Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Windows Security Center can't be started because of virus/malware


27 Jan 2013   #31

Windows 7 Ultimate, 32bit
 
 

Ok here is the result:

Farbar Service Scanner Version: 16-01-2013
Ran by siri1802 (administrator) on 28-01-2013 at 04:33:56
Running from "C:\Users\siri1802\Downloads"
Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****


It's still not possible to open Security Center, and I don't any kinds of errors or notices other than "Please turn on Security Center as it has been deactivated."


My System SpecsSystem Spec
.

27 Jan 2013   #32

Windows 7 Ultimate, 32bit
 
 

I ran Windows Repair, and then FSS after restarting my computer:

Farbar Service Scanner Version: 16-01-2013
Ran by siri1802 (administrator) on 28-01-2013 at 04:53:43
Running from "C:\Users\siri1802\Downloads"
Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\Windows\system32\wuaueng.dll".


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
My System SpecsSystem Spec
28 Jan 2013   #33

Windows 7 Home Premium
 
 

Glad you did not go MIA!


As a rule of thumb, first, get rid of the malware, then, do the repairs.

Although the programs you already ran are coming up clean, malware could still be lurking somewhere, particularly if it is a Rootkit.

So, letís fall back, regroup, and take a look before Windows startsÖ


Need some info from you:
Do you have the Repair your computer option in the Advanced Boot Options menu?

To find out:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Boot Options menu appears.
Is the Repair your computer option listed?

If you do not have the option, do you have your Windows installation CD/DVD available?

And last, do you have a USB flash drive available, and access to another computer?
 


Also, letís check the Security status with the following:

Download Security Check:
http://screen317.spywareinfoforum.org/
Save to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside the black box.

When done, a Notepad report opens automatically, called: checkup.txt

Please post its contents in your reply.

Note:
SecurityCheck may produce some false warning(s). Please do not take any corrective actions!


Signing off for tonight @ 11:42PM CST 27Jan2013
My System SpecsSystem Spec
.


28 Jan 2013   #34

Windows 7 Ultimate, 32bit
 
 

Yeah, just had a lot to do this weekend, but I'm back now

Luckily I've got the Repair your computer option, because I don't have access to my Windows installation CD at the moment. I have a USB flash drive but only access to one computer I'm afraid.

Here is the result from the SecurityCheck

Results of screen317's Security Check version 0.99.57
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware versjon 1.70.0.1100
Java(TM) 6 Update 35
Java 7 Update 11
Adobe Flash Player 11.5.502.146
Mozilla Firefox (18.0.1)
Google Chrome 24.0.1312.52
Google Chrome 24.0.1312.56
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
My System SpecsSystem Spec
28 Jan 2013   #35

32 bit
 
 

Hi,

The infected files that disables security center are

c:\windows\Tasks\IKOPXBS.job
c:\windows\system32\deskperfm.dll

I have given you both the answer.Now delete files using one of the tools you have used.
My System SpecsSystem Spec
28 Jan 2013   #36

Windows 7 Home Premium
 
 

@shawn77,

Thank you for the suggestion.

c:\windows\system32\deskperf.dll is normally associated with: Advanced Display performance properties. (Corrected name of .dll)

@Crumble,

Please submit the following for analysis to VirusTotal:
http://www.virustotal.com/

c:\windows\Tasks\IKOPXBS.job
c:\windows\system32\deskperfm.dll

Use the Browse button to navigate to the location of each file.
Send the file, and wait for the results.

If you get a message saying: 'File has already been analyzed', click: Reanalyze file now

When done, please provide the address to the results page in your reply.
My System SpecsSystem Spec
28 Jan 2013   #37

32 bit
 
 

Are you sure cottonball?

I thought deskperf.dll was responsible and not deskperfm.dll :P

Just joking.This is one type of redirect DLLs that in first look seems to be a legitimate one but differs from legitimate DLLs by a single letter.
My System SpecsSystem Spec
28 Jan 2013   #38

Windows 7 Home Premium
 
 

@shawn77,

You are correct.

C:\Windows\System32\deskperf.dll is normally associated with: Advanced Display performance properties. (Corrected name of .dll in post above)

Thanks for bringing that to our attention.
My System SpecsSystem Spec
28 Jan 2013   #39

Windows 7 Ultimate, 32bit
 
 

Thanks to both of you This is really helpful!
I've got one problem though - I am not able to submit the c:\windows\Tasks\IKOPXBS.job file for analysis; my computer says that I am not allowed to open the file and that I have to ask the owner of the file or the administrator, which is weird as I AM the administrator...hmm

And regarding the other file; I couldn't find it. I only found the file called c:\windows\system32\deskperf.dll (without the m in the end). So I just analysed it to make sure. Here's the result:

https://www.virustotal.com/file/f1ee...is/1359429020/
My System SpecsSystem Spec
28 Jan 2013   #40

Windows 7 Home Premium
 
 

Let's do the following:

1. Open Notepad ('Start' > 'R', type: notepad Click: OK)

2. Copy/paste the text inside the code box below to it:

Code:
File::
c:\windows\Tasks\IKOPXBS.job
c:\windows\system32\deskperfm.dll
3. In Notepad:
Click File > Save as..., and save to the Desktop
In the File Name box, type: CFScript.txt
Click: Save

4. Close all open windows so that you are at the Desktop.

5. Referring to the picture below, using your mouse (left button), ...drag... CFScript.txt and drop over the ComboFix.exe file on your Desktop



6. Do not mouse-click the ComboFix window while it is running. It may cause CF to stall.

7. When finished, the log produced is located at C:\ComboFix.txt

Please post the new ComboFix.txt in your reply.

Also, give Security Center another check, and set it to: Automatic (Delayed Start)
Press: Start

Tell us how it goes.
My System SpecsSystem Spec
Reply

 Windows Security Center can't be started because of virus/malware




Thread Tools



Similar help and support threads for2: Windows Security Center can't be started because of virus/malware
Thread Forum
The Windows Security Center Can't be Started. Help! System Security
The windows 7 security center can't be started System Security
Windows Security Center service cannot be started System Security
Solved Windows Security Center service can't be started. General Discussion
Solved the windows security center service can't be started System Security
Solved windows security center service can't be started System Security
Solved The Windows Security Center service can't be started. System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 03:06 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33