TROJAN.RANSOM

[elisabeth77]

tried safe mode too! nothing .

some crash reports only is all i 've got.

ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows Vista SP2
Exception Code: 0xc0000005
Exception Address: 0x004bed8c
Attempt to write to address: 0x00000000


ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows Vista SP2
Exception Code: 0xc0000005
Exception Address: 0x77377267
Attempt to read from address: 0xfffffff9


ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows Vista SP2
Exception Code: 0xc0000005
Exception Address: 0x0040ab12
Attempt to write to address: 0x00000004

thanks again!!!

i 'll be patiently waiting for your reply!!!

[SuperDave]

Ok, let's try this one.

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
• Click on the Log tab.
• In the Write to log box select the following items.
• Process << Selected
  
• Kernel Modules << Selected
  
• SSDT << Selected
  
• Kernel Hooks << Selected
  
• IRP Hooks << NOT Selected
  
• Ports << NOT Selected
  
• Hidden Files << Selected
  
• At the bottom of the page
• Hidden Objects Only << Selected
  
• Click on the Create Log button on the bottom right.
• After a few seconds a new window should appear.
• Select Scan Root Drive. Click on the Start button.
• When it is complete a new window will appear to indicate that the scan is finished.
• The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

[elisabeth77]

super dave failed to start service syspot antirootkit needs to be run with admin priviliges!

[elisabeth77]

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys
Service Name: ---
Module Base: 8D676000
Module End: 8D681000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: 8D681000
Module End: 8D689000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwCreateSection
Address: 8A3657DE
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwRequestWaitReplyPort
Address: 8A3657E8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetContextThread
Address: 8A3657E3
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetSecurityObject
Address: 8A3657ED
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSystemDebugControl
Address: 8A3657F2
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateProcess
Address: 8D35D640
Driver Base: 8D353000
Driver End: 8D375000
Driver Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

Object: C:\Users\Dimitris\AppData\Roaming\SecuROM\UserData\χ?πρ??
Status: Hidden

Object: C:\Users\Dimitris\AppData\Roaming\SecuROM\UserData\χ?πρ??
Status: Hidden

Object: C:\Users\Dimitris\Desktop\ΣΟΦΙΑ\?anaooUoaeo Aei?ecoco-1.doc
Status: Hidden

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied

[elisabeth77]

dear dave!

what should we do next?

thanks for your big help!!!

elisabeth!!!

[SuperDave]

Please give me an update on how your computer is running.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[elisabeth77]

super Dave,

my pc run much better , the internet is faster and doesn't stuck all the time

[elisabeth77]

Dear Dave eventually,

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=71aa893efe25c04f892814b685722d93
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-08 12:03:41
# local_time=2012-03-08 02:03:41 )
# country="Greece"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=1792 16777175 100 0 80501 80501 0 0
# compatibility_mode=5892 16776573 100 100 245490 168734441 0 0
# compatibility_mode=8192 67108863 100 0 144 144 0 0
# scanned=150751
# found=2
# cleaned=0
# scan_time=6508
C:\ProgramData\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar33.zip   Win32/Bagle.gen.zip worm (unable to clean)   00000000000000000000000000000000   I
C:\ProgramData\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar91.zip   Win32/Bagle.gen.zip worm (unable to clean)   00000000000000000000000000000000   I
# version=7
# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=71aa893efe25c04f892814b685722d93
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-12 02:51:23
# local_time=2012-03-12 04:51:23 )
# country="Greece"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=1792 16777175 100 0 434372 434372 0 0
# compatibility_mode=5892 16776573 100 100 599361 169088312 0 0
# compatibility_mode=8192 67108863 100 0 354015 354015 0 0
# scanned=128954
# found=1
# cleaned=0
# scan_time=8311
${Memory}   a variant of Win32/Spy.Zbot.AAN trojan   00000000000000000000000000000000   I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=71aa893efe25c04f892814b685722d93
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-13 12:08:31
# local_time=2012-03-13 02:08:31 )
# country="Greece"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=1792 16777175 100 0 517360 517360 0 0
# compatibility_mode=5892 16776573 100 100 86396 169171300 0 0
# compatibility_mode=8192 67108863 100 0 437003 437003 0 0
# scanned=37555
# found=0
# cleaned=0
# scan_time=1952
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=71aa893efe25c04f892814b685722d93
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-14 06:13:06
# local_time=2012-09-14 09:13:06 )
# country="Greece"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 16477017 16477017 0 0
# compatibility_mode=5892 16776574 100 100 244209 185127357 0 0
# compatibility_mode=8192 67108863 100 0 16396660 16396660 0 0
# scanned=172081
# found=3
# cleaned=3
# scan_time=8556
C:\Users\Dimitris\AppData\Local\Mozilla\Firefox\Profiles\sdhpvdui.default\Cache\B\FD\1C0A1d01   HTML/Iframe.B.Gen virus (deleted - quarantined)   00000000000000000000000000000000   C
C:\Users\Dimitris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\189fd7d2-1cd1a852   multiple threats (deleted - quarantined)   00000000000000000000000000000000   C
C:\Users\Dimitris\Downloads\SpywareCease_Setup.exe   multiple threats (cleaned by deleting - quarantined)   00000000000000000000000000000000   C

[elisabeth77]

dear Dave,

i 'm really sorry but i skiped by mistake the step of exporting the list of threats found. is there somehing we can do?or doen't matter anymore?

[SuperDave]

dear Dave,

i 'm really sorry but i skiped by mistake the step of exporting the list of threats found. is there somehing we can do?or doen't matter anymore?

That's ok. How's your computer running now?

[elisabeth77]

I don't have problem running any of my pc programmes.
th problem i had with the pc was the slow internet and that stucked all the time and needed reboot.

now, the internet is faster and doesn't stuck all the time(i reboot once a day).it sometimes stucks for 1-2 seconds , and after it works fine. But this, may be caused by the internet connection. how can i assure that?

i also wanted to ask you , where i can download free and safe screensaver (because now i don't have one) and i need your advice about my antivirus Avira free edition .what should i have on my pc to prevent or to eliminate other future threats?

sorry, for my wearing questions!!!

Thanks again!!

i 'll be waitning for your directions!!!

[SuperDave]

But this, may be caused by the internet connection. how can i assure that?

We can take a look at this by running this tool

Please download MiniToolBox to Desktop and run it.



Checkmark the following boxes:

• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• List content of Hosts
• List IP Configuration
• Lst Last 10 Event Viewer Errors
• List Users, Partitions and Memory Size
[/b]

Click Go and copy/paste the log (Result.txt) into your next post.
************************************************************

i also wanted to ask you , where i can download free and safe screensaver (because now i don't have one) and i need your advice about my antivirus Avira free edition .what should i have on my pc to prevent or to eliminate other future threats?

You can take a look in this site. Everything there is trustworthy.

[elisabeth77]

Dear Dave ,

the results of minitoolbox!

MiniToolBox by Farbar  Version: 23-07-2012
Ran by Dimitris (administrator) on 15-09-2012 at 23:40:42
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

�ηŸ£ ©ž §˜¨˜£β«¨ΰ¤ IP «ΰ¤ Windows

�⫬®œ ž œ΅΅˜Ÿα¨ ©ž «ž £¤γ£ž cache €¤αΆ¬©ž DNS.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

VIA Rhine II compatible adapter Fast Ethernet = local connection (Connected)


# ----------------------------------
# �ηŸ£ ©ž §˜¨˜£β«¨ΰ¤ IPv4
# ----------------------------------
pushd interface ipv4

reset
set global dhcpmediasense=disabled


popd
# ’βΆ¦ ¨ηŸ£ ©ž §˜¨˜£β«¨ΰ¤ IPv4



�ηŸ£ ©ž §˜¨˜£β«¨ΰ¤ IP «ΰ¤ Windows

   ξ¤¦£˜ ΅œ¤«¨΅¦η ¬§¦Ά¦š ©«γ . . . . : Dimitris-PC
   „§εŸž£˜ ΅η¨ ¦¬ DNS  . . . . . . . :
   ’秦 ΅ζ£™¦¬. . . . . . . . . . . : “™¨ › ΅ζ
   „¤œ¨š¦§¦εž©ž ›¨¦£¦Άζšž©ž IP. . . : ξ® 
   „¤œ¨š¦§¦εž©ž £œ©¦Άα™ž©ž WINS . . : ξ® 
   Šε©«˜ ˜¤˜�γ«ž©ž œ§ Ÿž£α«ΰ¤ DNS . : lan

�¨¦©˜¨£¦šβ˜ Ethernet ’¦§ ΅γ ©η¤›œ©ž:

   „§εŸž£˜ DNS ©¬š΅œ΅¨ £β¤ž ©η¤›œ©ž: lan
   �œ¨ š¨˜­γ . . . . . . . . . . . . : VIA Rhine II ©¬£™˜«ζ §¨¦©˜¨£¦šβ˜ Fast Ethernet
   ”¬© ΅γ › œηŸ¬¤©ž. . . . . . . . . : 00-19-DB-40-52-18
   „¤œ¨š¦§¦εž©ž DHCP. . . . . . . .  : Œ˜ 
   €¬«ζ£˜«ž ¨ηŸ£ ©ž œ¤œ¨šγ . . . . . : Œ˜ 
   ƒ œηŸ¬¤©ž IPv6 «¦§ ΅γ ©η¤›œ©ž . : fe80::5b:e83f:bb36:f46%8(�¨¦« £ι£œ¤¦)
   ƒ œηŸ¬¤©ž IPv4. . . . . . . . . . : 192.168.1.64(�¨¦« £ι£œ¤¦)
   ‹α©΅˜ ¬§¦› ΅«η¦¬. . . . . . . . . : 255.255.255.0
   λ¤˜¨¥ž œ΅£ε©Ÿΰ©ž. . . . . . . .  : ‘α™™˜«¦, 15 ‘œ§«œ£™¨ε¦¬ 2012 10:57:41 ££
   Šγ¥ž œ΅£ε©Ÿΰ©ž . . . . . . . . . : ‰¬¨ ˜΅γ, 16 ‘œ§«œ£™¨ε¦¬ 2012 10:57:41 ££
   �¨¦œ§ Άœš£β¤ž §ηΆž . . . . . . .  : 192.168.1.254
   ƒ ˜΅¦£ ©«γ DHCP . . . . . . . .  : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 201333211
   DUID ¬§¦Ά¦š ©«γ-§œΆα«ž DHCPv6 . . : 00-01-00-01-11-FB-5A-5E-00-19-DB-40-52-18
   ƒ ˜΅¦£ ©«β DNS . . . . . . . . . : 192.168.1.254
   NetBIOS ©œ Tcpip. . . . . . . . . : „¤œ¨š¦§¦ ž£β¤¦

�¨¦©˜¨£¦šβ˜ › ¦®β«œ¬©ž ‘礛œ©ž «¦§ ΅¦η › ΅«η¦¬*:

   ‰˜«α©«˜©ž £β©¦¬ . . . . . . . . . : λ®œ  ˜§¦©¬¤›œŸœε
   „§εŸž£˜ DNS ©¬š΅œ΅¨ £β¤ž ©η¤›œ©ž: lan
   �œ¨ š¨˜­γ . . . . . . . . . . . . : �¨¦©˜¨£¦šβ˜ Microsoft ISATAP
   ”¬© ΅γ › œηŸ¬¤©ž. . . . . . . . . : 00-00-00-00-00-00-00-E0
   „¤œ¨š¦§¦εž©ž DHCP. . . . . . .. . : ξ® 
   €¬«ζ£˜«ž ¨ηŸ£ ©ž œ¤œ¨šγ . . . . . : Œ˜ 

�¨¦©˜¨£¦šβ˜ › ¦®β«œ¬©ž ‘礛œ©ž «¦§ ΅¦η › ΅«η¦¬* 6:

   „§εŸž£˜ DNS ©¬š΅œ΅¨ £β¤ž ©η¤›œ©ž:
   �œ¨ š¨˜­γ . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   ”¬© ΅γ › œηŸ¬¤©ž. . . . . . . . . : 02-00-54-55-4E-01
   „¤œ¨š¦§¦εž©ž DHCP. . . . . . .. . : ξ® 
   €¬«ζ£˜«ž ¨ηŸ£ ©ž œ¤œ¨šγ . . . . . : Œ˜ 
   ƒ œηŸ¬¤©ž IPv6. . . . . . . . . . : 2001:0:5ef5:79fd:8d2:22f0:d109:1320(�¨¦« £ι£œ¤¦)
   ƒ œηŸ¬¤©ž IPv6 «¦§ ΅γ ©η¤›œ©ž . : fe80::8d2:22f0:d109:1320%9(�¨¦« £ι£œ¤¦)
   �¨¦œ§ Άœš£β¤ž §ηΆž . . . . . . .  : ::
   NetBIOS ©œ Tcpip. . . . . . . . . : €§œ¤œ¨š¦§¦ ž£β¤¦
servers:  dsldevice.lan
Address:  192.168.1.254

DNS request timed out.
    timeout was 2 seconds.
name:   google.com
Address:  2a00:1450:4001:c01::65



„΅«œΆœε«˜  ž Άœ «¦¬¨šε˜ Ping ©«¦ google.com [209.85.148.138] £œ 32 byte ›œ›¦£β¤ΰ¤:

€§α¤«ž©ž ˜§ζ: 209.85.148.138: bytes=32 ®¨ζ¤¦=84ms TTL=57

€§α¤«ž©ž ˜§ζ: 209.85.148.138: bytes=32 ®¨ζ¤¦=83ms TTL=57



‘«˜« ©« ΅α ©«¦ ®œε˜ Ping š ˜ 209.85.148.138:

    �˜΅β«˜: €§œ©«˜Ά£β¤˜ = 2, Šž­Ÿβ¤«˜ = 2, €§¦Άœ©Ÿβ¤«˜ = 0 (˜§ιΆœ ˜ 0%),

�ΆγŸ¦ › ˜›¨¦£ι¤ ˜§¦©«¦Άγ ΅˜  œ§ ©«¨¦­γ ΅˜«α §¨¦©βšš ©ž ©œ ® Ά ¦©«α «¦¬

›œ¬«œ¨¦Άβ§«¦¬:

    „Άα® ©«¦ = 83ms, ‹βš ©«¦ = 84ms, ‹β©¦ 樦 = 83ms

servers:  dsldevice.lan
Address:  192.168.1.254

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.


„΅«œΆœε«˜  ž Άœ «¦¬¨šε˜ Ping ©«¦ yahoo.com [72.30.38.140] £œ 32 byte ›œ›¦£β¤ΰ¤:

€§α¤«ž©ž ˜§ζ: 72.30.38.140: bytes=32 ®¨ζ¤¦=426ms TTL=53

€§α¤«ž©ž ˜§ζ: 72.30.38.140: bytes=32 ®¨ζ¤¦=263ms TTL=53



‘«˜« ©« ΅α ©«¦ ®œε˜ Ping š ˜ 72.30.38.140:

    �˜΅β«˜: €§œ©«˜Ά£β¤˜ = 2, Šž­Ÿβ¤«˜ = 2, €§¦Άœ©Ÿβ¤«˜ = 0 (˜§ιΆœ ˜ 0%),

�ΆγŸ¦ › ˜›¨¦£ι¤ ˜§¦©«¦Άγ ΅˜  œ§ ©«¨¦­γ ΅˜«α §¨¦©βšš ©ž ©œ ® Ά ¦©«α «¦¬

›œ¬«œ¨¦Άβ§«¦¬:

    „Άα® ©«¦ = 263ms, ‹βš ©«¦ = 426ms, ‹β©¦ 樦 = 344ms

servers:  dsldevice.lan
Address:  192.168.1.254

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.


„΅«œΆœε«˜  ž Άœ «¦¬¨šε˜ Ping ©«¦ bleepingcomputer.com [208.43.87.2] £œ 32 byte ›œ›¦£β¤ΰ¤:

€§α¤«ž©ž ˜§ζ: 208.43.87.2: ƒœ¤ œε¤˜  ›¬¤˜«γ ž §¨ζ©™˜©ž ©«¦¤ ΅œ¤«¨ ΅ζ ¬§¦Ά¦š ©«γ §¨¦¦¨ ©£¦η.

€§α¤«ž©ž ˜§ζ: 208.43.87.2: ƒœ¤ œε¤˜  ›¬¤˜«γ ž §¨ζ©™˜©ž ©«¦¤ ΅œ¤«¨ ΅ζ ¬§¦Ά¦š ©«γ §¨¦¦¨ ©£¦η.



‘«˜« ©« ΅α ©«¦ ®œε˜ Ping š ˜ 208.43.87.2:

    �˜΅β«˜: €§œ©«˜Ά£β¤˜ = 2, Šž­Ÿβ¤«˜ = 2, €§¦Άœ©Ÿβ¤«˜ = 0 (˜§ιΆœ ˜ 0%),



„΅«œΆœε«˜  ž Άœ «¦¬¨šε˜ Ping ©«¦ 127.0.0.1 £œ 32 byte ›œ›¦£β¤ΰ¤:

€§α¤«ž©ž ˜§ζ: 127.0.0.1: bytes=32 ®¨ζ¤¦<1ms TTL=128

€§α¤«ž©ž ˜§ζ: 127.0.0.1: bytes=32 ®¨ζ¤¦<1ms TTL=128



‘«˜« ©« ΅α ©«¦ ®œε˜ Ping š ˜ 127.0.0.1:

    �˜΅β«˜: €§œ©«˜Ά£β¤˜ = 2, Šž­Ÿβ¤«˜ = 2, €§¦Άœ©Ÿβ¤«˜ = 0 (˜§ιΆœ ˜ 0%),

�ΆγŸ¦ › ˜›¨¦£ι¤ ˜§¦©«¦Άγ ΅˜  œ§ ©«¨¦­γ ΅˜«α §¨¦©βšš ©ž ©œ ® Ά ¦©«α «¦¬

›œ¬«œ¨¦Άβ§«¦¬:

    „Άα® ©«¦ = 0ms, ‹βš ©«¦ = 0ms, ‹β©¦ 樦 = 0ms

===========================================================================
Šε©«˜ › ˜©¬¤›β©œΰ¤
  8 ...00 19 db 40 52 18 ...... VIA Rhine II   1 ........................... Software Loopback Interface 1
 13 ...00 00 00 00 00 00 00 e0    9 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 �ε¤˜΅˜ › ˜›¨¦£ι¤
===========================================================================
„¤œ¨šβ › ˜›¨¦£β:
ƒ œηŸ¬¤©ž › ΅«η¦¬    ‹α©΅˜ › ΅«η¦¬             �ηΆž      ƒ ˜©η¤›œ©ž   ‹β«¨¦
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.64     20
        127.0.0.0        255.0.0.0      ‹œ ©η¤›œ©ž         127.0.0.1    306
        127.0.0.1  255.255.255.255      ‹œ ©η¤›œ©ž         127.0.0.1    306
  127.255.255.255  255.255.255.255      ‹œ ©η¤›œ©ž         127.0.0.1    306
      192.168.1.0    255.255.255.0      ‹œ ©η¤›œ©ž      192.168.1.64    276
     192.168.1.64  255.255.255.255      ‹œ ©η¤›œ©ž      192.168.1.64    276
    192.168.1.255  255.255.255.255      ‹œ ©η¤›œ©ž      192.168.1.64    276
        224.0.0.0        240.0.0.0      ‹œ ©η¤›œ©ž         127.0.0.1    306
        224.0.0.0        240.0.0.0      ‹œ ©η¤›œ©ž      192.168.1.64    276
  255.255.255.255  255.255.255.255      ‹œ ©η¤›œ©ž         127.0.0.1    306
  255.255.255.255  255.255.255.255      ‹œ ©η¤›œ©ž      192.168.1.64    276
===========================================================================
‘¬¤œ®œε › ˜›¨¦£β:
  ‰˜£ε˜

IPv6 �ε¤˜΅˜ › ˜›¨¦£ι¤
===========================================================================
„¤œ¨šβ › ˜›¨¦£β:
 ƒ œηŸ¬¤©ž › ΅«η¦¬ £œ«¨ ΅γ If    �ηΆž
  9     18 ::/0                     ‹œ ©η¤›œ©ž
  1    306 ::1/128                  ‹œ ©η¤›œ©ž
  9     18 2001::/32                ‹œ ©η¤›œ©ž
  9    266 2001:0:5ef5:79fd:8d2:22f0:d109:1320/128
                                    ‹œ ©η¤›œ©ž
  8    276 fe80::/64                ‹œ ©η¤›œ©ž
  9    266 fe80::/64                ‹œ ©η¤›œ©ž
  8    276 fe80::5b:e83f:bb36:f46/128
                                    ‹œ ©η¤›œ©ž
  9    266 fe80::8d2:22f0:d109:1320/128
                                    ‹œ ©η¤›œ©ž
  1    306 ff00::/8                 ‹œ ©η¤›œ©ž
  9    266 ff00::/8                 ‹œ ©η¤›œ©ž
  8    276 ff00::/8                 ‹œ ©η¤›œ©ž
===========================================================================
‘¬¤œ®œε › ˜›¨¦£β:
  ‰˜£ε˜

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/15/2012 10:51:08 PM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue

Error: (09/15/2012 06:11:42 PM) (Source: VMCService) (User: )
Description: GetProcessOwner

Error: (09/15/2012 02:13:53 PM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue

Error: (09/15/2012 02:11:53 PM) (Source: VMCService) (User: )
Description: GetProcessOwner

Error: (09/15/2012 07:08:36 AM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue

Error: (09/15/2012 00:10:06 AM) (Source: VMCService) (User: )
Description: GetProcessOwner

Error: (09/14/2012 09:33:31 PM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue

Error: (09/14/2012 09:31:17 PM) (Source: VMCService) (User: )
Description: GetProcessOwner

Error: (09/14/2012 02:14:26 PM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue

Error: (09/14/2012 02:12:06 PM) (Source: VMCService) (User: )
Description: GetProcessOwner


System errors:
=============
Error: (09/14/2012 09:56:58 PM) (Source: Service Control Manager) (User: )
Description: Windows Search%%1053

Error: (09/14/2012 09:56:58 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows Search

Error: (09/14/2012 09:56:58 PM) (Source: Service Control Manager) (User: )
Description: Windows Search%%1053

Error: (09/14/2012 09:56:58 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows Search

Error: (09/14/2012 09:56:58 PM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (09/12/2012 06:28:20 PM) (Source: EventLog) (User: )
Description: the previous end of operating system in 5:25:18 μμ σε 12/9/2012 was not expected.

Error: (09/12/2012 07:14:49 AM) (Source: DCOM) (User: )
Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (09/12/2012 07:14:49 AM) (Source: DCOM) (User: )
Description: 1068netman{BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error: (09/12/2012 07:14:44 AM) (Source: DCOM) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (09/12/2012 07:14:41 AM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}


Microsoft Office Sessions:
=========================

========================= Memory info: ===================================

Percentage of memory in use: 47%
Total physical RAM: 2045.76 MB
Available physical RAM: 1068.23 MB
Total Pagefile: 4346.54 MB
Available Pagefile: 3110.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1933.22 MB

========================= Partitions: =====================================

1 Drive c: (HDD) (Fixed) (Total:224.88 GB) (Free:125.27 GB) NTFS

========================= Users: ========================================

Š¦š˜¨ ˜©£¦ε User š ˜ \\DIMITRIS-PC

Administrator            ASPNET                   Dimitris                 
Guest                   
† œ¤«¦Άγ ¦Ά¦΅Άž¨ιŸž΅œ £œ œ§ «¬®ε˜.


**** End of log ****

thank you very much for all your help

i'm really grateful to you!!!

[SuperDave]

Your internet speed is quite fast. in the meantime let's do some cleanup.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

**********************************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
*****************************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

[elisabeth77]

Dear Dave, you have been enormus help with my pc issues!

I 'd like to thank you once again!!!

One two more things to ask if you have the time please!

1) I cannot unistal combofix. i did what you 've written and it is still there. with the command it starts scanning th pc again , not unistall.

2) i downloaded spyboot and wot on my pc.

3) what am i keeping on my pc from all the programmes now?
      i will keep avira (as antivirus protection), spyboot (for malwares) .
      what about malware bytes , superantispyware and the other tools as sysprot and rootrepeal?


*note: when i clicked the immunization in spyboot (avira blocked me the entrance in host files and spyboot gave a message that some files maybe blocked from my antivirus and because of that spyboot couldn't immunize the hosts file).

thanks again!!!you are number 1!