Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Windows Defender nowhere to be found and will not start

01 Jul 2013   #21
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

RogueKiller for 32bit or RogueKiller for 64bit

Click on one of the links above that goes with your Windows 7 bit versions

Save to the Desktop.

Close all windows and browsers

Right click on and choose Run as Administrator

Press: SCAN

provide the RKreport.txt (Mode: Scan) in your reply.


My System SpecsSystem Spec
.
01 Jul 2013   #22
dexterrules4

Windows 7 Home Premium
 
 
Rogue Killer report

RogueKiller V8.6.1 _x64_ [Jun 29 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : hxxp://www.adlice.com/forum/
Website : hxxp://www.adlice.com/softwares/roguekiller/
Blog : tigzy-RK

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : alireep [Admin rights]
Mode : Scan -- Date : 07/01/2013 19:22:35
| ARK || FAK || MBR |

Bad processes : 0

Registry Entries : 10
[RUN][SUSP PATH] HKCU\[...]\Run : AmazonMP3DownloaderHelper (C:\Users\alireep\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [7]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-4217943154-2574403412-3452344980-1001\[...]\Run : AmazonMP3DownloaderHelper (C:\Users\alireep\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [7]) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[SHELLSPWN] HKCU\[...]\command : ("C:\Users\alireep\AppData\Local\qwl.exe" -a "%1" %*) -> FOUND
[SHELLSPWN] HKCR\[...]\command : ("C:\Users\alireep\AppData\Local\qwl.exe" -a "%1" %*) -> FOUND
[SHELLSPWN] HKUS\S-1-5-21-4217943154-2574403412-3452344980-1001\[...]\command : ("C:\Users\alireep\AppData\Local\qwl.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKCR\[...]\.exe : (sC) -> FOUND
[FILEASSO] HKCU\[...]\.exe : (sC) -> FOUND
[FILEASSO] HKUS\S-1-5-21-4217943154-2574403412-3452344980-1001\[...]\.exe : (sC) -> FOUND

Scheduled tasks : 0

Startup Entries : 0

Web browsers : 0

Particular Files / Folders:

Driver : [NOT LOADED 0x0]

External Hives:

Infection :

HOSTS File:
--> %SystemRoot%\System32\drivers\etc\hosts




MBR Check:

+++++ PhysicalDrive0: WDC WD3200BEVT-22ZCT0 +++++
--- User ---
[MBR] 8d15ff1cb0cee65668c16e6bdc48690c
[BSP] 7cffa2bbebcd5bf713a9ff9b748eb9d5 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24578048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24782848 | Size: 293143 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_07012013_192235.txt >>
My System SpecsSystem Spec
01 Jul 2013   #23
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Run RogueKiller again and click on Delete
My System SpecsSystem Spec
.

01 Jul 2013   #24
dexterrules4

Windows 7 Home Premium
 
 

Quote   Quote: Originally Posted by VistaKing View Post
Run RogueKiller again and click on Delete
Ran and then hit delete Now what?
My System SpecsSystem Spec
01 Jul 2013   #25
dexterrules4

Windows 7 Home Premium
 
 

I also ran Kaspersky TDSSKiller no threats found.
My System SpecsSystem Spec
01 Jul 2013   #26
dexterrules4

Windows 7 Home Premium
 
 

Ran Malwarebytes and deleted all threats..34 found here is log:
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
Malwarebytes : Free anti-malware download

Database version: v2013.07.01.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
alireep :: ALIREEP-PC [administrator]

Protection: Enabled

7/1/2013 7:57:17 PM
mbam-log-2013-07-01 (19-57-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217810
Time elapsed: 10 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCR\AH (Rogue.MultipleAV) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ArcadeWeb (Adware.ArcadeWeb) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCR\ah|Content Type (Rogue.MultipleAV) -> Data: application/x-msdownload -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 18
C:\Program Files (x86)\RelevantKnowledge (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\firefox (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\firefox\defaults (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\firefox\defaults\preferences (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\firefox\locale (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-kit (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-kit\data (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-kit\lib (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\data (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\content (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs\data (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs\data\.idea (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs\data\.idea\scopes (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs\lib (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.

Files Detected: 12
C:\Program Files (x86)\RelevantKnowledge\install.rdf (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\nscf.dat (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\rlcm.txt (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\rloci.bin (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\shfscp.dat (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\firefox\harness-options.json (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\firefox\install.rdf (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\firefox\locales.json (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\firefox\locale\en-GB.json (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\firefox\locale\eo.json (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\firefox\locale\fr-FR.json (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\data\test-trusted-document.html (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.

(end)
My System SpecsSystem Spec
01 Jul 2013   #27
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Rerun FSS.exe again delete the old FSS.txt file first .
My System SpecsSystem Spec
01 Jul 2013   #28
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

If I may. Malwarebytes Anti Malware was run in post #2. I don't understand how it just found all these infection in post #26.
Where did all these things come from between post #2 and post #26?

From post #2

Also install and run Malwarebytes Antimalware.

http://www.malwarebytes.org/
My System SpecsSystem Spec
01 Jul 2013   #29
cottonball

Windows 7 Home Premium
 
 

dexterrules4,

Let's see if we can find out what is going on with Windows Defender...

Please download SystemLook for 64-bit system: http://jpshortstuff.247Fixes.com/SystemLook_x64.exe
Save the file to the Desktop
  • Double-click SystemLook.exe to run it.
  • Copy the content inside the following code box into the open field:
Code:
:reg 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend /s 
 

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\WinDefend /s
  • Click the Look button to start the scan.
  • When finished, a Notepad window opens with the results of the scan.
    Please post the SystemLook.txt in your reply.
Thanks!
My System SpecsSystem Spec
01 Jul 2013   #30
dexterrules4

Windows 7 Home Premium
 
 

Farbar Service Scanner Version: 27-06-2013
Ran by alireep (administrator) on 01-07-2013 at 21:57:50
Running from "C:\Users\alireep\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo.com returned error: Yahoo.com is offline


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of WinDefend. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of WinDefend. The value does not exist.
Unable to retrieve ServiceDll of WinDefend. The value does not exist.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
My System SpecsSystem Spec
Reply

 Windows Defender nowhere to be found and will not start




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Used windows defender offline now windows won't start
I ran windows defender offline and now my computer won't start up windows, it keeps rebooting. start up repair doesn't fix the problem nor did returning the computer to the last good configuration. I didn't receive a disk installation disk with the desktop and I don't want to loose everything that...
System Security
Windows defender keeps popping up at start
Everytime I startup my computer, windows defender pops up saying that it is turned off. How do I stop it from notifying me? I tried going into services and disabling it, but it still pops up at startup.
System Security
Windows Defender won't start
Hello guys i have another problem ugh ^_^ when i open windows defender and click start now it wont start the program i get the error saying : The specified service does not exist as an installed service. (Error Code: 0x80070424) Also when i noticed something that in my services list my windows...
System Security
Security center and windows defender wont start.
I have just turned on my windows 7 ultimate 64bit computer and see that the security center service is not running when i try to start it, it says "The windows security center cannot be started" ive tried going into services and cant find it. I have also found out that windows defender does...
System Security
Windows Defender wont start!
I recently got a pop up notification saying windows defender needs to scan my computer. Ok, fine. But when I click the scan now button, windows defender gives me a error. I checked the windows defender service and it wont turn on at all. I have avast, malware bytes and spybot. All of...
System Security
Cannot start windows defender
Hi all, I'm having a problem with windows defender. I noticed it was not working, although it has been in the past, so I tried to enable it but get this message: "This program is blocked by group policy. For more information contact your system administrator. (Error code: 0x800704ec)" Any help...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 18:35.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App