Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Scanned Computer and Found ipsec.sys infected, no internet now.


  • Please log in to reply
2 replies to this topic

#1 loque0215

loque0215

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:28 PM

Posted 07 December 2011 - 07:54 AM

Ok, so lately i bought a new laptop and left my old desktop to rust in the corner, but recently ive had to stop using my laptop due to personal issues and im forced to go back to desktop that my family has being using, When i get on it its kind of slow and infected so i run a couple scans for things such as Malware, Virus, Spyware. And apparently the scan finds ipsec.sys infected and deleted it, so ignore the fact until the scan was over and i had to restart my pc for the fixes to take place, But now i can't connect to the internet, When i try try to repair my Local Area Connection i get "Windows could not finish the repairing the problem because the following actuion cannot be completed: Failed to query TCP/IP settings of the connection. Cannot proceed. For assistance, Contact the person who manages your network. My system restore for some reason wont work i guess the files were corrupted as well, I've search almost every corner of the net looking for a solution. Currently my friend lended my his laptop so i can try and fix this and i only day i will have computer access other than my connectionless desktop the laptop for a day. I don't have a XP setup Disk. The following list states what i have tried.
1. System Restore(Doesn't Work)
2. Scanned countlessly for malware.
3. Restore the ipsec.sys from the quarentine of my malware remover
4. Readded Netbt.
5. I've tried countless cmd commands recommended by people, such as ipconfig/release, ipconfig/renew
6. I've downloaded DllSuite It found around 130 Missing or Whatever it calls it files, but i don't have a license to fix the such.
7. Cleaned Registry with CCLeaner.
8. I've downloaded MiniToolBox and decided to make this thread and post it here with the log.

So all i really want is a quick solution to this or any solution at all, and after this matter is fixed, any tips on speeding this computer up such as Deleting any files, or programs reported on the log.
MinitoolBox Log-
MiniToolBox by Farbar
Ran by Administrator (administrator) on 07-12-2011 at 07:25:55
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



An internal error occurred: The request is not supported.



Please contact Microsoft Product Support Services for further help.



Additional information: Unable to query host name.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)
Microsoft Loopback Adapter = Local Area Connection 2 (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip



popd
# End of interface IP configuration




Windows IP Configuration



An internal error occurred: The request is not supported.



Please contact Microsoft Product Support Services for further help.



Additional information: Unable to query host name.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.

Unable to contact IP driver, error code 2,

========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 05 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/07/2011 06:30:33 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (12/06/2011 04:52:27 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (12/05/2011 07:00:58 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (12/05/2011 06:50:03 PM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 moongra88.exe, P2 1.0.0.0, P3 4d6de618, P4 system, P5 2.0.0.0, P6 4db9c770, P7 30d0, P8 e6, P9 clr20r30, P10 clr20r31.

Error: (12/05/2011 08:48:47 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (12/05/2011 08:39:13 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (12/05/2011 08:24:26 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (12/05/2011 08:20:01 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (12/05/2011 08:02:14 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (12/05/2011 07:29:19 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)


System errors:
=============
Error: (12/07/2011 06:38:08 AM) (Source: Service Control Manager) (User: )
Description: The SQL Server EXPRESS service terminated with the following error:
%%126

Error: (12/07/2011 06:37:58 AM) (Source: Service Control Manager) (User: )
Description: The SQL Server EXPRESS service terminated with the following error:
%%126

Error: (12/07/2011 06:37:48 AM) (Source: Service Control Manager) (User: )
Description: The SQL Server EXPRESS service terminated with the following error:
%%126

Error: (12/07/2011 06:37:37 AM) (Source: Service Control Manager) (User: )
Description: The SQL Server EXPRESS service terminated with the following error:
%%126

Error: (12/07/2011 06:37:27 AM) (Source: Service Control Manager) (User: )
Description: The SQL Server EXPRESS service terminated with the following error:
%%126

Error: (12/07/2011 06:37:17 AM) (Source: Service Control Manager) (User: )
Description: The SQL Server EXPRESS service terminated with the following error:
%%126

Error: (12/07/2011 06:37:07 AM) (Source: Service Control Manager) (User: )
Description: The SQL Server EXPRESS service terminated with the following error:
%%126

Error: (12/07/2011 06:36:57 AM) (Source: Service Control Manager) (User: )
Description: The SQL Server EXPRESS service terminated with the following error:
%%126

Error: (12/07/2011 06:36:47 AM) (Source: Service Control Manager) (User: )
Description: The SQL Server EXPRESS service terminated with the following error:
%%126

Error: (12/07/2011 06:36:37 AM) (Source: Service Control Manager) (User: )
Description: The SQL Server EXPRESS service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

µTorrent (Version: 3.0.0)
5600 (Version: 50.0.206.000)
5600_Help (Version: 50.0.206.000)
5600Trb (Version: 50.0.206.000)
Adobe Flash Player 10 ActiveX (Version: 10.3.181.34)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader X (10.1.0) (Version: 10.1.0)
AiO_Scan (Version: 50.0.206.000)
AiOSoftware (Version: 50.0.206.000)
Akamai NetSession Interface Service
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Auto Clicker v1.1 (Version: 1.1)
Barracuda Malware Removal Tool
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 53.0.13.000)
CCleaner (Version: 3.08)
CleanUp!
Conexant D850 56K V.9x DFVc Modem
CP_Package_Variety1 (Version: 53.0.13.000)
CP_Package_Variety2 (Version: 53.0.13.000)
CP_Package_Variety3 (Version: 53.0.13.000)
Creative WebCam Center
Creative WebCam Instant Driver (1.01.02.0729)
Creative WebCam Instant User's Guide (English)
CustomerResearchQFolder (Version: 1.00.0000)
Destinations (Version: 53.0.13.000)
DeviceManagementQFolder (Version: 1.00.0000)
DLL Suite 1.0
DocProc (Version: 5.2.0.0)
eSupportQFolder (Version: 1.00.0000)
Fax (Version: 50.0.206.000)
FlashGet 3.3 (Version: 3.3.0.1092)
FrostWire 5.1.4 (Version: 5.1.4.0)
Hotspot Shield 2.09 (Version: 2.09)
HP Extended Capabilities 5.3 (Version: 5.3)
HP Image Zone Express (Version: 1.5.1.29)
HP Imaging Device Functions 5.3 (Version: 5.3)
HP PSC & OfficeJet 5.3.B
HP Software Update (Version: 3.0.5.001)
HP Solution Center & Imaging Support Tools 5.3 (Version: 5.3)
HPProductAssistant (Version: 53.0.13.000)
Intel® Extreme Graphics 2 Driver (Version: 6.14.10.4396)
Intel® PRO Network Adapters and Drivers
iTunes (Version: 10.5.1.42)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
MarketResearch (Version: 53.0.13.000)
McAfee Agent (Version: 4.0.0.1496)
McAfee VirusScan Enterprise (Version: 8.7.0)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 8.0 (x86 en-US) (Version: 8.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NewCopy (Version: 50.0.206.000)
Pando Media Booster (Version: 2.3.6.0)
ProductContext (Version: 50.0.206.000)
QuickTime (Version: 7.71.80.42)
Readme (Version: 50.0.206.000)
Scan (Version: 5.2.0.0)
ScannerCopy (Version: 5.2.0.0)
Segoe UI (Version: 14.0.4327.805)
SolutionCenter (Version: 50.0.152.000)
SoundMAX (Version: 5.12.01.5246)
Status (Version: 53.0.13.000)
TrayApp (Version: 53.0.13.000)
Unload (Version: 5.0.0)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 53.0.13.000)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
WiseFixer 3.2 (Version: 3.2)
Yontoo Layers Runtime (Drop Down Deals) 1.10.01 (Version: 1.10.01)

========================= Memory info: ===================================

Percentage of memory in use: 44%
Total physical RAM: 509.98 MB
Available physical RAM: 285.27 MB
Total Pagefile: 1248.5 MB
Available Pagefile: 896.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1978.89 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.5 GB) (Free:37.93 GB) NTFS
3 Drive e: (MAJANIMEJIA) (Removable) (Total:1.86 GB) (Free:0.45 GB) FAT

========================= Users: ========================================

User accounts for \\MEJIA_FAMILY

Administrator Guest HelpAssistant
SUPPORT_388945a0

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

Edited by loque0215, 07 December 2011 - 08:27 AM.
Moved from XP to Am I Infected.


BC AdBot (Login to Remove)

 


#2 nhan4

nhan4

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:28 PM

Posted 01 January 2012 - 05:20 PM

I had the fake virus scanner 2012 malware crap, scanners picked it up, IPSEC.SYS was infected and deleted it, internet no longer worked.

Tried everything from sfcscan and such, this link fixed it,

http://jdsportsonline.com/computer/issues/ipsec-sys-got-deleted-lost-internet-connection-how-i-fixed-the-issue.html

It shows you how to remove the TCP/IP protocol and reinstalling it which will get you back you IPSEC.SYS files and reinstall other components that you need.

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,556 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:28 PM

Posted 01 January 2012 - 09:20 PM

This may be easier

Please run SFC (System File Checker)
Please run System File Checker sfc /scannow... For more information on this tool see How To Use Sfc.exe To Repair System Files

NOTE for Vista/WIN 7 users..The command needs to be run from an Elevated Command Prompt.Click Start, type cmd into the Start/Search box,
right-click cmd.exe in the list above and select 'Run as Administrator'


You will need your operating system CD handy.

Open Windows Task Manager....by pressing CTRL+SHIFT+ESC

Then click File.. then New Task(Run)

In the box that opens type sfc /scannow ......There is a space between c and /

Click OK
Let it run and insert the CD when asked.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users