Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Security Centre Service not running


  • This topic is locked This topic is locked
9 replies to this topic

#1 sascha01

sascha01

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 25 July 2011 - 01:41 PM

Something keeps turning my Windows Security Centre Service off. I can re enable it via services.msc but after a minute or so it shows as off again (red cross on flag). I have run Kaspersky, SUPERAntiSpyware, Malwarebytes and a Microsoft safety scanner all report no issues found and yet something is turning the windows security centre off. I also find my webpages are redirected and see either goingonearth or webtimes.
Please help

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:19 PM

Posted 25 July 2011 - 01:48 PM

can you post the logs please?

#3 sascha01

sascha01
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 25 July 2011 - 02:44 PM

Malware logs:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7275

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

25/07/2011 20:42:35
mbam-log-2011-07-25 (20-42-35).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 379847
Time elapsed: 2 hour(s), 36 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:19 PM

Posted 28 July 2011 - 09:55 AM

And your Super Anti-Spyware logs?

#5 sascha01

sascha01
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 01 August 2011 - 12:25 PM

SUPER AntiSpyware logs:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/24/2011 at 07:19 PM

Application Version : 4.55.1000

Core Rules Database Version : 7452
Trace Rules Database Version: 5264

Scan type : Quick Scan
Total Scan Time : 01:00:26

Memory items scanned : 901
Memory threats detected : 0
Registry items scanned : 3119
Registry threats detected : 0
File items scanned : 24576
File threats detected : 2

Adware.Tracking Cookie
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revsci[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revsci[1].txt

#6 sascha01

sascha01
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 01 August 2011 - 12:31 PM

I keep regularly running MALWAREBYTES, SUPERAntiSpyware and McAfee, all say no spyware detected and yet windows security centre keeps stopping after a minute or so. I can restart it but it stops yet again.
If i search on firefox I am redirected to
http://www.thewebtimes.net/?n=1312217791
a blank page

#7 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:19 PM

Posted 01 August 2011 - 04:23 PM

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

#8 sascha01

sascha01
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 03 August 2011 - 05:40 AM

MiniToolBox by Farbar
Ran by Jim (administrator) on 03-08-2011 at 11:30:50
Windows 7 Home Premium (X64)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Jim_Kyles-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 00-22-5F-8B-6D-4B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : 802.11n Wireless PCI Express Card LAN Adapter
Physical Address. . . . . . . . . : 00-22-5F-8B-6D-4A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::715c:ee17:e966:2823%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.88(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 03 August 2011 09:25:21
Lease Expires . . . . . . . . . . : 04 August 2011 11:14:01
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 268444255
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-7E-95-4C-00-24-8C-7D-FA-BA
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-24-8C-7D-FA-BA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::6530:b04:5a:4159%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.67(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 03 August 2011 09:25:17
Lease Expires . . . . . . . . . . : 04 August 2011 11:14:02
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 251667596
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-7E-95-4C-00-24-8C-7D-FA-BA
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:2ca1:3d98:ae68:ca8e(Preferred)
Link-local IPv6 Address . . . . . : fe80::2ca1:3d98:ae68:ca8e%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{C0157FFA-9FB2-49D8-AE08-EB1EB12837F4}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: BThomehub.home
Address: 192.168.1.254

Name: google.com
Addresses: 209.85.146.105
209.85.146.147
209.85.146.99
209.85.146.106
209.85.146.104
209.85.146.103


Pinging google.com [209.85.146.105] with 32 bytes of data:
Reply from 209.85.146.105: bytes=32 time=37ms TTL=49
Reply from 209.85.146.105: bytes=32 time=37ms TTL=49

Ping statistics for 209.85.146.105:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 37ms, Maximum = 37ms, Average = 37ms
Server: BThomehub.home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.137.149.56
209.191.122.70
67.195.160.76
69.147.125.65
72.30.2.43


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=177ms TTL=47
Reply from 209.191.122.70: bytes=32 time=159ms TTL=46

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 159ms, Maximum = 177ms, Average = 168ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
14...00 22 5f 8b 6d 4b ......Microsoft Virtual WiFi Miniport Adapter
12...00 22 5f 8b 6d 4a ......802.11n Wireless PCI Express Card LAN Adapter
11...00 24 8c 7d fa ba ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.67 20
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.88 30
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.67 276
192.168.1.0 255.255.255.0 On-link 192.168.1.88 286
192.168.1.67 255.255.255.255 On-link 192.168.1.67 276
192.168.1.88 255.255.255.255 On-link 192.168.1.88 286
192.168.1.255 255.255.255.255 On-link 192.168.1.67 276
192.168.1.255 255.255.255.255 On-link 192.168.1.88 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.67 276
224.0.0.0 240.0.0.0 On-link 192.168.1.88 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.67 276
255.255.255.255 255.255.255.255 On-link 192.168.1.88 286
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:5ef5:79fd:2ca1:3d98:ae68:ca8e/128
On-link
11 276 fe80::/64 On-link
12 286 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::2ca1:3d98:ae68:ca8e/128
On-link
11 276 fe80::6530:b04:5a:4159/128
On-link
12 286 fe80::715c:ee17:e966:2823/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
13 306 ff00::/8 On-link
12 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

== End of log ==

#9 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:19 PM

Posted 03 August 2011 - 01:12 PM

Are you still getting redirects?

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:19 PM

Posted 03 August 2011 - 02:10 PM

I have moved (split away) your ComboFix log to the Virus, Trojan, Spyware, and Malware Removal Logs forum as they are not permitted in this forum.

Please go here, click on the Options button in the upper right corner of that thread and choose Track this topic. Subscribe to that topic to ensure you are notified when a helper replies.

Now that your log is posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Response Team member...nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the member assisting you and could complicate the malware removal process or make things worst which would extend the time it takes to clean your computer.

From this point on the Malware Response Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Response Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have posted your log and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the Malware Response Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Response Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users