Windows Security Center can't be started because of virus/malware

Page 1 of 13 12311 ... LastLast

  1. Posts : 55
    Windows 7 Ultimate, 32bit
       #1

    Windows Security Center can't be started because of virus/malware


    Hi!
    I can turn on windows security service centre with the instrcutions to run it from the start menu, but after I put it to automatic and press start it turns off after a few seconds. I am quite sure that it is some kind of virus/malware, but I have no idea how to remove it.
    I have downloaded and run the program called "Malwarebytes Anti-Malware" and it found 5 malwares/viruses that I removed with this program. I runned the program again just to make sure, and it didn't find anything dangerous.
    But even so Windows Security Center can still not be started!
    Do you have any suggestions to solve my problem?
    Thank you! :)
      My Computer


  2. Posts : 2,573
    Win7 Ultimate X64
       #2

    If you think you have something going on you can always try an offline scan, something like
    Windows Defender Offline
      My Computer


  3. Posts : 2,470
    Windows 7 Home Premium
       #3

    Crumble,

    Let's find out what is going on with your system...

    Please download RogueKiller:
    Tlcharger RogueKiller (Site Officiel)

    When you get to the website, go to where it says:
    (Download link) Lien de téléchargement:
    Select the 32-bit version.
    Click the dark-blue button to download.

    Save to the Desktop
    Close all windows and browsers
    Windows Vista/Seven: Right-click and select 'Run as Administrator'
    Press: SCAN
    A report opens on the Desktop: RKreport.txt
    Please provide the RKreport.txt (Mode: Scan) in your reply.




    Also, download Farbar Service Scanner

    Save to the Desktop
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press: Scan
    • FSS creates a log, FSS.txt, on the Desktop.
    Please provide the FSS.txt in your reply.
      My Computer


  4. Posts : 55
    Windows 7 Ultimate, 32bit
    Thread Starter
       #4

    Thank you for helping me out here! :)

    Here is the report I got after running the RogueKiller scan:

    RogueKiller V8.4.3 [Jan 21 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : RogueKiller - Geeks to Go Forums
    Website : RogueKiller
    Blog : tigzy-RK

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Started in : Normal mode
    User : siri1802 [Admin rights]
    Mode : Scan -- Date : 01/24/2013 04:13:17

    €€€ Bad processes : 0 €€€

    €€€ Registry Entries : 2 €€€
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    €€€ Particular Files / Folders: €€€

    €€€ Driver : [LOADED] €€€

    €€€ HOSTS File: €€€
    --> C:\Windows\system32\drivers\etc\hosts



    €€€ MBR Check: €€€

    +++++ PhysicalDrive0: FUJITSU MHZ2080BJ FFS G2 ATA Device +++++
    --- User ---
    [MBR] 65936f1430c7b11b5f9723c5b10973f0
    [BSP] aa2d03578b2fca6564e1955bb09e214e : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 300 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 616448 | Size: 76017 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_01242013_02d0413.txt >>
    RKreport[1]_S_01242013_02d0413.txt


    And here is the log from the Farbar Service Scanner:

    Farbar Service Scanner Version: 16-01-2013
    Ran by siri1802 (administrator) on 24-01-2013 at 04:18:07
    Running from "C:\Users\siri1802\Downloads"
    Windows 7 Ultimate Service Pack 1 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error. Google IP is offline
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    The start type of wscsvc service is set to Disabled. The default start type is Auto.
    The ImagePath of wscsvc service is OK.
    The ServiceDll of wscsvc service is OK.


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Disabled. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcore.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****
      My Computer


  5. Posts : 2,470
    Windows 7 Home Premium
       #5

    Thanks for the info, Crumble.

    Please post an image of the Security Center Service information of your system.

    To see the service, press the Windows key and the R key simultaneously.
    In the Run box that appears, type: services.msc
    In the Services window, go down to: Security Center
    Double click on it to bring up its Properties.

    To take a snapshot of it, here is what you do:
    Hold the 'Alt' key and press the 'Print Screen' key (often just labeled 'Prt Sc') on the keyboard.

    Open an image editing application such as the MS Paint program under Start > Accessories
    Paste the captured image into MS Paint.
    In MS Paint, go to File > Save as, and save the image as a (.GIF) file on your Desktop (easy to find)

    Next:
    Connect to the Internet, and go to Photobucket:
    Photo and image hosting, free photo galleries, photo editing | Photobucket
    Once there, create a free account.
    Click 'Browse' and search for the file located on your Desktop.
    Click Upload.
    After uploading, place the cursor on the image. Four different link options show underneath the uploaded image.
    Click on: IMG code (This line is used for using your image in a forum post.
    It makes the image appear full size in your reply.)
    The IMG code is pasted to the clipboard
    In your next post, right click on an open area, and select: Paste

    After taking a look at this, we will also check on a Registry key that may have gone astray.
      My Computer


  6. Posts : 55
    Windows 7 Ultimate, 32bit
    Thread Starter
       #6

    Love how you explain everything so thouroughly as I am not a computer genius :)
    Here comes the image:



    I don't know if you can get anything out of it as it is not in English, but as you can see the Security Center is deactivated and it is not possible to press start...
      My Computer


  7. Posts : 2,470
    Windows 7 Home Premium
       #7

    Norwegian??

    Do you get any kind of error messages when you try to turn it on?

    Also, what is your current AntiVirus?



    Let's check the Registry...

    Please download SystemLook:
    http://jpshortstuff.247fixes.com/SystemLook.exe

    Save to your Desktop.
    Right-click SystemLook.exe, and select: Run as Administrator

    Copy all the content inside the following codebox into the main textfield of the program:
    Code:
     
    :filefind
    wscsvc
     
    :regfind
    wscsvc
    Click the Look button to start the scan.

    When finished, a notepad window opens with the results of the scan: SystemLook.txt

    Please post SystemLook.txt in your next reply.
      My Computer


  8. Posts : 537
    Windows 7 Ultimate x64 SP1
       #8

    Try downloading Malwarebytes. It is free (except if you want real time protection) and almost every time gets rid of the tough ones.
    It's what tech support from several well known AV companies recommend when you cannot install due to MW or virus infection.

    Hope this helps.

    Cheers!
      My Computer


  9. Posts : 55
    Windows 7 Ultimate, 32bit
    Thread Starter
       #9

    cottonball, how did you know the text was in Norwegian? haha :)

    I don't get any kind of error messages, the only thing that happens is that a pop-up window comes up and tells me to activate the Security Center because it has been deactivated. This happens maybe 5 sec after I have turned it on...

    When it comes to AntiVirus I have the free version of Malwarebytes Anti-Malware, but the trial has expired, and I think my computer is unprotected as I have no other AntiViruses than the Microsoft Security Center (that has somehow collapsed.. haha).

    Here are the results of the scan:

    SystemLook 30.07.11 by jpshortstuff
    Log created at 08:53 on 24/01/2013 by siri1802
    Administrator - Elevation successful

    No Context:

    ========== filefind ==========

    Searching for "wscsvc"
    No files found.

    Searching for " "
    No files found.

    ========== regfind ==========

    Searching for "wscsvc"
    [HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\14C\A5B61011]
    "@%SystemRoot%\System32\wscsvc.dll,-201"="WSCSVC-tjenesten (Windows Security Center) overvåker og rapporterer innstillinger for sikkerhetstilstand på datamaskinen. Tilstandsinnstillingene omfatter brannmur (aktivert/deaktivert), antivirusprogram (aktivert/deaktivert/utdatert), antispionprogram (aktivert/deaktivert/utdatert), Windows Update (automatisk/manuell nedlasting og installer oppdateringer), brukerkontokontroll (aktivert/deaktivert) og Internett-innstillinger (anbefales / anbefales ikke). Tjenesten har COM APIer der uavhengige programvareleverandører kan registrere og føre opp statusen til produktene i tjenesten Sikkerhetssenter. Brukergrensesnittet til Handlingssenter bruker tjenesten til å gi varsler for systemstatusfeltet samt en grafisk fremstilling av statusen for sikkerhetstilstanden på kontrollpanelet for Handlingssenter. Beskyttelse av nettverkstilgang (NAP - Network Access Protection) bruker tjenesten til å rapportere s
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
    "LocalServiceNetworkRestricted"="DHCP eventlog AudioSrv BthHFSrv LmHosts wscsvc homegroupprovider WPCSvc"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\SecurityCenter]
    "EventMessageFile"="%SystemRoot%\System32\wscsvc.dll"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\RestrictedSe rvices\Static\System]
    "WSC Deny All Inbound"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=WscSvc|Name=Deny all inbound traffic to WSC|"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\RestrictedSe rvices\Static\System]
    "WSC Deny All Outbound"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=WscSvc|Name=Deny all outbound traffic from WSC|"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc]
    "Description"="@%SystemRoot%\System32\wscsvc.dll,-201"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Parameters]
    "ServiceDll"="%SystemRoot%\System32\wscsvc.dll"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\SecurityCenter]
    "EventMessageFile"="%SystemRoot%\System32\wscsvc.dll"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\RestrictedSe rvices\Static\System]
    "WSC Deny All Inbound"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=WscSvc|Name=Deny all inbound traffic to WSC|"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\RestrictedSe rvices\Static\System]
    "WSC Deny All Outbound"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=WscSvc|Name=Deny all outbound traffic from WSC|"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\wscsvc]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\wscsvc]
    "DisplayName"="@%SystemRoot%\System32\wscsvc.dll,-200"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\wscsvc]
    "Description"="@%SystemRoot%\System32\wscsvc.dll,-201"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\wscsvc\Parameters]
    "ServiceDll"="%SystemRoot%\System32\wscsvc.dll"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\SecurityCenter]
    "EventMessageFile"="%SystemRoot%\System32\wscsvc.dll"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\Restrict edServices\Static\System]
    "WSC Deny All Inbound"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=WscSvc|Name=Deny all inbound traffic to WSC|"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\Restrict edServices\Static\System]
    "WSC Deny All Outbound"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=WscSvc|Name=Deny all outbound traffic from WSC|"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc]
    "Description"="@%SystemRoot%\System32\wscsvc.dll,-201"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Parameters]
    "ServiceDll"="%SystemRoot%\System32\wscsvc.dll"
    [HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\14C\A5B61011]
    "@%SystemRoot%\System32\wscsvc.dll,-200"="Security Center"
    [HKEY_USERS\S-1-5-21-4278792135-2590523476-2833556063-1002\Software\Classes\Local Settings\MuiCache\14C\A5B61011]
    "@%SystemRoot%\System32\wscsvc.dll,-201"="WSCSVC-tjenesten (Windows Security Center) overvåker og rapporterer innstillinger for sikkerhetstilstand på datamaskinen. Tilstandsinnstillingene omfatter brannmur (aktivert/deaktivert), antivirusprogram (aktivert/deaktivert/utdatert), antispionprogram (aktivert/deaktivert/utdatert), Windows Update (automatisk/manuell nedlasting og installer oppdateringer), brukerkontokontroll (aktivert/deaktivert) og Internett-innstillinger (anbefales / anbefales ikke). Tjenesten har COM APIer der uavhengige programvareleverandører kan registrere og føre opp statusen til produktene i tjenesten Sikkerhetssenter. Brukergrensesnittet til Handlingssenter bruker tjenesten til å gi varsler for systemstatusfeltet samt en grafisk fremstilling av statusen for sikkerhetstilstanden på kontrollpanelet for Handlingssenter. Beskyttelse av nettverkstilgang (NAP - Network Access Protect
    [HKEY_USERS\S-1-5-21-4278792135-2590523476-2833556063-1002_Classes\Local Settings\MuiCache\14C\A5B61011]
    "@%SystemRoot%\System32\wscsvc.dll,-201"="WSCSVC-tjenesten (Windows Security Center) overvåker og rapporterer innstillinger for sikkerhetstilstand på datamaskinen. Tilstandsinnstillingene omfatter brannmur (aktivert/deaktivert), antivirusprogram (aktivert/deaktivert/utdatert), antispionprogram (aktivert/deaktivert/utdatert), Windows Update (automatisk/manuell nedlasting og installer oppdateringer), brukerkontokontroll (aktivert/deaktivert) og Internett-innstillinger (anbefales / anbefales ikke). Tjenesten har COM APIer der uavhengige programvareleverandører kan registrere og føre opp statusen til produktene i tjenesten Sikkerhetssenter. Brukergrensesnittet til Handlingssenter bruker tjenesten til å gi varsler for systemstatusfeltet samt en grafisk fremstilling av statusen for sikkerhetstilstanden på kontrollpanelet for Handlingssenter. Beskyttelse av nettverkstilgang (NAP - Network Access Protection) bruk
    [HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\14C\A5B61011]
    "@%SystemRoot%\System32\wscsvc.dll,-200"="Security Center"

    -= EOF =-


    oops, some of it is in Norwegian too hehe
      My Computer


  10. Posts : 55
    Windows 7 Ultimate, 32bit
    Thread Starter
       #10

    Oh! And I forgot to mention that the RogueKiller program found something - should I delete it? I didn't want to do anything before I had asked you in case I was doing something wrong. I have attached an image that shows what it found. Just waiting for your instructions :)

      My Computer


 
Page 1 of 13 12311 ... LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 11:04.
Find Us