Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG alerts for trojan horse: Cryptic.DUE


  • Please log in to reply
44 replies to this topic

#1 ClipJo

ClipJo

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 02 January 2012 - 10:29 AM

Hello,

I am running Windows XP, and my browser is Mozilla Firefox. I didn't, however, have any antivirus program installed on my computer due to it slowed the operations down to the point that rendered it unreasonable in getting any work down (Maybe take 5 minutes to open up a file, literally. And surfing the web was, well, even worse). A little over a week ago, I was online perusing a Topix forum when NFL football came on and I left the computer idling on the Topix forum. It was probably a couple of hours later when I noticed Mozilla Firefox had shut down and the prompt for the lovely "XP Anti-virus 2012" was displaying itself on the screen. I had a similar version previously (perhaps the 2010 version) and had logged onto BC about a year ago and read through several forum posts whereas I was subsequently able to rid the computer of said virus by reading the instructions shared with various others.

I still have RKill on my computer left over from the last time. I ran it and shut down the perpetrator which then enabled me to run then Mbam where it found several things and subsequently eliminated them, yet the computer seemed to run excessively slow afterwards, redirect web searches, and a "ding" sound like something had finished installing; however, nothing showing on the screen. So I tried installing the free AVG anti-virus program whereas it found several issues (trojan horse Cryptic.DUE being one of them). It either eliminated these problems or moved them to the "vault." Once again, I still had the most of the same issues hindering me (i.e., sloooooow computer, redirecting of the browser, the ding sound, etc). I then tried installing SpyBot Search and Destroy. This program found 53 things on my computer and it "successfully" dealt with them. I then rebooted and ran it again where it found a few more items. I now have uninstalled this program in hopes of it helping speed things up again. However, once again, I still have the same issues. Also, I should mention that I have "cleaned the disk" and "defragmented" as well as eliminated every program and file that I no longer use, all to no avail.

The AVG program stills occasionally initiates a prompt stating that I have a trojan horse called "Cryptic.DUE" on the computer. Every time it comes up it seems to be in a different place, like in a file in the "system volume," or "Mbam," or various other places I am not recalling at the moment. Also, I am still getting occasional AVG prompts indicating a "ping" is taking place. But neither the AVG program, the SpyBot Search and Destroy, or Mbam find this "Cryptic.DUE" virus when scan is run.

I am hopeful of some help with this problem, as I plan on starting school online in a few weeks. Needless to say, it doesn't bode well for me if the computer is not working up to snuff. Unfortunately, at the moment, I don't have the money to buy another computer. I'm pretty much at wit's end and simply don't know what to do.

Thanking you in advance for any assistance, or advise!

Edited by ClipJo, 02 January 2012 - 10:37 AM.


BC AdBot (Login to Remove)

 


#2 ClipJo

ClipJo
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 02 January 2012 - 05:42 PM

I'm guessing I must have said something wrong, which is one of the reasons why I do not like to trouble others in a forum such as this. You good folks seemingly have your hands full already, while doing an extraordinarily admirable job of answering the same ol' questions, and addressing the same issues over and over again. Although I do not know, I can only assume this really must be quite tiring at times.

My problem is that I do not have the confidence nor the abilities to discern whether or not one of the aforementioned "fixes" within this forum would apply to me? Or whether to download and run a specific program that could potentially do harm to my system given the fact I know nothing about said program, or the potential havoc it could wreak. I guess I'm kind of stuck between a rock and a hard place, so to speak.

I'll continue to scour the various threads hoping to stumble across something I might find comprehensible and appropriate for me to act upon. I just wished I had a better way of expressing my gratitude for all the great help you folks render! Nonetheless, THANK YOU ALL!!

#3 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 36,388 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:55 AM

Posted 02 January 2012 - 08:54 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif




#4 ClipJo

ClipJo
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 08 January 2012 - 06:18 PM

Thank you for the response Broni ! I am sorry to report that we can chalk up another victory for the "bad guys." The particular virus apparently attached itself to critical files (whitelisted) and ESET online scanner as well as AVG antivirus was unable to eradicate. The last I tried, the tcp/ip (?) had been corrupted (according to help software associated with my internet service provider) and unable to log onto the internet.

Also, my gmail account was compromised and locked down by gmail. Today, the first day I've been back online, I notice that I've sent emails to various folks in my contacts whom I've allegedly sent "gifts" (??) among other things I'm not quite sure of at the moment. It really is a shame, and I honestly feel something should be able to be done legally to those who have committed the offenses. It sure seems "criminal" to me.

Oh, I forgot to ask: is it possible for me to run the stricken computer in safe mode and try some of your aforementioned remedies?

Edited by ClipJo, 08 January 2012 - 06:21 PM.


#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 36,388 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:55 AM

Posted 08 January 2012 - 06:22 PM

So what's your situation?
Reinstalled Windows or...?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif




#6 ClipJo

ClipJo
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 08 January 2012 - 06:34 PM

I honestly don't know what to do. I was assuming my only option left is to wait until I get my student loans in a couple of weeks and purchase a new computer. I really can't afford it, but I will have to give up something (eating perhaps, or other bills) in order to buy it. Sadly, I'm just not very computer savvy.

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 36,388 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:55 AM

Posted 08 January 2012 - 06:39 PM

Why don't you follow steps from my original reply?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif




#8 ClipJo

ClipJo
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 08 January 2012 - 06:44 PM

Yes, I would if I could get on the internet with the computer. I'm on a "loaner" right now. That's why I asked if it were possible for me to run the stricken computer in safe mode (perhaps) in order to run your aforementioned suggestions.

The tcp/ip system has been corrupted and will not allow me to log onto the internet with the infected computer.

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 36,388 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:55 AM

Posted 08 January 2012 - 06:47 PM

You can download all tools on a computer you're posting from and transfer them to bad computer using USB flash drive.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif




#10 ClipJo

ClipJo
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 08 January 2012 - 06:54 PM

Thank you Broni! I will go an purchase a flash drive and do just that. I really hope I'm able to get the computer back up and running, with your help of course. Also, after tomorrow, I will give a donation to this site in lieu of my sincere appreciation for all you folks do here. Amazing, literally amazing you folks are!!

Thanks again Broni! I will post here my results as soon as possible, although it will probably late tomorrow, or perhaps Tuesday before I'm able to do so.

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 36,388 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:55 AM

Posted 08 January 2012 - 07:07 PM

Of course we can fix it :)

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif




#12 ClipJo

ClipJo
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 08 January 2012 - 11:36 PM

I know I said that it might be tomorrow, or so, before I would be able to post the results; however, my friend had a flash drive so I spent some time following your instructions whereas I am now able to post said results. Also, please note that I uninstalled AVG free antivirus from the infected computer so I would not be spending half of an eternity just to open up a simple file, much less run the various diagnosis on the machine. Anyway, here are the results:

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
ESET Online Scanner v3
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 13
Out of date Java installed!
Adobe Flash Player 11.0.1.152
Adobe Reader X (10.1.0) Adobe Reader Out of Date!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

______________________________________________________________________________________


Farbar Service Scanner
Ran by kristy (administrator) on 08-01-2012 at 20:30:21
Microsoft Windows XP Home Edition Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.

IpSec Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open IpSec registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open IpSec registry key. The service key does not exist.


Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled. The default start type is Auto.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: Attention! Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2005-03-09 14:19] - [2006-05-19 07:59] - 0111616 ____A (Microsoft Corporation) EF545E1A4B043DA4C84E230DD471C55F

C:\WINDOWS\system32\Drivers\afd.sys
[2005-03-09 14:19] - [2008-08-14 04:51] - 0138368 ____A (Microsoft Corporation) 55E6E1C51B6D30E54335750955453702

C:\WINDOWS\system32\Drivers\netbt.sys
[2005-03-09 14:19] - [2004-08-04 07:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys
[2005-03-09 14:20] - [2008-06-20 05:45] - 0360320 ____A (Microsoft Corporation) 2A5554FC5B1E04E131230E3CE035C3F9

C:\WINDOWS\system32\Drivers\ipsec.sys
[2005-03-09 14:19] - [2004-08-04 07:00] - 0074752 ____A () 57AF546CB483E950B21C51B38CFC7FD2

C:\WINDOWS\system32\dnsrslvr.dll
[2005-03-09 14:19] - [2008-02-20 00:32] - 0045568 ____A (Microsoft Corporation) AAC8FFBFD61E784FA3BAC851D4A0BD5F

C:\WINDOWS\system32\ipnathlp.dll
[2005-03-09 14:19] - [2004-08-04 07:00] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

C:\WINDOWS\system32\netman.dll
[2005-03-09 14:19] - [2005-08-22 13:29] - 0197632 ____A (Microsoft Corporation) 36739B39267914BA69AD0610A0299732

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2005-03-09 15:33] - [2004-08-04 07:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\srsvc.dll
[2005-03-09 15:34] - [2004-08-04 07:00] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838

C:\WINDOWS\system32\Drivers\sr.sys
[2005-03-09 15:34] - [2004-08-04 07:00] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24

C:\WINDOWS\system32\wscsvc.dll
[2005-03-09 14:20] - [2004-08-04 07:00] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2005-03-09 15:33] - [2004-08-04 07:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\wuauserv.dll
[2005-03-09 15:35] - [2004-08-04 07:00] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8

C:\WINDOWS\system32\qmgr.dll
[2005-03-09 15:35] - [2004-08-04 07:00] - 0382464 ____A (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA

C:\WINDOWS\system32\es.dll
[2005-03-09 14:19] - [2008-07-07 15:32] - 0253952 ____A (Microsoft Corporation) 60D1A6342238378BFB7545C81EE3606C

C:\WINDOWS\system32\cryptsvc.dll
[2005-03-09 14:19] - [2004-08-04 07:00] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B

C:\WINDOWS\system32\svchost.exe
[2005-03-09 14:20] - [2004-08-04 07:00] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

C:\WINDOWS\system32\rpcss.dll
[2005-03-09 14:20] - [2009-02-09 05:20] - 0399360 ____A (Microsoft Corporation) 01095FEBF33BEEA00C2A0730B9B3EC28

C:\WINDOWS\system32\services.exe
[2005-03-09 14:20] - [2009-02-06 12:14] - 0110592 ____A (Microsoft Corporation) 37561F8D4160D62DA86D24AE41FAE8DE


Extra List:
=======
AegisP(9) Gpc(6) NetBT(5) PSched(7) s24trans(8) Tcpip(3)
0x0D000000040000000100000002000000030000005A0000000A0000000B0000000C0000000500000006000000070000000800000009000000
Attention! IpSec Tag value is missing and it should be 4

**** End of log ****

___________________________________________________________________________________________________________-

MiniToolBox by Farbar
Ran by kristy (administrator) on 08-01-2012 at 20:40:27
Microsoft Windows XP Home Edition Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 4
Hosts file not detected in the default directory
========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Disconnected)
Intel® PRO/100 VE Network Connection = Local Area Connection (Media disconnected)
Intel® PRO/Wireless 2200BG Network Connection = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip



popd
# End of interface IP configuration


Windows IP ConfigurationAn internal error occurred: The request is not supported. Please contact Microsoft Product Support Services for further help.Additional information: Unable to query host name.Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.Unable to contact IP driver, error code 2,========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/08/2012 07:33:31 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (01/08/2012 03:21:41 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (01/08/2012 03:06:32 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (01/08/2012 02:31:22 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (01/08/2012 02:11:24 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (01/05/2012 08:35:38 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (01/03/2012 02:20:36 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (01/03/2012 00:12:23 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (01/03/2012 00:00:02 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (01/03/2012 10:52:50 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)


System errors:
=============
Error: (01/08/2012 08:40:31 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%1075

Error: (01/08/2012 08:40:31 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service depends on the following nonexistent service: IPSec

Error: (01/08/2012 08:40:30 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%1075

Error: (01/08/2012 08:40:30 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service depends on the following nonexistent service: IPSec

Error: (01/08/2012 08:40:30 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%1075

Error: (01/08/2012 08:40:30 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service depends on the following nonexistent service: IPSec

Error: (01/08/2012 08:40:30 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%1075

Error: (01/08/2012 08:40:30 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service depends on the following nonexistent service: IPSec

Error: (01/08/2012 08:40:30 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%1075

Error: (01/08/2012 08:40:30 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service depends on the following nonexistent service: IPSec


Microsoft Office Sessions:
=========================
Error: (01/08/2012 07:33:31 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (01/08/2012 03:21:41 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (01/08/2012 03:06:32 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (01/08/2012 02:31:22 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (01/08/2012 02:11:24 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (01/05/2012 08:35:38 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (01/03/2012 02:20:36 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (01/03/2012 00:12:23 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (01/03/2012 00:00:02 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (01/03/2012 10:52:50 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 7.1.4)
Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 10 ActiveX (Version: 10.0.32.18)
Adobe Flash Player 11 Plugin (Version: 11.0.1.152)
Adobe Reader X (10.1.0) (Version: 10.1.0)
BufferChm (Version: 140.0.212.000)
D110 (Version: 140.0.283.000)
Destinations (Version: 140.0.77.000)
DeviceDiscovery (Version: 140.0.212.000)
DVgate Plus
e-Sword (Version: 9.09.0001)
EMBARQ Help Online
EMBARQ Remote Control
English 3.0 (Version: 3.0)
ESET Online Scanner v3
EuroTalk Talk Now Multi-Language
GearDrvs (Version: 1.00.0000)
GPBaseService2 (Version: 140.0.211.000)
HDAUDIO SoftV92 Data Fax Modem with SmartCP
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Photo Creations (Version: 1.0.0.2024)
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 (Version: 14.0)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HP Update (Version: 5.002.002.002)
HPAppStudio (Version: 140.0.95.000)
HPProductAssistant (Version: 140.0.212.000)
Intel® Graphics Media Accelerator Driver for Mobile
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software
InterVideo WinDVD for VAIO (Version: 5.0-B11.731)
InterVideo WinDVDX
ISScript (Version: 3.00.185)
J2SE Runtime Environment 5.0 (Version: 1.5.0)
Java™ 6 Update 13 (Version: 6.0.130)
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
Math Success High School (Version: 4.0.07.03.23)
mCore (Version: 1.23.0000)
mDriver (Version: 1.23.0000)
Memory Stick Formatter
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Hotfix (KB886904)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft SQL Server Desktop Engine (VAIO_VEDB) (Version: 8.00.761)
Microsoft Streets and Trips 2001 (Version: 8.00.15.1000)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Word 2000 SR-1 (Version: 9.00.3821)
Microsoft Works 2001 Setup Launcher
Microsoft Works 6.0 (Version: 06.00.1829)
Microsoft Works Suite Add-in for Microsoft Word (Version: 2.0.0.0000)
mMHouse (Version: 1.23.0000)
Mozilla Firefox 8.0 (x86 en-US) (Version: 8.0)
mPfMgr (Version: 1.23.0000)
mProSafe (Version: 9.00.0000)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
mWlsSafe (Version: 9.00.0000)
mXML (Version: 1.23.0000)
Network (Version: 140.0.215.000)
NVIDIA Drivers
OpenMG Limited Patch 4.1-05-13-31-01
OpenMG Secure Module 4.1.00 (Version: 4.1.00.13261)
OpenOffice.org 3.2 (Version: 3.2.9502)
PS_AIO_07_D110_SW_Min (Version: 140.0.142.000)
QuickTime (Version: 7.70.80.34)
QuickTransfer (Version: 140.0.98.000)
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0 (Version: 1.0.0)
Scan (Version: 140.0.80.000)
Science 4.0 (Version: 4.0)
Setting Utility Series
SmartWebPrinting (Version: 140.0.186.000)
Social Studies 2.0 (Version: 2.0)
SolutionCenter (Version: 140.0.214.000)
Sony Certificate PCH
Sony USB Mouse
Sony Utilities DLL
Status (Version: 140.0.256.000)
Toolbox (Version: 140.0.428.000)
TrayApp (Version: 140.0.212.000)
VAIO Control Center
VAIO Entertainment Platform (Version: 1.3.00.14090)
VAIO Event Service (Version: 2.1.00.14030)
VAIO Launcher
VAIO Light Flo Wallpaper
VAIO Media 4.0
VAIO Media AC3 Decoder 1.0
VAIO Media Integrated Server 4.1
VAIO Media Redistribution 4.0
VAIO Media Registration Tool 4.0
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Motion SD Wide Contents
VAIO Power Management (Version: 1.6.01.14010)
VAIO Registration (Version: 13.0.3)
VAIO Survey Standalone (Version: 3.02)
VAIO TV Tuner Library 1.4
VAIO Update 2
VAIO Wireless Utility
VAIO Zone Remote Commander
VC 9.0 Runtime (Version: 1.0.0)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 140.0.212.017)
Windows Backup Utility (Version: 5.1)
Windows Imaging Component (Version: 3.0.0.0)
Windows Installer 3.1 (KB893803) (Version: 3.1)
Windows Media Format 11 runtime
Windows Media Player 11
Works Suite OS Pack (Version: 1.0.0.0000)
Works Synchronization (Version: 1.0.0.0000)
Yahoo! Messenger

========================= Memory info: ===================================

Percentage of memory in use: 59%
Total physical RAM: 502.42 MB
Available physical RAM: 201.59 MB
Total Pagefile: 1226 MB
Available Pagefile: 1003.79 MB
Total Virtual: 2047.88 MB
Available Virtual: 1977.49 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:69.52 GB) (Free:26.84 GB) NTFS
4 Drive f: () (Removable) (Total:0.48 GB) (Free:0.47 GB) FAT

========================= Users: ========================================

User accounts for \\A25BD8260D5F438

Administrator ASPNET Guest
HelpAssistant kristy SUPPORT_388945a0


**** End of log ****

______________________________________________________________________________________________________

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.02.04

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
kristy :: A25BD8260D5F438 [administrator]

1/2/2012 1:17:46 PM
mbam-log-2012-01-02 (13-17-46).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 252065
Time elapsed: 2 hour(s), 58 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
________________________________________________________________________________________

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-08 23:11:14
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 HITACHI_DK23FA-80 rev.00M3A0A2
Running: sxrytv70.exe; Driver: C:\DOCUME~1\kristy\LOCALS~1\Temp\fgadrfoc.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF866487E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF8664C10]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB18607$\1803363282 0 bytes
File C:\WINDOWS\$NtUninstallKB18607$\1803363282\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB18607$\1803363282\bckfg.tmp 863 bytes
File C:\WINDOWS\$NtUninstallKB18607$\1803363282\cfg.ini 207 bytes
File C:\WINDOWS\$NtUninstallKB18607$\1803363282\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB18607$\1803363282\keywords 211 bytes
File C:\WINDOWS\$NtUninstallKB18607$\1803363282\kwrd.dll 223744 bytes
File C:\WINDOWS\$NtUninstallKB18607$\1803363282\L 0 bytes
File C:\WINDOWS\$NtUninstallKB18607$\1803363282\L\gmjfyemo 74752 bytes
File C:\WINDOWS\$NtUninstallKB18607$\1803363282\lsflt7.ver 5176 bytes
File C:\WINDOWS\$NtUninstallKB18607$\1803363282\U 0 bytes
File C:\WINDOWS\$NtUninstallKB18607$\1803363282\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB18607$\1803363282\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB18607$\1803363282\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB18607$\1803363282\U\80000000.@ 11264 bytes
File C:\WINDOWS\$NtUninstallKB18607$\1803363282\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB18607$\1803363282\U\80000032.@ 77312 bytes
File C:\WINDOWS\$NtUninstallKB18607$\2117648929 0 bytes

---- EOF - GMER 1.0.15 ----

#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 36,388 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:55 AM

Posted 08 January 2012 - 11:47 PM

Good :)

Let's start with your internet connection.
Your ipsec.sys file is corrupted/infected.

We have to find healthy replacement.

Please run Farbar Service Scanner.
Type the following in the edit box after "Search:".

ipsec.sys

Click Search Files button and post the log (FSS.txt) it makes to your reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif




#14 ClipJo

ClipJo
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 09 January 2012 - 11:26 AM

Awesome!

Here are the results:

Farbar Service Scanner
Ran by kristy (administrator) on 09-01-2012 at 11:12:23
Microsoft Windows XP Service Pack 2 (X86)

************************************************
================== Search: "ipsec.sys" ===================

C:\WINDOWS\system32\drivers\ipsec.sys
[2005-03-09 14:19] - [2004-08-04 07:00] - 0074752 ____A () 57AF546CB483E950B21C51B38CFC7FD2

C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ipsec.sys
[2008-08-30 02:30] - [2008-04-13 14:19] - 0075264 ____A (Microsoft Corporation) 23C74D75E36E7158768DD63D92789A91

====== End Of Search ======

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 36,388 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:55 AM

Posted 09 January 2012 - 11:50 AM

Download following batch file: http://www.filedropper.com/fix_14
Restart computer in safe mode.
Double click on downloaded file to run the fix.
Confirm any prompt.

Restart in normal mode.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek.com/howto/windows-vista/create-a-restore-point-for-windows-vistas-system-restore/


Download XP.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
Unzip the file.
You'll find several files inside.
Double click on ipsec.reg file and confirm the prompt.

Restart computer, check on internet connection and post new FSS log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif







0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users