Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Corrupted TCP/IP stack


  • This topic is locked This topic is locked
43 replies to this topic

#1 lucaspeed

lucaspeed

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 23 September 2012 - 10:55 AM

Hi, I managed to remove a rootkit with the help of an expert (you can read the whole story and get some hints here: http://www.bleepingcomputer.com/forums/topic469057.html)
Now, as suggested by the expert, I need help to restore the TCP/IP stack.
Combofix says it's infected but as the expert said, logs are clean.
Thank you for your help.

Regards,
Luca

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,408 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:09 AM

Posted 23 September 2012 - 11:22 AM

Take a look, http://support.microsoft.com/kb/299357 . I'd try the FixIt first.

Louis

#3 lucaspeed

lucaspeed
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 23 September 2012 - 12:19 PM

I tried them both but combofix keeps detecting the root kit…
This is annoying…

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 56,408 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:09 AM

Posted 23 September 2012 - 01:19 PM

Please be patient, I'm trying to find someone to assist me on this :).

Louis

#5 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:09 AM

Posted 23 September 2012 - 04:19 PM

Launch FSS and type mswsock.dll and then hit the search files button and then copy and paste the log that pops up here.
http://download.bleepingcomputer.com/farbar/FSS.exe



Please download MINITOOLBOX and run it.
http://download.bleepingcomputer.com/farbar/MiniToolBox.exe

Checkmark following boxes:


Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

Edited by InadequateInfirmity, 23 September 2012 - 04:21 PM.


#6 lucaspeed

lucaspeed
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 24 September 2012 - 12:37 AM

Hello and thank you, here's my logs:

Farbar Service Scanner Version: 19-09-2012
Ran by Administrator (administrator) on 24-09-2012 at 07:26:59
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)

************************************************
======== Search: "mswsock.dll" =========

C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2011-02-16 16:15] - [2009-04-11 08:28] - 0223232 ____A (Microsoft Corporation) 8617350C9B590B63E620881092751BCB

C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll
[2008-01-21 04:24] - [2008-01-21 04:24] - 0223232 ____A (Microsoft Corporation) 89FD0595EEA4E505CABEFCF7008F2612

C:\Windows\System32\mswsock.dll
[2011-02-16 16:15] - [2009-04-11 08:28] - 0223232 ____A (Microsoft Corporation) 8617350C9B590B63E620881092751BCB

C:\Windows\ERDNT\cache\mswsock.dll
[2011-03-24 20:27] - [2009-04-11 08:28] - 0223232 ____A (Microsoft Corporation) 8617350C9B590B63E620881092751BCB

====== End Of Search ======



MiniToolBox by Farbar Version: 23-07-2012
Ran by Administrator (administrator) on 24-09-2012 at 07:35:30
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® Wireless WiFi Link 5100 = Connessione rete wireless (Connected)
Realtek PCIe FE Family Controller = Connessione alla rete locale (LAN) (Media disconnected)


# ----------------------------------
# Configurazione IPv4
# ----------------------------------
pushd interface ipv4

reset


popd
# Fine configurazione IPv4



Configurazione IP di Windows

Nome host . . . . . . . . . . . . . . : PC-PackardBell
Suffisso DNS primario . . . . . . . . :
Tipo nodo . . . . . . . . . . . . . . : Ibrido
Routing IP abilitato. . . . . . . . . : No
Proxy WINS abilitato . . . . . . . . : No

Scheda LAN wireless Connessione rete wireless:

Suffisso DNS specifico per connessione:
Descrizione . . . . . . . . . . . . . : Intel® Wireless WiFi Link 5100
Indirizzo fisico. . . . . . . . . . . : 00-21-5D-78-B2-0A
DHCP abilitato. . . . . . . . . . . . : S¨
Configurazione automatica abilitata : S¨
Indirizzo IPv6 locale rispetto al collegamento . : fe80::adc0:e485:555a:acba%11(Preferenziale)
Indirizzo IPv4. . . . . . . . . . . . : 192.168.0.11(Preferenziale)
Subnet mask . . . . . . . . . . . . . : 255.255.255.0
Lease ottenuto. . . . . . . . . . . . : luned¨ 24 settembre 2012 7.24.13
Scadenza lease . . . . . . . . . . . : marted¨ 25 settembre 2012 7.24.13
Gateway predefinito . . . . . . . . . : 192.168.0.1
Server DHCP . . . . . . . . . . . . . : 192.168.0.1
IAID DHCPv6 . . . . . . . . . . . : 268441322
DUID Client DHCPv6. . . . . . . . : 00-01-00-01-12-CD-48-B0-00-1E-68-E1-10-7D
Server DNS . . . . . . . . . . . . . : 208.67.222.222
208.67.220.220
NetBIOS su TCP/IP . . . . . . . . . . : Attivato

Scheda Ethernet Connessione alla rete locale (LAN):

Stato supporto. . . . . . . . . . . . : Supporto disconnesso
Suffisso DNS specifico per connessione:
Descrizione . . . . . . . . . . . . . : Realtek PCIe FE Family Controller
Indirizzo fisico. . . . . . . . . . . : 00-1E-68-E1-10-7D
DHCP abilitato. . . . . . . . . . . . : S¨
Configurazione automatica abilitata : S¨

Scheda Tunnel Connessione alla rete locale (LAN)*:

Stato supporto. . . . . . . . . . . . : Supporto disconnesso
Suffisso DNS specifico per connessione:
Descrizione . . . . . . . . . . . . . : isatap.{DDCCF1B3-765D-44C3-AEC6-BF4C1C54FED7}
Indirizzo fisico. . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP abilitato. . . . . . . . . . . . : No
Configurazione automatica abilitata : S¨

Scheda Tunnel Connessione alla rete locale (LAN)* 2:

Stato supporto. . . . . . . . . . . . : Supporto disconnesso
Suffisso DNS specifico per connessione:
Descrizione . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Indirizzo fisico. . . . . . . . . . . : 02-00-54-55-4E-01
DHCP abilitato. . . . . . . . . . . . : No
Configurazione automatica abilitata : S¨

Scheda Tunnel Connessione alla rete locale (LAN)* 3:

Stato supporto. . . . . . . . . . . . : Supporto disconnesso
Suffisso DNS specifico per connessione:
Descrizione . . . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Indirizzo fisico. . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP abilitato. . . . . . . . . . . . : No
Configurazione automatica abilitata : S¨

Scheda Tunnel Connessione alla rete locale (LAN)* 7:

Stato supporto. . . . . . . . . . . . : Supporto disconnesso
Suffisso DNS specifico per connessione:
Descrizione . . . . . . . . . . . . . : isatap.{7A746911-078F-430C-8A0E-44C65DB8B445}
Indirizzo fisico. . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP abilitato. . . . . . . . . . . . : No
Configurazione automatica abilitata : S¨
Server: resolver1.opendns.com
Address: 208.67.222.222

Nome: google.com
Addresses: 2a00:1450:4002:802::100e
209.85.148.100
209.85.148.102
209.85.148.101
209.85.148.139
209.85.148.113
209.85.148.138



Esecuzione di Ping google.com [173.194.35.40] con 32 byte di dati:

Risposta da 173.194.35.40: byte=32 durata=68ms TTL=54

Risposta da 173.194.35.40: byte=32 durata=165ms TTL=54



Statistiche Ping per 173.194.35.40:

Pacchetti: Trasmessi = 2, Ricevuti = 2,

Persi = 0 (0% persi),

Tempo approssimativo percorsi andata/ritorno in millisecondi:

Minimo = 68ms, Massimo = 165ms, Medio = 116ms

Server: resolver1.opendns.com
Address: 208.67.222.222

Nome: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
72.30.38.140



Esecuzione di Ping yahoo.com [98.138.253.109] con 32 byte di dati:

Risposta da 98.138.253.109: byte=32 durata=245ms TTL=50

Risposta da 98.138.253.109: byte=32 durata=195ms TTL=51



Statistiche Ping per 98.138.253.109:

Pacchetti: Trasmessi = 2, Ricevuti = 2,

Persi = 0 (0% persi),

Tempo approssimativo percorsi andata/ritorno in millisecondi:

Minimo = 195ms, Massimo = 245ms, Medio = 220ms

Server: resolver1.opendns.com
Address: 208.67.222.222

Nome: bleepingcomputer.com
Address: 208.43.87.2



Esecuzione di Ping bleepingcomputer.com [208.43.87.2] con 32 byte di dati:

Risposta da 208.43.87.2: Host di destinazione non raggiungibile.

Richiesta scaduta.



Statistiche Ping per 208.43.87.2:

Pacchetti: Trasmessi = 2, Ricevuti = 1,

Persi = 1 (50% persi),



Esecuzione di Ping 127.0.0.1 con 32 byte di dati:

Risposta da 127.0.0.1: byte=32 durata<1ms TTL=128

Risposta da 127.0.0.1: byte=32 durata<1ms TTL=128



Statistiche Ping per 127.0.0.1:

Pacchetti: Trasmessi = 2, Ricevuti = 2,

Persi = 0 (0% persi),

Tempo approssimativo percorsi andata/ritorno in millisecondi:

Minimo = 0ms, Massimo = 0ms, Medio = 0ms

===========================================================================
Elenco interfacce
11 ...00 21 5d 78 b2 0a ...... Intel® Wireless WiFi Link 5100
10 ...00 1e 68 e1 10 7d ...... Realtek PCIe FE Family Controller
1 ........................... Software Loopback Interface 1
15 ...00 00 00 00 00 00 00 e0 isatap.{DDCCF1B3-765D-44C3-AEC6-BF4C1C54FED7}
12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
13 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
14 ...00 00 00 00 00 00 00 e0 isatap.{7A746911-078F-430C-8A0E-44C65DB8B445}
===========================================================================

IPv4 Tabella route
===========================================================================
Route attive:
Indirizzo rete Mask Gateway Interfaccia Metrica
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.11 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.11 281
192.168.0.11 255.255.255.255 On-link 192.168.0.11 281
192.168.0.255 255.255.255.255 On-link 192.168.0.11 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.11 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.11 281
===========================================================================
Route permanenti:
Nessuna

IPv6 Tabella route
===========================================================================
Route attive:
Interf Metrica Rete Destinazione Gateway
1 306 ::1/128 On-link
11 281 fe80::/64 On-link
11 281 fe80::adc0:e485:555a:acba/128
On-link
1 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Route permanenti:
Nessuna
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()
Catalog9 24 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/24/2012 07:26:12 AM) (Source: WinMgmt) (User: )
Description: //./ROOT/SecurityCenterSELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'0x80041010

Error: (09/24/2012 07:25:20 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/23/2012 06:59:50 PM) (Source: WinMgmt) (User: )
Description: //./ROOT/SecurityCenterSELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'0x80041010

Error: (09/23/2012 06:59:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/23/2012 06:49:52 PM) (Source: WinMgmt) (User: )
Description: //./ROOT/SecurityCenterSELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'0x80041010

Error: (09/23/2012 06:48:53 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/23/2012 06:31:46 PM) (Source: WinMgmt) (User: )
Description: //./ROOT/SecurityCenterSELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'0x80041010

Error: (09/23/2012 06:30:59 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/23/2012 06:27:32 PM) (Source: WinMgmt) (User: )
Description: //./ROOT/SecurityCenterSELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'0x80041010

Error: (09/23/2012 06:26:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/24/2012 07:25:21 AM) (Source: Service Control Manager) (User: )
Description: PLFlash DeviceIoControl Service%%2

Error: (09/24/2012 07:25:21 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (09/23/2012 06:59:01 PM) (Source: Service Control Manager) (User: )
Description: PLFlash DeviceIoControl Service%%2

Error: (09/23/2012 06:59:01 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (09/23/2012 06:48:54 PM) (Source: Service Control Manager) (User: )
Description: PLFlash DeviceIoControl Service%%2

Error: (09/23/2012 06:48:54 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (09/23/2012 06:43:15 PM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (09/23/2012 06:31:00 PM) (Source: Service Control Manager) (User: )
Description: PLFlash DeviceIoControl Service%%2

Error: (09/23/2012 06:31:00 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (09/23/2012 06:26:43 PM) (Source: Service Control Manager) (User: )
Description: PLFlash DeviceIoControl Service%%2


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
AAC Decoder (Version: 7.1.0)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.278)
Adobe Flash Player 11 Plugin (Version: 11.4.402.278)
Adobe Photoshop Elements 6.0 (Version: 6.0)
Adobe Reader 8
Adobe Reader X (10.1.0) - Italiano (Version: 10.1.0)
Adobe Shockwave Player (Version: 10.3.0.24)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
Assistente per l'accesso a Windows Live (Version: 5.000.818.5)
AutoUpdate (Version: 1.1)
Avira Free Antivirus (Version: 12.0.0.330)
Bonjour (Version: 3.0.0.10)
Carbonite
DivX Codec (Version: 6.9.1)
DivX Converter (Version: 7.1.0)
DivX Player (Version: 7.2.0)
DivX Plus DirectShow Filters
DivX Plus Web Player (Version: 2.0.0)
DivX Version Checker (Version: 7.1.0.9)
Facebook Messenger 2.1.4631.0 (Version: 2.1.4631.0)
Facebook Video Calling 1.2.0.159 (Version: 1.2.159)
H.264 Decoder (Version: 1.1.0)
Infocentre Rev. 2.0.0.1
Intel PROSet Wireless
Intel® Graphics Media Accelerator Driver
iTunes (Version: 10.6.1.7)
IZArc 4.1 (Version: 4.1)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Junk Mail filter update (Version: 14.0.8117.416)
Malwarebytes Anti-Malware versione 1.65.0.1400 (Version: 1.65.0.1400)
Metaboli
Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano)
Microsoft .NET Framework 3.5 Language Pack SP1 - ita (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile ITA Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel 2007 Help - Aggiornamento (KB963678)
Microsoft Office Excel MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.3 (Version: 2.0.2313.0)
Microsoft Office OneNote MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook 2007 Help - Aggiornamento (KB963677)
Microsoft Office Outlook Connector (Version: 12.0.6423.1000)
Microsoft Office Outlook MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Powerpoint 2007 Help - Aggiornamento (KB963669)
Microsoft Office PowerPoint MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (Italian) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (Italian) 2007 (Version: 12.0.4518.1018)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word 2007 Help - Aggiornamento (KB963665)
Microsoft Office Word MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Microsoft Works 9
Microsoft XML Parser (Version: 8.70.1104.04)
Microsoft© Office Trial 2007
MKV Splitter (Version: 1.0.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 8 (Version: 8.0.182)
neroxml (Version: 1.0.0)
Pacchetto di compatibilitą per Office System 2007 (Version: 12.0.6612.1000)
Packard Bell ImageWriter
Packard Bell LCD Test
Packard Bell Updator
Proteggi i tuoi dati
QuickTime (Version: 7.72.80.56)
Raccolta foto di Windows Live (Version: 14.0.8117.416)
Realtek High Definition Audio Driver (Version: 6.0.1.5678)
Realtek USB 2.0 Card Reader (Version: )
SeaTools for Windows (Version: 1.1.3.2)
SetUp My PC
Skype 3.6.2.248
Skype™ 5.10 (Version: 5.10.116)
Software Intel® PROSet/Wireless WiFi (Version: 12.00.0004)
Strumento di caricamento di Windows Live (Version: 14.0.8014.1029)
Synaptics Pointing Device Driver (Version: 10.0.1.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VCRedistSetup (Version: 1.0.0)
Veoh Giraffic Video Accelerator (Version: 0.86.246.230)
Veoh Video Compass (Version: 1.5.2)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Family Safety (Version: 14.0.8118.427)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Movie Maker (Version: 14.0.8117.0416)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Toolbar (Version: 14.0.8117.416)
Worms 2

========================= Devices: ================================

Name: HL-DT-ST DVDRAM GSA-T50N ATA Device
Description: Unitą CD-ROM
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Unitą CD-ROM standard)
Service: cdrom
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


========================= Memory info: ===================================

Percentage of memory in use: 38%
Total physical RAM: 2999.98 MB
Available physical RAM: 1838.5 MB
Total Pagefile: 6204.25 MB
Available Pagefile: 5097.32 MB
Total Virtual: 2047.88 MB
Available Virtual: 1937.54 MB

========================= Partitions: =====================================

1 Drive c: (HDD) (Fixed) (Total:286.09 GB) (Free:183.34 GB) NTFS

========================= Users: ========================================

Account utente per \\PC-PACKARDBELL

Administrator Guest
Esecuzione comando riuscita.


**** End of log ****

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:09 AM

Posted 24 September 2012 - 12:44 AM

lucaspeed

I have asked one of the malware removal experts to look at your issue.Please do not run any scans until they instruct you.

good luck

#8 suman suman

suman suman

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 24 September 2012 - 01:13 AM

If it's about resetting the TCP/IP stack, you can do it here. Click Start> All Programs> Accessories> right-click Command Prompt and select Run as administrator. If prompted, enter the administrator password and proceed. type ‘netsh int ip reset c:\netsh.log.txt’ and hit Enter. Wait until the command finishes resetting the TCP/IP networking log. When done, type ‘netsh winsock reset’ and hit Enter again. Exit the Command Prompt window and restart your Vista computer.

#9 lucaspeed

lucaspeed
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 24 September 2012 - 10:48 AM

It was the first thing I tried to no avail. Thank you anyway.

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,434 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:09 AM

Posted 24 September 2012 - 03:29 PM

Hi lucaspeed, please execute the following from an elevated command prompt:

netsh winsock reset

Restart the computer afterwards and post a new minitoolbox log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#11 lucaspeed

lucaspeed
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 24 September 2012 - 03:45 PM

MiniToolBox by Farbar Version: 23-07-2012
Ran by Administrator (administrator) on 24-09-2012 at 22:42:25
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® Wireless WiFi Link 5100 = Connessione rete wireless (Connected)
Realtek PCIe FE Family Controller = Connessione alla rete locale (LAN) (Media disconnected)


# ----------------------------------
# Configurazione IPv4
# ----------------------------------
pushd interface ipv4

reset


popd
# Fine configurazione IPv4



Configurazione IP di Windows

Nome host . . . . . . . . . . . . . . : PC-PackardBell
Suffisso DNS primario . . . . . . . . :
Tipo nodo . . . . . . . . . . . . . . : Ibrido
Routing IP abilitato. . . . . . . . . : No
Proxy WINS abilitato . . . . . . . . : No

Scheda LAN wireless Connessione rete wireless:

Suffisso DNS specifico per connessione:
Descrizione . . . . . . . . . . . . . : Intel® Wireless WiFi Link 5100
Indirizzo fisico. . . . . . . . . . . : 00-21-5D-78-B2-0A
DHCP abilitato. . . . . . . . . . . . : S¨
Configurazione automatica abilitata : S¨
Indirizzo IPv6 locale rispetto al collegamento . : fe80::adc0:e485:555a:acba%11(Preferenziale)
Indirizzo IPv4. . . . . . . . . . . . : 192.168.0.11(Preferenziale)
Subnet mask . . . . . . . . . . . . . : 255.255.255.0
Lease ottenuto. . . . . . . . . . . . : luned¨ 24 settembre 2012 22.41.41
Scadenza lease . . . . . . . . . . . : marted¨ 25 settembre 2012 22.41.41
Gateway predefinito . . . . . . . . . : 192.168.0.1
Server DHCP . . . . . . . . . . . . . : 192.168.0.1
IAID DHCPv6 . . . . . . . . . . . : 268441322
DUID Client DHCPv6. . . . . . . . : 00-01-00-01-12-CD-48-B0-00-1E-68-E1-10-7D
Server DNS . . . . . . . . . . . . . : 208.67.222.222
208.67.220.220
NetBIOS su TCP/IP . . . . . . . . . . : Attivato

Scheda Ethernet Connessione alla rete locale (LAN):

Stato supporto. . . . . . . . . . . . : Supporto disconnesso
Suffisso DNS specifico per connessione:
Descrizione . . . . . . . . . . . . . : Realtek PCIe FE Family Controller
Indirizzo fisico. . . . . . . . . . . : 00-1E-68-E1-10-7D
DHCP abilitato. . . . . . . . . . . . : S¨
Configurazione automatica abilitata : S¨

Scheda Tunnel Connessione alla rete locale (LAN)*:

Stato supporto. . . . . . . . . . . . : Supporto disconnesso
Suffisso DNS specifico per connessione:
Descrizione . . . . . . . . . . . . . : isatap.{DDCCF1B3-765D-44C3-AEC6-BF4C1C54FED7}
Indirizzo fisico. . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP abilitato. . . . . . . . . . . . : No
Configurazione automatica abilitata : S¨

Scheda Tunnel Connessione alla rete locale (LAN)* 2:

Stato supporto. . . . . . . . . . . . : Supporto disconnesso
Suffisso DNS specifico per connessione:
Descrizione . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Indirizzo fisico. . . . . . . . . . . : 02-00-54-55-4E-01
DHCP abilitato. . . . . . . . . . . . : No
Configurazione automatica abilitata : S¨

Scheda Tunnel Connessione alla rete locale (LAN)* 3:

Stato supporto. . . . . . . . . . . . : Supporto disconnesso
Suffisso DNS specifico per connessione:
Descrizione . . . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Indirizzo fisico. . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP abilitato. . . . . . . . . . . . : No
Configurazione automatica abilitata : S¨

Scheda Tunnel Connessione alla rete locale (LAN)* 7:

Stato supporto. . . . . . . . . . . . : Supporto disconnesso
Suffisso DNS specifico per connessione:
Descrizione . . . . . . . . . . . . . : isatap.{7A746911-078F-430C-8A0E-44C65DB8B445}
Indirizzo fisico. . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP abilitato. . . . . . . . . . . . : No
Configurazione automatica abilitata : S¨
Server: resolver1.opendns.com
Address: 208.67.222.222

Nome: google.com
Addresses: 2a00:1450:4002:802::1005
209.85.148.138
209.85.148.102
209.85.148.139
209.85.148.100
209.85.148.101
209.85.148.113



Esecuzione di Ping google.com [209.85.148.102] con 32 byte di dati:

Risposta da 209.85.148.102: byte=32 durata=143ms TTL=52

Risposta da 209.85.148.102: byte=32 durata=49ms TTL=52



Statistiche Ping per 209.85.148.102:

Pacchetti: Trasmessi = 2, Ricevuti = 2,

Persi = 0 (0% persi),

Tempo approssimativo percorsi andata/ritorno in millisecondi:

Minimo = 49ms, Massimo = 143ms, Medio = 96ms

Server: resolver1.opendns.com
Address: 208.67.222.222

Nome: yahoo.com
Addresses: 98.139.183.24
72.30.38.140
98.138.253.109



Esecuzione di Ping yahoo.com [98.139.183.24] con 32 byte di dati:

Risposta da 98.139.183.24: byte=32 durata=611ms TTL=50

Risposta da 98.139.183.24: byte=32 durata=712ms TTL=50



Statistiche Ping per 98.139.183.24:

Pacchetti: Trasmessi = 2, Ricevuti = 2,

Persi = 0 (0% persi),

Tempo approssimativo percorsi andata/ritorno in millisecondi:

Minimo = 611ms, Massimo = 712ms, Medio = 661ms

Server: resolver1.opendns.com
Address: 208.67.222.222

Nome: bleepingcomputer.com
Address: 208.43.87.2



Esecuzione di Ping bleepingcomputer.com [208.43.87.2] con 32 byte di dati:

Risposta da 208.43.87.2: Host di destinazione non raggiungibile.

Risposta da 208.43.87.2: Host di destinazione non raggiungibile.



Statistiche Ping per 208.43.87.2:

Pacchetti: Trasmessi = 2, Ricevuti = 2,

Persi = 0 (0% persi),



Esecuzione di Ping 127.0.0.1 con 32 byte di dati:

Risposta da 127.0.0.1: byte=32 durata<1ms TTL=128

Risposta da 127.0.0.1: byte=32 durata<1ms TTL=128



Statistiche Ping per 127.0.0.1:

Pacchetti: Trasmessi = 2, Ricevuti = 2,

Persi = 0 (0% persi),

Tempo approssimativo percorsi andata/ritorno in millisecondi:

Minimo = 0ms, Massimo = 0ms, Medio = 0ms

===========================================================================
Elenco interfacce
11 ...00 21 5d 78 b2 0a ...... Intel® Wireless WiFi Link 5100
10 ...00 1e 68 e1 10 7d ...... Realtek PCIe FE Family Controller
1 ........................... Software Loopback Interface 1
15 ...00 00 00 00 00 00 00 e0 isatap.{DDCCF1B3-765D-44C3-AEC6-BF4C1C54FED7}
12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
13 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
14 ...00 00 00 00 00 00 00 e0 isatap.{7A746911-078F-430C-8A0E-44C65DB8B445}
===========================================================================

IPv4 Tabella route
===========================================================================
Route attive:
Indirizzo rete Mask Gateway Interfaccia Metrica
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.11 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.11 281
192.168.0.11 255.255.255.255 On-link 192.168.0.11 281
192.168.0.255 255.255.255.255 On-link 192.168.0.11 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.11 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.11 281
===========================================================================
Route permanenti:
Nessuna

IPv6 Tabella route
===========================================================================
Route attive:
Interf Metrica Rete Destinazione Gateway
1 306 ::1/128 On-link
11 281 fe80::/64 On-link
11 281 fe80::adc0:e485:555a:acba/128
On-link
1 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Route permanenti:
Nessuna
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/24/2012 10:39:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/24/2012 02:19:04 PM) (Source: VSS) (User: )
Description: Errore del servizio Copia Shadow del volume: errore imprevisto durante la ricerca dell'interfaccia IVssWriterCallback. hr = 0x80070005.
L'errore č spesso causato da impostazioni di protezione non corrette nel processo di scrittura o richiedente.


Operazione:
Raccolta dei dati del processo di scrittura

Contesto:
ID della classe del processo di scrittura: {e8132975-6f93-4464-a53e-1050253ae220}
Nome del processo di scrittura: System Writer
ID dell'istanza del processo di scrittura: {6d494b87-7f4b-45ec-ae41-f0d8591cde86}

Error: (09/24/2012 02:11:41 PM) (Source: WinMgmt) (User: )
Description: //./ROOT/SecurityCenterSELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'0x80041010

Error: (09/24/2012 02:10:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/24/2012 01:42:17 PM) (Source: WinMgmt) (User: )
Description: //./ROOT/SecurityCenterSELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'0x80041010

Error: (09/24/2012 01:41:28 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/24/2012 01:36:29 PM) (Source: WinMgmt) (User: )
Description: //./ROOT/SecurityCenterSELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'0x80041010

Error: (09/24/2012 01:35:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/24/2012 07:52:53 AM) (Source: WinMgmt) (User: )
Description: //./ROOT/SecurityCenterSELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'0x80041010

Error: (09/24/2012 07:52:03 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/24/2012 10:39:46 PM) (Source: Service Control Manager) (User: )
Description: PLFlash DeviceIoControl Service%%2

Error: (09/24/2012 10:39:46 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (09/24/2012 02:10:51 PM) (Source: Service Control Manager) (User: )
Description: PLFlash DeviceIoControl Service%%2

Error: (09/24/2012 02:10:51 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (09/24/2012 02:05:05 PM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (09/24/2012 01:41:31 PM) (Source: Service Control Manager) (User: )
Description: PLFlash DeviceIoControl Service%%2

Error: (09/24/2012 01:41:31 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (09/24/2012 01:35:42 PM) (Source: Service Control Manager) (User: )
Description: PLFlash DeviceIoControl Service%%2

Error: (09/24/2012 01:35:42 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (09/24/2012 07:52:04 AM) (Source: Service Control Manager) (User: )
Description: PLFlash DeviceIoControl Service%%2


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
AAC Decoder (Version: 7.1.0)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.278)
Adobe Flash Player 11 Plugin (Version: 11.4.402.278)
Adobe Photoshop Elements 6.0 (Version: 6.0)
Adobe Reader 8
Adobe Reader X (10.1.0) - Italiano (Version: 10.1.0)
Adobe Shockwave Player (Version: 10.3.0.24)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
Assistente per l'accesso a Windows Live (Version: 5.000.818.5)
AutoUpdate (Version: 1.1)
Avira Free Antivirus (Version: 12.0.0.330)
Bonjour (Version: 3.0.0.10)
Carbonite
DivX Codec (Version: 6.9.1)
DivX Converter (Version: 7.1.0)
DivX Player (Version: 7.2.0)
DivX Plus DirectShow Filters
DivX Plus Web Player (Version: 2.0.0)
DivX Version Checker (Version: 7.1.0.9)
Facebook Messenger 2.1.4631.0 (Version: 2.1.4631.0)
Facebook Video Calling 1.2.0.159 (Version: 1.2.159)
H.264 Decoder (Version: 1.1.0)
Infocentre Rev. 2.0.0.1
Intel PROSet Wireless
Intel® Graphics Media Accelerator Driver
iTunes (Version: 10.6.1.7)
IZArc 4.1 (Version: 4.1)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Junk Mail filter update (Version: 14.0.8117.416)
Malwarebytes Anti-Malware versione 1.65.0.1400 (Version: 1.65.0.1400)
Metaboli
Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano)
Microsoft .NET Framework 3.5 Language Pack SP1 - ita (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile ITA Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel 2007 Help - Aggiornamento (KB963678)
Microsoft Office Excel MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.3 (Version: 2.0.2313.0)
Microsoft Office OneNote MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook 2007 Help - Aggiornamento (KB963677)
Microsoft Office Outlook Connector (Version: 12.0.6423.1000)
Microsoft Office Outlook MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Powerpoint 2007 Help - Aggiornamento (KB963669)
Microsoft Office PowerPoint MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (Italian) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (Italian) 2007 (Version: 12.0.4518.1018)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word 2007 Help - Aggiornamento (KB963665)
Microsoft Office Word MUI (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Microsoft Works 9
Microsoft XML Parser (Version: 8.70.1104.04)
Microsoft© Office Trial 2007
MKV Splitter (Version: 1.0.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 8 (Version: 8.0.182)
neroxml (Version: 1.0.0)
Pacchetto di compatibilitą per Office System 2007 (Version: 12.0.6612.1000)
Packard Bell ImageWriter
Packard Bell LCD Test
Packard Bell Updater (Version: 1.02.3502)
Packard Bell Updator
Proteggi i tuoi dati
QuickTime (Version: 7.72.80.56)
Raccolta foto di Windows Live (Version: 14.0.8117.416)
Realtek High Definition Audio Driver (Version: 6.0.1.5678)
Realtek USB 2.0 Card Reader (Version: )
SeaTools for Windows (Version: 1.1.3.2)
SetUp My PC
Skype 3.6.2.248
Skype™ 5.10 (Version: 5.10.116)
Software Intel® PROSet/Wireless WiFi (Version: 12.00.0004)
Strumento di caricamento di Windows Live (Version: 14.0.8014.1029)
Synaptics Pointing Device Driver (Version: 10.0.1.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VCRedistSetup (Version: 1.0.0)
Veoh Giraffic Video Accelerator (Version: 0.86.246.230)
Veoh Video Compass (Version: 1.5.2)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Family Safety (Version: 14.0.8118.427)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Movie Maker (Version: 14.0.8117.0416)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Toolbar (Version: 14.0.8117.416)
Worms 2

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 33%
Total physical RAM: 2999.98 MB
Available physical RAM: 1985.67 MB
Total Pagefile: 6202.29 MB
Available Pagefile: 5241.14 MB
Total Virtual: 2047.88 MB
Available Virtual: 1941.45 MB

========================= Partitions: =====================================

1 Drive c: (HDD) (Fixed) (Total:286.09 GB) (Free:181.5 GB) NTFS

========================= Users: ========================================

Account utente per \\PC-PACKARDBELL

Administrator Guest
Esecuzione comando riuscita.


**** End of log ****

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,434 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:09 AM

Posted 24 September 2012 - 03:54 PM

The winsock catalog looks good now. What issues do you still have left?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#13 lucaspeed

lucaspeed
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 24 September 2012 - 04:05 PM

Combofix:

"You are infected with Rootkit.ZeroAccess! It has inserted itself into the tcp/ip stack. This is a particularly difficult infection.
If for any reason that you're unable to connect to the internet after running ComboFix, reboot once and see if that fixes it.
If it's not fixed, run Combofix one more time."


Now, I have run Combofix many times after reboot but keeps telling me that I am infected.
PC is able to connect to the internet but Combofix says rootkit is still there.

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,434 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:09 AM

Posted 24 September 2012 - 04:15 PM

Does it say that even after resetting winsock?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#15 lucaspeed

lucaspeed
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 24 September 2012 - 04:19 PM

Yes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users