Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Windows Security Center can't be started because of virus/malware


23 Jan 2013   #1

Windows 7 Ultimate, 32bit
 
 
Windows Security Center can't be started because of virus/malware

Hi!
I can turn on windows security service centre with the instrcutions to run it from the start menu, but after I put it to automatic and press start it turns off after a few seconds. I am quite sure that it is some kind of virus/malware, but I have no idea how to remove it.
I have downloaded and run the program called "Malwarebytes Anti-Malware" and it found 5 malwares/viruses that I removed with this program. I runned the program again just to make sure, and it didn't find anything dangerous.
But even so Windows Security Center can still not be started!
Do you have any suggestions to solve my problem?
Thank you!

My System SpecsSystem Spec
.

23 Jan 2013   #2

Win7 Ultimate X64
 
 

If you think you have something going on you can always try an offline scan, something like
Windows Defender Offline
My System SpecsSystem Spec
23 Jan 2013   #3

Windows 7 Home Premium
 
 

Crumble,

Let's find out what is going on with your system...

Please download RogueKiller:
Tlcharger RogueKiller (Site Officiel)

When you get to the website, go to where it says:
(Download link) Lien de téléchargement:
Select the 32-bit version.
Click the dark-blue button to download.

Save to the Desktop
Close all windows and browsers
Windows Vista/Seven: Right-click and select 'Run as Administrator'
Press: SCAN
A report opens on the Desktop: RKreport.txt
Please provide the RKreport.txt (Mode: Scan) in your reply.




Also, download Farbar Service Scanner

Save to the Desktop
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press: Scan
  • FSS creates a log, FSS.txt, on the Desktop.
Please provide the FSS.txt in your reply.
My System SpecsSystem Spec
.


23 Jan 2013   #4

Windows 7 Ultimate, 32bit
 
 

Thank you for helping me out here!

Here is the report I got after running the RogueKiller scan:

RogueKiller V8.4.3 [Jan 21 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : RogueKiller - Geeks to Go Forums
Website : RogueKiller
Blog : tigzy-RK

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : siri1802 [Admin rights]
Mode : Scan -- Date : 01/24/2013 04:13:17

€€€ Bad processes : 0 €€€

€€€ Registry Entries : 2 €€€
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

€€€ Particular Files / Folders: €€€

€€€ Driver : [LOADED] €€€

€€€ HOSTS File: €€€
--> C:\Windows\system32\drivers\etc\hosts



€€€ MBR Check: €€€

+++++ PhysicalDrive0: FUJITSU MHZ2080BJ FFS G2 ATA Device +++++
--- User ---
[MBR] 65936f1430c7b11b5f9723c5b10973f0
[BSP] aa2d03578b2fca6564e1955bb09e214e : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 300 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 616448 | Size: 76017 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_01242013_02d0413.txt >>
RKreport[1]_S_01242013_02d0413.txt


And here is the log from the Farbar Service Scanner:

Farbar Service Scanner Version: 16-01-2013
Ran by siri1802 (administrator) on 24-01-2013 at 04:18:07
Running from "C:\Users\siri1802\Downloads"
Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
My System SpecsSystem Spec
23 Jan 2013   #5

Windows 7 Home Premium
 
 

Thanks for the info, Crumble.

Please post an image of the Security Center Service information of your system.

To see the service, press the Windows key and the R key simultaneously.
In the Run box that appears, type: services.msc
In the Services window, go down to: Security Center
Double click on it to bring up its Properties.

To take a snapshot of it, here is what you do:
Hold the 'Alt' key and press the 'Print Screen' key (often just labeled 'Prt Sc') on the keyboard.

Open an image editing application such as the MS Paint program under Start > Accessories
Paste the captured image into MS Paint.
In MS Paint, go to File > Save as, and save the image as a (.GIF) file on your Desktop (easy to find)

Next:
Connect to the Internet, and go to Photobucket:
Photo and image hosting, free photo galleries, photo editing | Photobucket
Once there, create a free account.
Click 'Browse' and search for the file located on your Desktop.
Click Upload.
After uploading, place the cursor on the image. Four different link options show underneath the uploaded image.
Click on: IMG code (This line is used for using your image in a forum post.
It makes the image appear full size in your reply.)
The IMG code is pasted to the clipboard
In your next post, right click on an open area, and select: Paste

After taking a look at this, we will also check on a Registry key that may have gone astray.
My System SpecsSystem Spec
24 Jan 2013   #6

Windows 7 Ultimate, 32bit
 
 

Love how you explain everything so thouroughly as I am not a computer genius
Here comes the image:



I don't know if you can get anything out of it as it is not in English, but as you can see the Security Center is deactivated and it is not possible to press start...
My System SpecsSystem Spec
24 Jan 2013   #7

Windows 7 Home Premium
 
 

Norwegian??

Do you get any kind of error messages when you try to turn it on?

Also, what is your current AntiVirus?



Let's check the Registry...

Please download SystemLook:
http://jpshortstuff.247fixes.com/SystemLook.exe

Save to your Desktop.
Right-click SystemLook.exe, and select: Run as Administrator

Copy all the content inside the following codebox into the main textfield of the program:
Code:
 
:filefind
wscsvc
 
:regfind
wscsvc
Click the Look button to start the scan.

When finished, a notepad window opens with the results of the scan: SystemLook.txt

Please post SystemLook.txt in your next reply.
My System SpecsSystem Spec
24 Jan 2013   #8

Windows 7 Ultimate x64 SP1
 
 

Try downloading Malwarebytes. It is free (except if you want real time protection) and almost every time gets rid of the tough ones.
It's what tech support from several well known AV companies recommend when you cannot install due to MW or virus infection.

Hope this helps.

Cheers!
My System SpecsSystem Spec
24 Jan 2013   #9

Windows 7 Ultimate, 32bit
 
 

cottonball, how did you know the text was in Norwegian? haha

I don't get any kind of error messages, the only thing that happens is that a pop-up window comes up and tells me to activate the Security Center because it has been deactivated. This happens maybe 5 sec after I have turned it on...

When it comes to AntiVirus I have the free version of Malwarebytes Anti-Malware, but the trial has expired, and I think my computer is unprotected as I have no other AntiViruses than the Microsoft Security Center (that has somehow collapsed.. haha).

Here are the results of the scan:

SystemLook 30.07.11 by jpshortstuff
Log created at 08:53 on 24/01/2013 by siri1802
Administrator - Elevation successful

No Context:

========== filefind ==========

Searching for "wscsvc"
No files found.

Searching for " "
No files found.

========== regfind ==========

Searching for "wscsvc"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\14C\A5B61011]
"@%SystemRoot%\System32\wscsvc.dll,-201"="WSCSVC-tjenesten (Windows Security Center) overvåker og rapporterer innstillinger for sikkerhetstilstand på datamaskinen. Tilstandsinnstillingene omfatter brannmur (aktivert/deaktivert), antivirusprogram (aktivert/deaktivert/utdatert), antispionprogram (aktivert/deaktivert/utdatert), Windows Update (automatisk/manuell nedlasting og installer oppdateringer), brukerkontokontroll (aktivert/deaktivert) og Internett-innstillinger (anbefales / anbefales ikke). Tjenesten har COM APIer der uavhengige programvareleverandører kan registrere og føre opp statusen til produktene i tjenesten Sikkerhetssenter. Brukergrensesnittet til Handlingssenter bruker tjenesten til å gi varsler for systemstatusfeltet samt en grafisk fremstilling av statusen for sikkerhetstilstanden på kontrollpanelet for Handlingssenter. Beskyttelse av nettverkstilgang (NAP - Network Access Protection) bruker tjenesten til å rapportere s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
"LocalServiceNetworkRestricted"="DHCP eventlog AudioSrv BthHFSrv LmHosts wscsvc homegroupprovider WPCSvc"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\SecurityCenter]
"EventMessageFile"="%SystemRoot%\System32\wscsvc.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\RestrictedSe rvices\Static\System]
"WSC Deny All Inbound"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=WscSvc|Name=Deny all inbound traffic to WSC|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\RestrictedSe rvices\Static\System]
"WSC Deny All Outbound"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=WscSvc|Name=Deny all outbound traffic from WSC|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc]
"Description"="@%SystemRoot%\System32\wscsvc.dll,-201"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Parameters]
"ServiceDll"="%SystemRoot%\System32\wscsvc.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\SecurityCenter]
"EventMessageFile"="%SystemRoot%\System32\wscsvc.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\RestrictedSe rvices\Static\System]
"WSC Deny All Inbound"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=WscSvc|Name=Deny all inbound traffic to WSC|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\RestrictedSe rvices\Static\System]
"WSC Deny All Outbound"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=WscSvc|Name=Deny all outbound traffic from WSC|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\wscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\wscsvc]
"DisplayName"="@%SystemRoot%\System32\wscsvc.dll,-200"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\wscsvc]
"Description"="@%SystemRoot%\System32\wscsvc.dll,-201"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\wscsvc\Parameters]
"ServiceDll"="%SystemRoot%\System32\wscsvc.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\SecurityCenter]
"EventMessageFile"="%SystemRoot%\System32\wscsvc.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\Restrict edServices\Static\System]
"WSC Deny All Inbound"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=WscSvc|Name=Deny all inbound traffic to WSC|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\Restrict edServices\Static\System]
"WSC Deny All Outbound"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=WscSvc|Name=Deny all outbound traffic from WSC|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc]
"Description"="@%SystemRoot%\System32\wscsvc.dll,-201"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Parameters]
"ServiceDll"="%SystemRoot%\System32\wscsvc.dll"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\14C\A5B61011]
"@%SystemRoot%\System32\wscsvc.dll,-200"="Security Center"
[HKEY_USERS\S-1-5-21-4278792135-2590523476-2833556063-1002\Software\Classes\Local Settings\MuiCache\14C\A5B61011]
"@%SystemRoot%\System32\wscsvc.dll,-201"="WSCSVC-tjenesten (Windows Security Center) overvåker og rapporterer innstillinger for sikkerhetstilstand på datamaskinen. Tilstandsinnstillingene omfatter brannmur (aktivert/deaktivert), antivirusprogram (aktivert/deaktivert/utdatert), antispionprogram (aktivert/deaktivert/utdatert), Windows Update (automatisk/manuell nedlasting og installer oppdateringer), brukerkontokontroll (aktivert/deaktivert) og Internett-innstillinger (anbefales / anbefales ikke). Tjenesten har COM APIer der uavhengige programvareleverandører kan registrere og føre opp statusen til produktene i tjenesten Sikkerhetssenter. Brukergrensesnittet til Handlingssenter bruker tjenesten til å gi varsler for systemstatusfeltet samt en grafisk fremstilling av statusen for sikkerhetstilstanden på kontrollpanelet for Handlingssenter. Beskyttelse av nettverkstilgang (NAP - Network Access Protect
[HKEY_USERS\S-1-5-21-4278792135-2590523476-2833556063-1002_Classes\Local Settings\MuiCache\14C\A5B61011]
"@%SystemRoot%\System32\wscsvc.dll,-201"="WSCSVC-tjenesten (Windows Security Center) overvåker og rapporterer innstillinger for sikkerhetstilstand på datamaskinen. Tilstandsinnstillingene omfatter brannmur (aktivert/deaktivert), antivirusprogram (aktivert/deaktivert/utdatert), antispionprogram (aktivert/deaktivert/utdatert), Windows Update (automatisk/manuell nedlasting og installer oppdateringer), brukerkontokontroll (aktivert/deaktivert) og Internett-innstillinger (anbefales / anbefales ikke). Tjenesten har COM APIer der uavhengige programvareleverandører kan registrere og føre opp statusen til produktene i tjenesten Sikkerhetssenter. Brukergrensesnittet til Handlingssenter bruker tjenesten til å gi varsler for systemstatusfeltet samt en grafisk fremstilling av statusen for sikkerhetstilstanden på kontrollpanelet for Handlingssenter. Beskyttelse av nettverkstilgang (NAP - Network Access Protection) bruk
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\14C\A5B61011]
"@%SystemRoot%\System32\wscsvc.dll,-200"="Security Center"

-= EOF =-


oops, some of it is in Norwegian too hehe
My System SpecsSystem Spec
24 Jan 2013   #10

Windows 7 Ultimate, 32bit
 
 

Oh! And I forgot to mention that the RogueKiller program found something - should I delete it? I didn't want to do anything before I had asked you in case I was doing something wrong. I have attached an image that shows what it found. Just waiting for your instructions

My System SpecsSystem Spec
Reply

 Windows Security Center can't be started because of virus/malware




Thread Tools



Similar help and support threads for2: Windows Security Center can't be started because of virus/malware
Thread Forum
The Windows Security Center Can't be Started. Help! System Security
The windows 7 security center can't be started System Security
Windows Security Center service cannot be started System Security
Solved Windows Security Center service can't be started. General Discussion
Solved the windows security center service can't be started System Security
Solved windows security center service can't be started System Security
Solved The Windows Security Center service can't be started. System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 07:43 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33