Resolved Problem with winsock

[osbornej21]

Hello, I am trying to fix my grandmothers CPU. With no luck so far. I have tried several things I have read on the internet post and nothing has worked so far. I was wondering if someone with more knowledge than I (pretty much everyone here), could give me some suggestions. I have added the Hijack file in the attachments...Thanks in advance!

 

[Bobbye]

The subject doesn't give us any information we can use. We don't 'screen' computers for problems with HijackThis.

If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HEREhttps://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/.

When you have finished, please leave the logs for us to review.

Edit: I took a look at the HJT log. What is happening on the system that caused you to give subject problem with Winsock? If you are getting error messages, we need to know what they are. We also need to know what made you decide to post in this forum rather than Windows OS?

 

[osbornej21]

8 Step done...

Okay, sorry about the earlier post. The IE will not connect to the internet. It gives a message about the Winsock catalog. The network manager says it is connected and the status shows activity, but from what I read this problem is not allowing IE to connect. Here are the log files I saved.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/12/2010 12:50:39 PM
mbam-log-2010-06-12 (12-50-39).txt

Scan type: Quick scan
Objects scanned: 112975
Time elapsed: 10 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-12 16:15:22
Windows 5.1.2600 Service Pack 3
Running: 28gdvq7r.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kgloiaow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateProcess [0xF798BCD6]
SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateProcessEx [0xF798BCF0]
SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateThread [0xF798AE8C]
SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwLoadDriver [0xF798B1BC]
SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwMapViewOfSection [0xF798ABCC]
SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwOpenSection [0xF798B5EE]
SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwRenameKey [0xF798C88C]
SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSetSystemInformation [0xF798B43E]
SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSuspendProcess [0xF798AA4C]
SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSuspendThread [0xF798AEC0]
SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSystemDebugControl [0xF798B042]
SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwTerminateProcess [0xF798A9A6]
SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwTerminateThread [0xF798AB06]
SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwWriteVirtualMemory [0xF798AF86]

Code fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) IoCreateDevice

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 440 804E2AAC 12 Bytes [4C, AA, 98, F7, C0, AE, 98, ...]
PAGE ntoskrnl.exe!IoCreateDevice + 3 8059FAD1 2 Bytes [0B, 77]

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\Tcp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\Udp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\RawIp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\IPMULTICAST fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 16:22:33.95 on Sat 06/12/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.547 [GMT -5:00]

AV: CenturyLink™ Online Security 9.01 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: CenturyLink™ Online Security 9.01 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\CenturyLink Online Security\Anti-Virus\fsgk32st.exe
C:\Program Files\CenturyLink Online Security\Common\FSMA32.EXE
C:\Program Files\CenturyLink Online Security\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\CenturyLink Online Security\Common\FSHDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\CenturyLink Online Security\FWES\Program\fsdfwd.exe
C:\Program Files\CenturyLink Online Security\Anti-Virus\fssm32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\CenturyLink Online Security\Common\FSM32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\CenturyLink Online Security\Anti-Virus\fsav32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
G:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.centurylink.net/
uSearch Bar = hxxp://home.peoplepc.com/search
uURLSearchHooks: MapQuest Toolbar Search Class: {2558d83c-097c-4cf1-9163-ce5ecc36ace2} - c:\program files\mapquest toolbar\mapquesttb.dll
uURLSearchHooks: H - No File
mURLSearchHooks: MapQuest Toolbar Search Class: {2558d83c-097c-4cf1-9163-ce5ecc36ace2} - c:\program files\mapquest toolbar\mapquesttb.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: ElnkPubBHO Class: {512acf1b-64d9-4928-b382-a80556f28db4} - c:\program files\common files\toolbar\ElnkPub.dll
BHO: Accelerator Plugin: {656ec4b7-072b-4698-b504-2a414c1f0037} - c:\progra~1\people~1\PRPL_I~1.DLL
BHO: CenturyLink Toolbar: {83453b9b-b889-4659-9144-20f081542bdc} - c:\program files\centurytoolbar\centurytoolbarDx.dll
BHO: ElnkProtectionBHO Class: {9579d574-d4d8-4335-9560-fe8641a013bd} - c:\program files\common files\toolbar\ProtctIE.dll
BHO: MapQuest Toolbar Loader: {bd3fd433-147a-482e-a192-614f26e2310c} - c:\program files\mapquest toolbar\mapquesttb.dll
BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\centurylink online security\nrs\iescript\baselitmus.dll
BHO: ElnkLegacyUninstBHO Class: {e713904c-df05-4c79-bbad-02db923253be} - c:\program files\common files\toolbar\uninsttb.dll
TB: MapQuest Toolbar: {9302e698-7e00-43ab-b867-c6e759bc2ada} - c:\program files\mapquest toolbar\mapquesttb.dll
TB: CenturyLink Toolbar: {83453b9b-b889-4659-9144-20f081542bdc} - c:\program files\centurytoolbar\centurytoolbarDx.dll
TB: EarthLink Toolbar: {c7768536-96f8-4001-b1a2-90ee21279187} - c:\program files\common files\toolbar\Toolbar.dll
TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\centurylink online security\nrs\iescript\baselitmus.dll
TB: {A8FB8EB3-183B-4598-924D-86F0E5E37085} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [F-Secure Manager] "c:\program files\centurylink online security\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\centurylink online security\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
IE: EarthLink Google Search - c:\program files\common files\toolbar\SearchUI.dll/search.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\4m0b1dny.default\
FF - component: c:\program files\centurylink online security\nrs\litmus-ff@f-secure.com\components\litmus-ff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2010-1-10 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2010-1-10 80000]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\centurylink online security\hips\drivers\fshs.sys [2010-1-10 68064]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\centurylink online security\anti-virus\fsgk32st.exe [2010-1-10 215648]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\centurylink online security\anti-virus\minifilter\fsgk.sys [2010-1-10 113864]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\centurylink online security\orsp client\fsorsp.exe [2010-1-10 55992]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);c:\windows\system32\drivers\adsfilter.sys --> c:\windows\system32\drivers\ADSFilter.sys [?]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\bw2ndis5.sys --> c:\windows\system32\drivers\BW2NDIS5.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\centurylink online security\anti-virus\win2k\fsfilter.sys [2010-1-10 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\centurylink online security\anti-virus\win2k\fsrec.sys [2010-1-10 25184]

=============== Created Last 30 ================

2010-06-12 17:38:52 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-06-12 17:38:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-12 17:38:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-12 17:38:30 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-12 17:38:29 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-12 03:39:58 0 d-----w- c:\program files\Trend Micro
2010-06-11 22:11:09 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-06-11 22:11:09 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-06-11 21:59:40 0 d-----w- c:\windows\system32\wbem\Repository
2010-06-01 18:16:08 0 d-----w- c:\docume~1\owner\applic~1\Registry Mechanic
2010-06-01 18:02:36 0 d-----w- c:\program files\Free Window Registry Repair
2010-06-01 17:51:54 0 d-----w- c:\program files\common files\PC Tools

==================== Find3M ====================

2007-07-06 18:43:31 515 ----a-w- c:\program files\common files\phonepref.txt
2009-04-29 20:04:55 16384 --sha-w- c:\windows\system32\config\systemprofile\cookies\index.dat
2009-04-29 20:04:55 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2009-04-29 20:04:45 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009042920090430\index.dat

============= FINISH: 16:23:13.87 =============

I hope I did this right...

 

[Bobbye]

It gives a message about the Winsock catalog.

Message?

There are several questionable drivers/Services that will need to be checked out. Also, I'm not familiar with the particulars of CenturyLink™ Online Security. It 'use to be' Embarque and Cen-Tel, has merged with Quest and is 'powered by F-Secure'- I'm not sure what that means. I tried to find a screenshot to compare with the following security program to see if it was the same, but there is none available.

In addition to that, F-Secure® Protection Service for Consumers™ is installed:

The common point in these 2 is F-Secure but it 'looks like' 2 different security suites. Checking the Event Errors given in DDS shows a problem with the security:
6/12/2010 12:25:16 PM
3 Event Error #7034, Source: Service Control Manager, Descriptions:
1.The F-Secure Management Agent service terminated unexpectedly.
2.The F-Secure Anti-Virus Firewall Daemon service terminated unexpectedly
3.The FSGKHS service terminated unexpectedly.((F-Secure Gatekeeper Handler Starter)

6/11/2010 6:01:25 PM,
Event Error #17, Source: W32Time, Desc:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
Follow Microsoft directions HERE.

6/11/2010 11:31:27 PM,
Error Event #7023, Source: Service Control Manager, Desc: The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: An address incompatible with the requested protocol was used.
Error Event #7023, Source: Service Control Manager, Desc: The IPSEC Services service terminated with the following error: The support for the specified socket type does not exist in this address family.

6/11/2010 10:48:55 PM,
Error Event #7023, Source: Service Control Manager, Desc: The IPSEC Services service terminated with the following error: The authentication service is unknown.(Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.)

Check the information HERE for help with IPSEC problems.

Before I go any further, I'd like you to check the security programs. You should have only one antivirus program, one software firewall. Multiple antimalware is okay. See what these program have- are they 2 security suites? IS the Windows firewall set in addition to the firewall in the suite?

I also note that multiple Restores have been done:
RP161: 4/25/2010 8:22:35 AM - Restore Operation
RP163: 4/26/2010 7:23:08 AM - Restore Operation
RP164: 5/4/2010 8:11:23 PM - Restore Operation
RP165: 5/4/2010 9:07:55 PM - Restore Operation
RP167: 6/1/2010 1:12:48 PM - Made by Regsofts>> this is a Registry cleaner
RP168: 6/11/2010 4:29:11 PM - Restore Operation

Please do not use the Registry cleaner or make any changes to the Registry. Don't use any other cleaning programs or scans while I'm helping you.

 

[osbornej21]

From what I see, one security program and no windows firewall is not active. The CenturyLink security is provided by her service provider.

 

[Bobbye]

Please run the following:



Please download ComboFix from Here and save to your Desktop.

• 
  [1]. Do NOT rename Combofix unless instructed.
  [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3].Close any open browsers.
  [4]. Double click combofix.exe & follow the prompts to run.
• NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
  [5]. If Combofix asks you to install Recovery Console, please allow it.
  [6]. If Combofix asks you to update the program, always allow.
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  [7]. A report will be generated after the scan. Please post the C:\ComboFix.txt in next reply.

Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note: Make sure you re-enable your security programs, when you're done with Combofix..

Run Eset NOD32 Online AntiVirus Scanner HERE

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the Active X control to install
• Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
• Click Start
• Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
• Click Scan
• Wait for the scan to finish
• Re-enable your Antivirus software.
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

Leave the logs in the next reply.

 

[osbornej21]

I had not ran the two programs you ask me to yet and it is working now. I have worked on this for several days now. Not sure what the deal is. I deactivated the security in preparation to run the program and just thought I would try the internet. It works now...

 

[Bobbye]

Are you indicating that you don't want to continue?

 

[osbornej21]

I uninstalled the centurylink and reinstalled and everything seems to be working fine now...I am open to anything else you think I might need to do though...

 

[Bobbye]

Sounds like there was a conflict from the security programs.

Removing all of the tools we used and the files and folders they created

• Uninstall ComboFix and all Backups of the files it deleted
• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  

• Download OTCleanIt by OldTimer and save it to your Desktop.
• Double click OTCleanIt.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

• You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
• Go to Start > All Programs > Accessories > System Tools
• Click "System Restore".
• Choose "Create a Restore Point" on the first screen then click "Next".
• Give the Restore Point a name> click "Create".
  
• Go back and follow the path to > System Tools.
  [*]Choose Disc Cleanup
  [*]Click "OK" to select the partition or drive you want.
  [*]Click the "More Options" Tab.
  [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

Empty the Recycle Bin

Let me know if I can be of more help. Thread being closed at your request.