Results 1 to 3 of 3

Thread: Windows Security Center continually disables and google redirects

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member
    Join Date
    Jun 2011
    Posts
    2

    Default Windows Security Center continually disables and google redirects

    Hi, sorry for not initially following the forum format. I'm looking for some help! I had a trojan/worm last month and took it to my school's ITS center (5 days before my masters thesis was due...). My computer is much better overall, but my taskbar always says Windows Security Center is disabled -- I went through Run: services.msc and made it automatic, but after about 30 seconds it turns off again.
    Also, almost every time I click a link from google, I get re-directed thru bywill.net to bing.com It's incredibly frustrating, and I know it means there is something lingering on my PC.
    I have run avast, ad-aware, SUPERanti-spyware, spybot SD, and malwarebyte almost daily over the last week, and don't seem to find anything substantial. What should I do?

    I think I followed the posting instructions. If there is anything else you need, please let me know!

    .
    DDS (Ver_2011-06-03.01) - NTFSx86
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_25
    Run by Owner at 21:58:54 on 2011-06-05
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2975.1049 [GMT -4:00]
    .
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\rundll32.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\ThreatFire\TFService.exe
    C:\Windows\system32\UI0Detect.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\ThreatFire\TFTray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Users\Julie Strohsahl\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\BigFix Enterprise\BES Client\BESClientUI.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\conhost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
    mRun: [UCam_Menu] "c:\program files\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\media\webcam" update "software\hewlett-packard\media\Webcam"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\users\julies~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\julie strohsahl\appdata\roaming\dropbox\bin\Dropbox.exe
    StartupFolder: c:\users\julies~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    StartupFolder: c:\users\julies~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
    DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
    DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/67.14/uploader2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{8599106D-57AE-4D64-B7D4-FE069238055A} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{8599106D-57AE-4D64-B7D4-FE069238055A}\16474777966696 : DhcpNameServer = 192.168.5.1
    TCP: Interfaces\{8599106D-57AE-4D64-B7D4-FE069238055A}\4586560235475746970274575637470275962756C6563737 : DhcpNameServer = 64.65.223.6 216.41.101.15 64.61.99.2
    TCP: Interfaces\{8599106D-57AE-4D64-B7D4-FE069238055A}\9516C656355636572756 : DhcpNameServer = 130.132.1.10 130.132.1.9 130.132.1.11
    TCP: Interfaces\{8599106D-57AE-4D64-B7D4-FE069238055A}\C6F627F6 : DhcpNameServer = 167.206.245.129 167.206.245.130
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\julie strohsahl\appdata\roaming\mozilla\firefox\profiles\cyw7vfr0.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - plugin: c:\program files (x86)\microsoft silverlight\npctrl.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\users\julie strohsahl\appdata\local\google\update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: c:\users\julie strohsahl\appdata\roaming\move networks\plugins\npqmp071706000001.dll
    FF - plugin: c:\users\julie strohsahl\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\julie strohsahl\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-5-27 64512]
    R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-5-20 51984]
    R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-5-20 69392]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-17 441176]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-17 307928]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe [2009-3-2 81920]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-17 19544]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-5-17 53592]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-17 42184]
    R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2010-7-16 26168]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-4-29 2151128]
    R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
    R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-10-9 493248]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-4-29 15232]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
    R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-5-20 33552]
    R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-5-11 39984]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-5-11 1153368]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2007-4-25 32256]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
    S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
    S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
    S3 rcmirror;rcmirror;c:\windows\system32\drivers\rcmirror.sys [2010-1-18 3200]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-25 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-1 1343400]
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2011-05-31 09:02:47 152576 ----a-w- c:\windows\system32\msclmd.dll
    2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-27 21:47:07 16432 ----a-w- c:\windows\system32\lsdelete.exe
    2011-05-27 01:00:39 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-05-27 00:46:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-05-23 04:07:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr
    2011-05-10 12:03:54 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-05-10 11:59:44 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-04-30 17:27:33 102400 --sha-r- c:\windows\system32\KBDMLT48L.dll
    2011-04-29 16:12:00 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2011-04-22 19:14:16 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2011-04-09 06:02:25 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-04-09 06:02:25 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-04-09 05:56:38 123904 ----a-w- c:\windows\system32\poqexec.exe
    2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
    2011-04-06 20:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-04-06 20:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
    2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2011-03-25 02:58:37 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2011-03-25 02:58:07 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
    2011-03-25 02:58:06 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2011-03-25 02:57:58 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2011-03-25 02:57:58 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2011-03-25 02:57:56 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2011-03-25 02:57:53 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
    2011-03-12 11:23:45 870912 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-03-11 05:39:05 148864 ----a-w- c:\windows\system32\drivers\storport.sys
    2011-03-11 05:39:00 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
    2011-03-11 05:39:00 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2011-03-11 05:39:00 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
    2011-03-11 05:38:51 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
    2011-03-11 05:38:37 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
    2011-03-11 05:38:37 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
    2011-03-11 05:33:59 1164288 ----a-w- c:\windows\system32\mfc42u.dll
    2011-03-11 05:33:59 1137664 ----a-w- c:\windows\system32\mfc42.dll
    2011-03-11 05:33:09 1699328 ----a-w- c:\windows\system32\esent.dll
    2011-03-11 05:31:07 74240 ----a-w- c:\windows\system32\fsutil.exe
    2011-03-08 05:28:29 741376 ----a-w- c:\windows\system32\inetcomm.dll
    .
    ============= FINISH: 22:06:51.57 ===============

  2. #2
    Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,300

    Default

    Hi,

    If help still needed post fresh dds logs, please.
    Microsoft Windows Insider MVP 2016-2018
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #3
    Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,300

    Default

    Due to inactivity, this thread will now be closed.

    Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

    If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.
    Microsoft Windows Insider MVP 2016-2018
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •