013-11-12 16:28:35    24576    ----a-w-    c:\windows\system32\msxml3a.dll
2013-11-12 16:27:35    --------    d-----w-    c:\program files\AVS4YOU
2013-11-12 16:27:20    --------    d-----w-    c:\program files\common files\AVSMedia
2013-11-12 16:27:13    2422272    ----a-w-    c:\windows\system32\wucltux.dll
2013-11-12 16:27:04    88576    ----a-w-    c:\windows\system32\wudriver.dll
2013-11-12 16:26:53    33792    ----a-w-    c:\windows\system32\wuapp.exe
2013-11-12 16:26:53    171904    ----a-w-    c:\windows\system32\wuwebv.dll
2013-11-12 16:23:22    --------    d-----w-    c:\users\klais\appdata\roaming\tor
2013-11-12 16:18:49    --------    d-----w-    C:\!
2013-11-12 16:13:30    --------    d-----w-    c:\program files\sp62137
2013-11-12 16:11:03    238944    ----a-w-    c:\windows\system32\RaCoInst.dll
2013-11-12 16:11:03    1590880    ----a-w-    c:\windows\system32\drivers\netr28.sys
2013-11-12 16:11:02    --------    d-----w-    c:\programdata\Ralink Driver
2013-11-12 16:08:41    --------    d-----w-    c:\programdata\Atheros
2013-11-12 16:07:25    80488    ----a-w-    c:\windows\system32\RtNicProp32.dll
2013-11-12 16:07:25    521320    ----a-w-    c:\windows\system32\drivers\Rt86win7.sys
2013-11-12 16:07:25    100896    ----a-w-    c:\windows\system32\RTNUninst32.dll
2013-11-12 16:07:21    --------    d-----w-    c:\program files\Realtek
2013-11-12 16:06:51    --------    d-----w-    C:\swsetup
.
==================== Find3M  ====================
.
2013-11-12 19:56:30    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-11 03:50:18    230048    ------w-    c:\windows\system32\MpSigStub.exe
2013-10-12 07:03:50    1767936    ----a-w-    c:\windows\system32\wininet.dll
2013-10-12 07:02:33    2877952    ----a-w-    c:\windows\system32\jscript9.dll
2013-10-12 07:02:29    61440    ----a-w-    c:\windows\system32\iesetup.dll
2013-10-12 07:02:29    109056    ----a-w-    c:\windows\system32\iesysprep.dll
2013-10-12 06:08:58    2706432    ----a-w-    c:\windows\system32\mshtml.tlb
2013-10-12 05:15:39    71680    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-10-12 02:03:08    656896    ----a-w-    c:\windows\system32\nshwfp.dll
2013-10-12 02:01:41    679424    ----a-w-    c:\windows\system32\IKEEXT.DLL
2013-10-12 02:01:25    216576    ----a-w-    c:\windows\system32\FWPUCLNT.DLL
2013-10-04 01:58:50    152576    ----a-w-    c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 01:56:25    168960    ----a-w-    c:\windows\system32\credui.dll
2013-10-04 01:56:00    1796096    ----a-w-    c:\windows\system32\authui.dll
2013-10-03 01:58:07    305152    ----a-w-    c:\windows\system32\gdi32.dll
2013-09-14 00:48:58    338944    ----a-w-    c:\windows\system32\drivers\afd.sys
2013-09-08 02:07:12    1294272    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:03:58    231424    ----a-w-    c:\windows\system32\mswsock.dll
2013-08-29 01:51:45    3969472    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-08-29 01:51:45    3914176    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-08-29 01:50:30    1289096    ----a-w-    c:\windows\system32\ntdll.dll
2013-08-29 01:50:16    619520    ----a-w-    c:\windows\system32\tdh.dll
2013-08-29 01:48:17    640512    ----a-w-    c:\windows\system32\advapi32.dll
2013-08-28 01:04:30    2348544    ----a-w-    c:\windows\system32\win32k.sys
2013-08-28 00:57:20    434688    ----a-w-    c:\windows\system32\scavengeui.dll
2013-05-08 08:00:40    2174976    ----a-w-    c:\program files\common files\atimpenc.dll
.
============= FINISH:  3:46:28,99 ===============
 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume1
Install Date: 12.11.2013 18:03:13
System Uptime: 25.11.2013 2:33:25 (1 hours ago)
.
Motherboard: Hewlett-Packard |  | 1885
Processor: AMD E1-1200 APU with Radeon™ HD Graphics | Socket FT1 | 1400/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 296 GiB total, 240,058 GiB free.
D: is FIXED (NTFS) - 2 GiB total, 1,841 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: PCI Device
Device ID: PCI\VEN_10EC&DEV_5229&SUBSYS_1885103C&REV_01\4&3002F3D5&0&00A8
Manufacturer:
Name: PCI Device
PNP Device ID: PCI\VEN_10EC&DEV_5229&SUBSYS_1885103C&REV_01\4&3002F3D5&0&00A8
Service:
.
Class GUID:
Description: Bluetooth Controller
Device ID: PCI\VEN_1814&DEV_3298&SUBSYS_18EC103C&REV_00\4&2457DF39&0&01AB
Manufacturer:
Name: Bluetooth Controller
PNP Device ID: PCI\VEN_1814&DEV_3298&SUBSYS_18EC103C&REV_00\4&2457DF39&0&01AB
Service:
.
Class GUID:
Description:
Device ID: ROOT\NET\0000
Manufacturer:
Name:
PNP Device ID: ROOT\NET\0000
Service:
.
Class GUID:
Description: SM Bus Controller
Device ID: PCI\VEN_1022&DEV_780B&SUBSYS_1885103C&REV_14\3&2411E6FE&2&A0
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_1022&DEV_780B&SUBSYS_1885103C&REV_14\3&2411E6FE&2&A0
Service:
.
==== System Restore Points ===================
.
RP18: 14.11.2013 7:12:41 - Windows Update
RP19: 14.11.2013 10:43:55 - Windows Update
RP20: 15.11.2013 0:20:07 - Windows Update
RP21: 15.11.2013 20:29:05 - Windows Update
RP22: 18.11.2013 0:53:11 - Removed iTunes
RP23: 18.11.2013 0:57:31 - Removed Apple Application Support
RP24: 18.11.2013 1:07:46 - Installed iTunes
RP25: 18.11.2013 18:40:36 - Device Driver Package Install: TAP-Win32 Provider V9 Network adapters
RP26: 20.11.2013 4:23:32 - Windows Update
RP27: 22.11.2013 0:27:02 - Device Driver Package Install: TAP-Win32 Provider V9 Network adapters
RP29: 25.11.2013 0:51:26 - Installed Spyware Detector
RP30: 25.11.2013 2:38:05 - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVS Audio Editor 7.2
Bonjour
CloudReading
FlashFXP 4
Foxit Reader
Google Chrome
Google Update Helper
iTunes
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Mozilla Firefox 25.0.1 (x86 en-US)
Mozilla Maintenance Service
Mp3tag v2.58
Notepad++
Private Internet Access Support Files
QuickTime
Ralink RT3290 802.11bgn Wi-Fi Adapter
Realtek Ethernet Controller Driver
Rootkit Unhooker Uninstall
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Skype™ 6.10
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
WinPcap 4.1.2
WinRAR 4.11 (32-bit)
WM Recorder
Xilisoft Video Converter Ultimate
.
==== Event Viewer Messages From Past Week ========
.
25.11.2013 3:17:37, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
25.11.2013 1:33:03, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
25.11.2013 1:33:02, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
25.11.2013 1:33:02, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
25.11.2013 1:32:59, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
25.11.2013 1:32:59, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
25.11.2013 1:32:56, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
25.11.2013 1:32:36, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
25.11.2013 1:32:33, Error: Service Control Manager [7001]  - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
25.11.2013 1:32:33, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
25.11.2013 1:32:33, Error: Service Control Manager [7001]  - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
25.11.2013 1:32:33, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
25.11.2013 1:32:29, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
25.11.2013 1:32:29, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
25.11.2013 1:32:29, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
25.11.2013 1:32:29, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
25.11.2013 1:01:35, Error: Service Control Manager [7034]  - The MaxWatchDogService service terminated unexpectedly.  It has done this 1 time(s).
25.11.2013 1:01:35, Error: Service Control Manager [7034]  - The MaxMerger service terminated unexpectedly.  It has done this 1 time(s).
25.11.2013 0:55:20, Error: Service Control Manager [7030]  - The MaxKidoFix service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
24.11.2013 16:55:56, Error: Service Control Manager [7001]  - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
24.11.2013 16:23:50, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
23.11.2013 22:26:09, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
22.11.2013 11:53:21, Error: Service Control Manager [7034]  - The Diagnostic System Host service terminated unexpectedly.  It has done this 1 time(s).
22.11.2013 11:53:21, Error: Service Control Manager [7031]  - The WLAN AutoConfig service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
22.11.2013 11:53:21, Error: Service Control Manager [7031]  - The Windows Audio Endpoint Builder service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
22.11.2013 11:53:21, Error: Service Control Manager [7031]  - The Superfetch service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
22.11.2013 11:53:21, Error: Service Control Manager [7031]  - The Program Compatibility Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
22.11.2013 11:53:21, Error: Service Control Manager [7031]  - The Offline Files service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
22.11.2013 11:53:21, Error: Service Control Manager [7031]  - The Network Connections service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
22.11.2013 11:53:21, Error: Service Control Manager [7031]  - The Distributed Link Tracking Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
22.11.2013 0:26:49, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Installer service, but this action failed with the following error:  An instance of the service is already running.
22.11.2013 0:24:49, Error: Service Control Manager [7031]  - The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
.
==== End Of File ===========================
 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Enterprise x86
Ran by Klais on E 25.11.2013 at  4:23:27,85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\taskhost_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\taskhost_RASMANCS



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on E 25.11.2013 at  4:31:01,17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Malwarebytes didnt get any infections... i have updated it and set admin password for it.

 

Any help would be welcome here.

[Psychotic]

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

• First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
• Perform everything in the correct order. Sometimes one step requires the previous one.
• If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
• Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
• Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
• Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
• My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

• Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
• In the right panel, you will see several boxes that have been checked. Uncheck the following ...
  
  • Sections
  • IAT/EAT
  • Show All ( should be unchecked by default )
    

  [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.
  

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

[Eli211]

Hi!

 

I made two scans. First one (ark.txt) was fast scan.

Second ond ark2.txt was full scan what included disks: C & D

 

ark.txt:

 

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-11-25 19:51:15
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BPVT-60JJ5T0 rev.01.01A01 298,09GB
Running: 2ejji1lc.exe; Driver: C:\Users\Klais\AppData\Local\Temp\kgloqpod.sys


---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0  Wdf01000.sys
AttachedDevice  \FileSystem\fastfat \Fat                 fltmgr.sys

---- EOF - GMER 2.1 ----
 

 

ark2.txt:

 

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-11-25 20:24:27
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BPVT-60JJ5T0 rev.01.01A01 298,09GB
Running: 2ejji1lc.exe; Driver: C:\Users\Klais\AppData\Local\Temp\kgloqpod.sys


---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                 Wdf01000.sys
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{FFD9DA60-4BB2-11E3-A813-806E6F6E6963}  469701760

---- EOF - GMER 2.1 ----
 

[Psychotic]

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!

• Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
• Run Combofix.exe
  

When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

[Eli211]

ComboFix 13-11-23.02 - Klais 26.11.2013  18:13:04.2.2 - x86
Microsoft Windows 7 Enterprise   6.1.7601.1.1257.372.1033.18.1640.1031 [GMT 2:00]
Running from: c:\users\Klais\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Klais\AppData\Roaming\Bc
c:\windows\XSxS
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-26 to 2013-11-26  )))))))))))))))))))))))))))))))
.
.
2013-11-26 16:22 . 2013-11-26 16:22    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-11-26 13:29 . 2013-11-17 23:28    7772552    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{B30A0E37-9CA8-44CF-B201-06A5DDBD099F}\mpengine.dll
2013-11-25 21:42 . 2013-11-25 21:42    --------    d-----w-    c:\program files\Xenocode
2013-11-25 21:29 . 2013-11-25 21:29    --------    d-----w-    c:\program files\Common Files\InstallShield
2013-11-25 15:37 . 2013-11-25 15:37    --------    d-----w-    c:\program files\Common Files\Aimersoft
2013-11-25 15:37 . 2013-01-15 12:41    892928    ----a-w-    c:\windows\system32\iconv.dll
2013-11-25 15:37 . 2013-01-15 12:41    675840    ----a-w-    c:\windows\system32\ac3filter.ax
2013-11-25 15:37 . 2013-01-15 12:41    496640    ----a-w-    c:\windows\system32\xvid.ax
2013-11-25 15:37 . 2013-01-25 15:44    27496    ----a-w-    c:\windows\system32\drivers\VirtualAudio5.sys
2013-11-25 15:37 . 2013-01-25 15:44    27496    ----a-w-    c:\windows\system32\drivers\VirtualAudio4.sys
2013-11-25 15:37 . 2013-01-25 15:44    27496    ----a-w-    c:\windows\system32\drivers\VirtualAudio3.sys
2013-11-25 15:37 . 2013-01-25 15:44    27496    ----a-w-    c:\windows\system32\drivers\VirtualAudio2.sys
2013-11-25 15:37 . 2013-01-25 15:44    27496    ----a-w-    c:\windows\system32\drivers\VirtualAudio1.sys
2013-11-25 06:23 . 2013-11-25 06:28    --------    d-----w-    c:\program files\HitmanPro
2013-11-25 06:22 . 2013-11-25 06:28    --------    d-----w-    c:\programdata\HitmanPro
2013-11-25 02:41 . 2013-11-25 03:39    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-11-25 02:40 . 2013-11-25 03:21    75992    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-11-25 02:23 . 2013-11-25 02:23    --------    d-----w-    c:\windows\ERUNT
2013-11-25 01:39 . 2013-11-25 01:56    24448    ----a-w-    c:\windows\system32\drivers\rkhdrv40.sys
2013-11-21 22:26 . 2013-11-25 10:32    --------    d-----w-    c:\program files\pia_manager
2013-11-17 23:10 . 2012-08-21 11:01    26840    ----a-w-    c:\windows\system32\drivers\GEARAspiWDM.sys
2013-11-17 23:09 . 2013-11-17 23:09    --------    d-----w-    c:\program files\iPod
2013-11-17 23:09 . 2013-11-17 23:09    --------    d-----w-    c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-17 23:09 . 2013-11-17 23:09    --------    d-----w-    c:\program files\iTunes
2013-11-17 23:06 . 2013-11-17 23:09    --------    d-----w-    c:\program files\Common Files\Apple
2013-11-16 00:17 . 2013-11-16 00:17    --------    d-----w-    c:\programdata\Malwarebytes
2013-11-16 00:17 . 2013-04-04 12:50    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-11-16 00:17 . 2013-11-16 00:17    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-11-15 18:30 . 2013-11-15 18:30    --------    d-----w-    c:\program files\Synaptics
2013-11-15 12:55 . 2013-11-15 12:55    --------    d-----w-    c:\program files\Foxit Software
2013-11-14 20:28 . 2013-09-04 01:15    258560    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2013-11-14 20:28 . 2013-09-04 01:14    76288    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2013-11-14 20:28 . 2013-09-04 01:14    284672    ----a-w-    c:\windows\system32\drivers\usbport.sys
2013-11-14 20:28 . 2013-09-04 01:14    43008    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2013-11-14 20:28 . 2013-09-04 01:14    20480    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2013-11-14 20:28 . 2013-09-04 01:14    24064    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2013-11-14 20:28 . 2013-09-04 01:14    6016    ----a-w-    c:\windows\system32\drivers\usbd.sys
2013-11-14 11:15 . 2013-11-14 11:15    --------    d-----w-    c:\program files\Common Files\Skype
2013-11-14 05:21 . 2013-07-03 03:36    55808    ----a-w-    c:\windows\system32\drivers\hidclass.sys
2013-11-14 05:21 . 2013-07-03 03:36    25728    ----a-w-    c:\windows\system32\drivers\hidparse.sys
2013-11-14 05:21 . 2012-02-11 05:37    317440    ----a-w-    c:\windows\system32\spoolsv.exe
2013-11-14 05:20 . 2013-02-12 03:32    15872    ----a-w-    c:\windows\system32\drivers\usb8023.sys
2013-11-14 05:20 . 2012-11-02 05:11    376832    ----a-w-    c:\windows\system32\dpnet.dll
2013-11-14 05:20 . 2013-01-24 04:47    196328    ----a-w-    c:\windows\system32\drivers\fvevol.sys
2013-11-14 05:19 . 2013-09-25 02:01    136640    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2013-11-14 05:19 . 2013-09-25 02:01    67520    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2013-11-14 05:19 . 2013-09-25 01:57    247808    ----a-w-    c:\windows\system32\schannel.dll
2013-11-14 05:19 . 2013-09-25 01:56    1038848    ----a-w-    c:\windows\system32\lsasrv.dll
2013-11-14 05:19 . 2013-07-04 12:16    369848    ----a-w-    c:\windows\system32\drivers\cng.sys
2013-11-14 05:19 . 2013-09-25 01:57    99840    ----a-w-    c:\windows\system32\sspicli.dll
2013-11-14 05:19 . 2013-09-25 01:57    22016    ----a-w-    c:\windows\system32\secur32.dll
2013-11-14 05:19 . 2013-09-25 01:56    220160    ----a-w-    c:\windows\system32\ncrypt.dll
2013-11-14 05:19 . 2013-09-25 00:49    22016    ----a-w-    c:\windows\system32\lsass.exe
2013-11-14 05:19 . 2013-09-25 00:49    15872    ----a-w-    c:\windows\system32\sspisrv.dll
2013-11-14 05:19 . 2013-04-17 07:02    1230336    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2013-11-14 05:18 . 2013-10-05 19:57    1168384    ----a-w-    c:\windows\system32\crypt32.dll
2013-11-14 05:18 . 2013-07-19 01:41    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-11-14 05:17 . 2013-07-12 10:08    146816    ----a-w-    c:\windows\system32\drivers\usbvideo.sys
2013-11-14 05:17 . 2013-07-12 10:07    86016    ----a-w-    c:\windows\system32\drivers\usbcir.sys
2013-11-14 05:13 . 2013-11-14 05:13    --------    d-----w-    c:\windows\system32\Wat
2013-11-13 06:04 . 2013-11-14 11:15    --------    d-----r-    c:\program files\Skype
2013-11-13 06:03 . 2013-11-14 11:16    --------    d-----w-    c:\programdata\Skype
2013-11-13 03:18 . 2013-11-15 17:46    --------    d-----w-    c:\program files\Notepad++
2013-11-13 00:33 . 2010-02-11 07:10    293376    ----a-w-    c:\windows\system32\browserchoice.exe
2013-11-12 22:12 . 2013-11-12 22:12    --------    d-----w-    c:\programdata\AVS4YOU
2013-11-12 21:49 . 2013-04-09 23:34    1247744    ----a-w-    c:\windows\system32\DWrite.dll
2013-11-12 20:48 . 2013-11-25 21:22    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-11-12 20:48 . 2013-11-25 21:22    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-11-12 20:48 . 2013-11-25 21:22    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-11-12 20:48 . 2013-11-25 21:22    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-11-12 20:48 . 2013-11-25 21:22    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-11-12 20:47 . 2013-11-25 21:21    --------    d-----w-    c:\program files\QuickTime
2013-11-12 20:37 . 2013-11-17 23:10    --------    dc----w-    c:\windows\system32\DRVSTORE
2013-11-12 20:36 . 2013-11-12 20:36    --------    d-----w-    c:\programdata\Apple Computer
2013-11-12 20:34 . 2013-11-12 20:34    --------    d-----w-    c:\program files\Apple Software Update
2013-11-12 20:34 . 2012-07-26 03:39    47720    ----a-w-    c:\windows\system32\drivers\WdfLdr.sys
2013-11-12 20:34 . 2012-07-26 02:46    9728    ----a-w-    c:\windows\system32\Wdfres.dll
2013-11-12 20:33 . 2013-11-12 20:33    --------    d-----w-    c:\program files\Bonjour
2013-11-12 20:32 . 2013-11-12 20:34    --------    d-----w-    c:\programdata\Apple
2013-11-12 20:30 . 2012-07-26 02:33    66560    ----a-w-    c:\windows\system32\drivers\WUDFPf.sys
2013-11-12 20:30 . 2012-07-26 02:32    155136    ----a-w-    c:\windows\system32\drivers\WUDFRd.sys
2013-11-12 20:30 . 2012-07-26 03:20    73216    ----a-w-    c:\windows\system32\WUDFSvc.dll
2013-11-12 20:30 . 2012-07-26 03:20    172032    ----a-w-    c:\windows\system32\WUDFPlatform.dll
2013-11-12 20:30 . 2012-07-26 03:20    38912    ----a-w-    c:\windows\system32\WUDFCoinstaller.dll
2013-11-12 20:29 . 2012-07-26 03:21    196608    ----a-w-    c:\windows\system32\WUDFHost.exe
2013-11-12 20:29 . 2012-07-26 03:20    613888    ----a-w-    c:\windows\system32\WUDFx.dll
2013-11-12 20:23 . 2013-11-19 00:47    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-12 20:23 . 2013-11-19 00:47    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-11-12 20:23 . 2013-11-12 20:23    --------    d-----w-    c:\windows\system32\Macromed
2013-11-12 19:58 . 2013-11-12 19:58    49152    ----a-w-    c:\windows\system32\taskhost.exe
2013-11-12 19:51 . 2013-11-12 19:53    --------    d-----w-    c:\windows\system32\MRT
2013-11-12 19:46 . 2012-12-07 12:26    308736    ----a-w-    c:\windows\system32\Wpc.dll
2013-11-12 19:45 . 2013-01-03 05:04    187752    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
2013-11-12 19:45 . 2012-08-22 17:16    240496    ----a-w-    c:\windows\system32\drivers\netio.sys
2013-11-12 19:45 . 2012-10-03 16:42    52224    ----a-w-    c:\windows\system32\nlaapi.dll
2013-11-12 19:45 . 2012-10-03 16:42    242176    ----a-w-    c:\windows\system32\nlasvc.dll
2013-11-12 19:45 . 2012-10-03 16:42    18944    ----a-w-    c:\windows\system32\netevent.dll
2013-11-12 19:45 . 2012-10-03 16:42    175104    ----a-w-    c:\windows\system32\netcorehc.dll
2013-11-12 19:45 . 2012-10-03 16:42    156672    ----a-w-    c:\windows\system32\ncsi.dll
2013-11-12 19:45 . 2012-10-03 16:40    499712    ----a-w-    c:\windows\system32\iphlpsvc.dll
2013-11-12 19:45 . 2012-10-03 15:21    35328    ----a-w-    c:\windows\system32\drivers\tcpipreg.sys
2013-11-12 19:45 . 2013-07-25 08:57    1620992    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-11-12 19:45 . 2012-05-01 04:44    164352    ----a-w-    c:\windows\system32\profsvc.dll
2013-11-12 19:43 . 2013-07-09 04:52    175104    ----a-w-    c:\windows\system32\wintrust.dll
2013-11-12 19:43 . 2013-07-09 04:46    140288    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-11-12 19:43 . 2013-07-09 04:46    103936    ----a-w-    c:\windows\system32\cryptnet.dll
2013-11-12 19:43 . 2013-04-12 13:45    1211752    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-11-12 19:41 . 2012-04-07 11:26    2342400    ----a-w-    c:\windows\system32\msi.dll
2013-11-12 19:40 . 2012-05-14 04:33    769024    ----a-w-    c:\windows\system32\localspl.dll
2013-11-12 19:34 . 2013-11-12 19:34    26624    ----a-w-    c:\windows\system32\drivers\tap0901.sys
2013-11-12 19:32 . 2012-10-09 17:40    44032    ----a-w-    c:\windows\system32\dhcpcsvc6.dll
2013-11-12 19:32 . 2012-10-09 17:40    193536    ----a-w-    c:\windows\system32\dhcpcore6.dll
2013-11-12 18:14 . 2013-11-12 18:15    --------    d-----w-    c:\program files\Mp3tag
2013-11-12 18:12 . 2013-02-27 05:05    101720    ----a-w-    c:\windows\system32\consent.exe
2013-11-12 18:12 . 2013-02-27 04:49    47104    ----a-w-    c:\windows\system32\appinfo.dll
2013-11-12 17:55 . 2013-11-12 17:55    --------    d-----w-    c:\program files\Google
2013-11-12 17:54 . 2013-11-25 10:32    --------    d-----w-    c:\program files\Mozilla Maintenance Service
2013-11-12 17:01 . 2013-11-12 17:01    --------    d-----w-    c:\programdata\Xilisoft
2013-11-12 17:01 . 2013-11-12 17:01    --------    d-----w-    c:\program files\Xilisoft
2013-11-12 16:57 . 2013-11-12 16:57    --------    d-----w-    c:\program files\WinPcap
2013-11-12 16:52 . 2013-11-26 14:37    --------    d-----w-    c:\program files\WMR14
2013-11-12 16:51 . 2013-11-13 17:57    --------    d-----w-    c:\program files\FlashFXP 4
2013-11-12 16:51 . 2013-11-12 16:51    --------    d-----w-    c:\programdata\regid.2000-02.com.flashfxp
2013-11-12 16:51 . 2013-11-12 16:51    --------    d-----w-    c:\programdata\FlashFXP
2013-11-12 16:51 . 2013-11-12 16:51    --------    dc-h--w-    c:\programdata\{777DE26B-15BF-40A0-9281-1AFE590584B6}
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-11 03:50 . 2012-04-07 15:34    230048    ------w-    c:\windows\system32\MpSigStub.exe
2013-05-08 08:00 . 2013-05-08 08:00    2174976    ----a-w-    c:\program files\Common Files\atimpenc.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-01 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-09-13 17:51    59720    ----a-w-    c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 rkhdrv40;Rootkit Unhooker Driver; [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-11-17 87968]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2012-07-05 1590880]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-14 22:05    1210320    ----a-w-    c:\program files\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-12 00:47]
.
2013-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-11-12 17:55]
.
2013-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-11-12 17:55]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Klais\AppData\Roaming\Mozilla\Firefox\Profiles\vfwmnzg9.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Aimersoft Helper Compact.exe - c:\program files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-26  18:25:10
ComboFix-quarantined-files.txt  2013-11-26 16:25
ComboFix2.txt  2013-11-24 23:19
.
Pre-Run: 251 184 422 912 bytes free
Post-Run: 251 218 673 664 bytes free
.
- - End Of File - - 23E19C36061E695D9F022BA3FBC79D88
A36C5E4F47E84449FF07ED3517B43A31
 

[Psychotic]

Full System Scan with Malwarebytes Antimalware

• 
  If not existing, please download

Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If the program is already installed:

• Run Malwarebytes Antimalware
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please save it to a convenient location.
• The log can also be found here:
  C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
• Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
• Post that log back here.
  

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked
• Click on Advanced Settings and ensure these options are ticked:
  • Scan for potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

[Eli211]

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.27.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16736
Klais :: KLAIS-PC [administrator]

Protection: Enabled

27.11.2013 22:27:01
mbam-log-2013-11-27 (22-27-01).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 273511
Time elapsed: 47 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

 

ESET Online Scan didnt find anything.

[Psychotic]

System File Check

For Windows XP:

• Press the Windows- and the R-key simultanously.
• Within the text box that jus opened, write cmd and hit Enter.
  

For Windows Vista/7:

• Press the Windows key to open the start menu.
• Don´t highlight anything, just write cmd.
• The start menu will offer you an entry named cmd.
• Right click it and select "run as administrator"
  

Within the opening window, write the following:

sfc /scannow

(See the blank within).

• Hit enter. Your system will be checked for damaged system files.
• Tell me the result of that scan in here (as the tool produces no log).
  

[Eli211]

Microsoft Windows [Version 6.1.7601]
Copyright © 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\system32>sfc /scannow

Beginning system scan.  This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.

Windows Resource Protection did not find any integrity violations.

C:\Windows\system32>

 

Maybe somebody has installed something as an hardware or made the infection via wi-fi rooter? i have turned the wi-Fi option down, so its disabled, but i have really big feeling, somebody has visited my home without my knowledge.

[Psychotic]

There are no signs of an infection on this computer.

The rootkit scanners we ran during the process worked fine and didn´t show up anything.

 

Rootkit scanners work deeply within the system and may cause it to crash - if one of them fails to run this is no evidence of being infected.

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.

• Run adwcleaner.exe
• Hit Scan and wait for the scan to finish.
• Confirm the message but don´t uncheck anything.
• Hit Clean
• When the run is finished, it will open up a text file
• Please post its contents within your next reply
• You´ll find the log file at C:\AdwCleaner[s1].txt also
  

SecurityCheck

Please download SecurityCheck: LINK1 LINK2

• Save it to your desktop, start it and follow the instructions in the window.
• After the scan finished the (checkup.txt) will open. Copy its content to your thread.
  

[Eli211]

# AdwCleaner v3.014 - Report created 02/12/2013 at 18:31:19
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Enterprise Service Pack 1 (32 bits)
# Username : Klais - KLAIS-PC
# Running from : C:\!!!\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Klais\AppData\Roaming\Mozilla\Firefox\Profiles\1qwi3sz8.default\prefs.js ]


-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\Klais\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R1].txt - [1212 octets] - [02/12/2013 18:29:29]
AdwCleaner[s1].txt - [1143 octets] - [02/12/2013 18:31:19]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1203 octets] ##########
 

 

 Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Rootkit Unhooker Uninstall   
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Adobe Flash Player     11.9.900.152  
 Mozilla Firefox (25.0.1)
 Google Chrome 31.0.1650.48  
 Google Chrome 31.0.1650.57  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
 

Everything seems ok?

[Eli211]

Where those four viruses/malware?

 

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

[Psychotic]

No, they were just remainings of some minor advertising platforms.

 

 

Your computer is free of malware!

 

 

Internet Explorer out of date

Your version of Internet Explorer is outdated.

1. Please download IE 10 from http://windows.microsoft.com/en-US/internet-explorer/downloads/ie-10/worldwide-languages
2. Save it to your desktop.
3. Double click on the file on your desktop to start the installation process.
4. Reboot
   

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
3. In any case please download delfix to your desktop.
   
   • Close all other programms and start delfix.
   • Please check all the boxes and run the tool.
   • delfix will now delete all found traces of our removal process
     

[*] If there is still something left please delete it manualy.

 

 

 

Recommendations: How to protect yourself

• System Updates
  Please ensure to have automatic updates activated in your control panel.
  For further information and a tutorial, see this Microsoft Support article.
• Protection
  What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
  Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
  
  • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
    It will filter unwanted advertising out of the website´s content.
  • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
    It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
    In addition, before accessing a dangerous classified web site, a warning screen is displayed.
    

  
  [*]Up to date Software
  Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:
  

  • Secunia Personal Software Inspector - checks if your software has updates available.
  • SecurityCheck (by screen317) - scans your computer for most vulnerable outdated software.
  • Mozilla: Check your plugins - The webpage will tell you if you have outdated plugins running in your Firefox browser.
    

  [*]Backup
  Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system. [*]Behaviour
  The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
  

  • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
  • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
  • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
    They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
    

  
  
  

[Eli211]

thanks a lot for your help. I have now installed avast too, i hope everything goes well from now on.

[Maurice Naggar]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.