Security center won't start

Status
Not open for further replies.
R

revird

Posts: 8   +0
Hi Folks, I hope someone can help me, my hijackthis log is attached...
Anyway, for the last few days my local network has not been able to connect to the net, the reason I have found is that my ICS is not working, I have read so many forum messages about this proplem, none have the identical probs I'm having, I have used services.msc to try and start my firewall and ICS, it does start for about 20 secs, then stopps again, during the 20secs my local network has access..
I really hope someone can help me,
 
In Add/Remove programs remove WinMX P2P downloader!

Tell me about your Virus scanner, doesn't look like you have one.

Run HJT Scan only and select to Fix the below (if you use AVG or Norton leave the BOLD items for the one you use)
O1 - Hosts: 65.75.216.6 www.winmx.com err.winmx.com
O1 - Hosts: 205.238.40.54 www.winmx.com err.winmx.com
O1 - Hosts: 65.75.216.6 cache0.winmx.com test3201.winmx.com test3206.winmx.com
O1 - Hosts: 65.75.216.7 cache1.winmx.com test3202.winmx.com test3207.winmx.com
O1 - Hosts: 82.43.229.238 cache2.winmx.com test3203.winmx.com test3208.winmx.com
O1 - Hosts: 205.238.40.1 cache3.winmx.com test3204.winmx.com
O1 - Hosts: 205.238.40.2 cache4.winmx.com test3205.winmx.com
O1 - Hosts: 65.75.216.6 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
O1 - Hosts: 82.43.229.238 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com
O1 - Hosts: 82.43.229.238 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
O1 - Hosts: 82.43.229.238 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com
O1 - Hosts: 82.43.229.238 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com
O1 - Hosts: 65.75.216.6 winmx-com.winmxgroup.com winmx-com-v30.winmxgroup.com
O1 - Hosts: 205.238.40.54 winmx-com.winmxgroup.com winmx-com-v30.winmxgroup.com
O1 - Hosts: 65.75.216.6 test0.winmxgroup.net test5.winmxgroup.net
O1 - Hosts: 65.75.216.7 test1.winmxgroup.net test6.winmxgroup.net
O1 - Hosts: 82.43.229.238 test2.winmxgroup.net
O1 - Hosts: 205.238.40.1 test3.winmxgroup.net
O1 - Hosts: 205.238.40.2 test4.winmxgroup.net
O1 - Hosts: 65.75.216.6 cache0.winmxgroup.com cache5.winmxgroup.com cache0.winmxgroup.net cache5.winmxgroup.net cache10.winmxgroup.net cache15.winmxgroup.net
O1 - Hosts: 65.75.216.7 cache1.winmxgroup.com cache6.winmxgroup.com cache1.winmxgroup.net cache6.winmxgroup.net cache11.winmxgroup.net cache16.winmxgroup.net
O1 - Hosts: 82.43.229.238 cache2.winmxgroup.com cache7.winmxgroup.com cache2.winmxgroup.net cache7.winmxgroup.net cache12.winmxgroup.net cache17.winmxgroup.net
O1 - Hosts: 205.238.40.1 cache3.winmxgroup.com cache8.winmxgroup.com cache3.winmxgroup.net cache8.winmxgroup.net cache13.winmxgroup.net cache18.winmxgroup.net
O1 - Hosts: 205.238.40.2 cache4.winmxgroup.com cache9.winmxgroup.com cache4.winmxgroup.net cache9.winmxgroup.net cache14.winmxgroup.net cache19.winmxgroup.net
O20 - AppInit_DLLs: C:\WINDOWS\system32\bdfdacde.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\

Then: Do the TechSpot 8 steps: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

Attach all logs! Run HJT again only after all the above is finished and do it last attach this new log!

Mike
 
I was running avg free, uninstalled it thinking that may be the problem, also uninstalled spybot, I do not see winmx in my add and remove programs list..

the 3 logs you requested are attached, thanks heaps...
 
Update the run MBAM again QuickScan, as it had finds and fixes on last run we need to confirm no more found and see a clean log.

Only after the above and log is posted do the below.

Download ComboFix

Get it here: https://www.techspot.com/downloads/5587-combofix.html
Or here: http://subs.geekstogo.com/ComboFix.exe

Double click combofix.exe follow the prompts.

Install Recovery Console if connected to the Internet!

When finished, it will open a log.
Attach the log and a new HJT log in your next reply.

Note: Do not click combofix's window while its running. That may cause it to stall.

Mike
 
Installed this combofix, my computer rebooted, now my security center and ICS is staying running.... not sure why tho... more logs attached...
 
Do the below in Normal Mode.

Left Drag mouse and Copy for Pasting all text in the box below.
Make sure the slider bar goes to bottom from the @ to the end of the second exit.
Then paste to the black screen of an open command prompt.
Code: 
@echo off

attrib -h -s -r /s c:\SKYNET*.*
del /f /q /s c:\SKYNET*.*

attrib -h -s -r /s c:\svkp*.*
del /f /q /s c:\svkp*.*

attrib -h -s -r /s c:\msdirectx*.*
del /f /q /s c:\msdirectx*.*

attrib -h -s -r /s c:\xz.bat
del /f /q /s c:\xz.bat

attrib -h -s -r /s lockx*.*
del /f /q /s c:\lockx*.*

exit
exit

Then Boot to Safe Mode and do it again.

Next still in Safe mode rename ComboFix to 1cfix and run 1cfix

Attach both the 1cfix log and a new HJT log.

Mike
 
Just got home from work, 24 hours later and all is running properly...

None of those files exist on my system, what does it do?

thankyou for your help
 
Specific commands to delete some of the Malware that you had.

ComboFix found more so we need to confirm it is clean so rename ComboFix to 1cfix and run 1cfix and post the log.

Then
Run HJT and select and Fix the below.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

Last after all above post final HJT log!

So Security center is running now?

Do a full Virus scan with your virus scanner.

Mike
 
combofix log and hijackthis logs attached

Downloading virus software right now, will scan when finished...

Yes Security Centre is running fine, along with Connection Sharing..
 
Hmmm!

Second run of ComboFix had some of same findings.

Better do this..

DrWeb

Go here Download DrWeb https://www.techspot.com/vb/post724044-3.html

Then....

Boot to Safe Mode only! Not with Networking and run...

DrWeb will fisrt do an Express Scan on its own when it completes then you should do a full scan.

The first Virus it finds select Cure and it will use this as the default automatically for all the rest. What it can't fix will be Quarantined!

This will take a while based on CPU and HD speed and size, but is worth it!

Mike
 
Mike, suggest you check this one out:

O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
This is an illegal software crack used to bypass copy protection for Windows.

This does not show in the first HijackThis log. But does show in first Mbam log as:
C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> Delete on reboot.

It shows on Combofix report dated 6/23/09: 13:40.2 (Reply #10)
2009-06-21 09:15 . 2008-04-11 08:29 60416 ----a-w- c:\windows\system32\antiwpa.dll

It shows in HJ log for 6/23/09 2:00:57 PM
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll

Suggest full system scan with new antivirus and possibly online AV scan and online spyware scan. to determine source of this Trojan and file.

Maybe run LSP Fix?
 
Thanks mike, I know all about "Antiwpa" it didnt show in the first HijackThis log because the malaware program deleted it, I found it had been deleted on my next reboot, and I installed it again, hence the reappearance of Antiwpa.

AVG Free installed again and running....

All systems/programs are doing what they are supposed to do, I thank you very much..
 
For the record, Mike did not tell you about and document the occurrence of "Antiwpa"- I did.

I went back and re-read all the logs to track it.

I made a subtle comment to try and bring it to his attention, which failed. But if you saw it and acted on it, that's what matters.

You're welcome.
 
Sorry revird

I have been away out of office trying to make a living and not getting in until late exhausted.

And still will not be available until tonight!
I made a subtle comment to try and bring it to his attention, which failed. But if you saw it and acted on it, that's what matters.
Click to expand...
No Bobby it was not subtle nor did I see it till now,and ignore it as I am doing now! Knew what is was, knew it was a false positive so had no intention of removing it!

Mike
 
Status
Not open for further replies.

Similar threads

hdeveci
Sound comes 1 sec delayed in the beginnig
Replies
2
Views
137
hdeveci
hdeveci
IkariQuit
How to Enable XMP InsydeH20 Bios for Ram Upgrade
Replies
0
Views
463
IkariQuit
IkariQuit
labipze
HPE BladeSystem c7000 Enclosure trouble with internet configuration (DHCP lookup failed)
Replies
0
Views
390
labipze
labipze

Latest posts

Back