Solved Windows Security Center is not getting open

Srvs · Apr 7, 2017

Please help me out to resolve this.

Thanks a lot for your time.

TwinHeadedEagle · Apr 8, 2017

Hello,

Please download Zemana AntiMalware and save it to your Desktop.

Install the program and once the installation is complete it will start automatically.
Without changing any options, press Scan to begin.
After the short scan is finished, if threats are detected press Next to remove them.

Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.

Open Zemana AntiMalware again.
Click on

icon and double click the latest report.
Now click File > Save As and choose your Desktop before pressing Save.
The only left thing is to attach saved report in your next message.

Srvs · Apr 10, 2017

TwinHeadedEagle said:
Hello,

Please download Zemana AntiMalware and save it to your Desktop.

Install the program and once the installation is complete it will start automatically.

Without changing any options, press Scan to begin.

After the short scan is finished, if threats are detected press Next to remove them.

Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.

Open Zemana AntiMalware again.

Click on

icon and double click the latest report.

Now click File > Save As and choose your Desktop before pressing Save.

The only left thing is to attach saved report in your next message.

Attached files are
Zemana scan report and malware bytes antivirus report.

Thanks for your response.

TwinHeadedEagle · Apr 10, 2017

How is your computer behaving now?

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

Right-click on

icon and select

Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Make sure that Addition.txt option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please attach report into your next reply.

Srvs · Apr 10, 2017

TwinHeadedEagle said:
How is your computer behaving now?

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

Right-click on

icon and select

Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).

Make sure that Addition.txt option is checked.

Press Scan button and wait.

The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please attach report into your next reply.

---------------------
System is working fine as it was but i cannot turn on the Windows defender or Windows service center. Still showing same error, Windows service center has been blocked...
PFA for the required files below

TwinHeadedEagle · Apr 10, 2017

You are missing FRST.txt report. Read my posts carefully please.

Srvs · Apr 11, 2017

Extremely sorry for that.
PFA for the file.

TwinHeadedEagle · Apr 11, 2017

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

Right-click on

icon and select

Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.

Right-click on

icon and select

Run as Administrator to start the tool.
Accept the Terms of use.
Wait until the database is updated.
Click Scan.
When finished, please click Clean.
Your PC should reboot now.
After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

Srvs · Apr 11, 2017

Hi,

I forgot to mention one thing i.e., there were so many IP addresses in the host file, i had seen when my system got infected.
Possibly, you would have seen.

And after running AdwCleaner > scan > clean > system has restarted and one error has come after rebooting, screenshot has been attached..

Screenshot: error1.png

And cmd prompt has come after rebooting.

Note:
Attached files are

Fixlog.txt
error1.png
AdwCleaner[C0].txt
AdwCleaner[S0].txt
------------------------

AdwCleaner log:

# AdwCleaner v6.045 - Logfile created 11/04/2017 at 19:53:14
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-04-10.2 [Server]
# Operating System : Windows 10 Home Single Language (X64)
# Username : shail_000 - IDEABOX
# Running from : C:\Saurabh\Safety Tools\AdwCleaner.exe
# Mode: Clean
# Support : Customer Support & Help Center

***** [ Services ] *****

[-] Service deleted: SNARER

***** [ Folders ] *****

[-] Folder deleted: C:\Users\shail_000\AppData\Local\PackageAware
[-] Folder deleted: C:\Users\shail_000\AppData\Local\SNARER
[-] Folder deleted: C:\Users\shail_000\AppData\Roaming\RHEng

***** [ Files ] *****

[-] File deleted: C:\Users\shail_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\UC浏览器.lnk
[-] File deleted: C:\WINDOWS\SysNative\log\iSafeKrnlCall.log
[-] File deleted: C:\END
[-] File deleted: C:\TOSTACK
[-] File deleted: C:\Users\Public\Documents\temp.dat
[-] File deleted: C:\Users\Public\Documents\report.dat

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

[-] Shortcut disinfected: C:\Users\shail_000\Desktop\Tor Browser\Start Tor Browser.lnk

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\GoogleChromeUpService
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\SkypeUpdateEx
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\ed2kidle
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\WMPNetworkAcSvc
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\wmpnetworkacsvc
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\googlechromeupservice
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARER
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARER
[-] Key deleted: HKU\.DEFAULT\Software\UpgSvr
[-] Key deleted: HKU\S-1-5-21-2273034955-3136679368-1736891683-1002\Software\Installer
[-] Key deleted: HKU\S-1-5-21-2273034955-3136679368-1736891683-1002\Software\AutoTime
[-] Key deleted: HKU\S-1-5-21-2273034955-3136679368-1736891683-1002\Software\SNDA
[-] Key deleted: HKU\S-1-5-21-2273034955-3136679368-1736891683-1002\Software\PopWnd
[-] Key deleted: HKU\S-1-5-21-2273034955-3136679368-1736891683-1002\Software\UpgSvr
[-] Key deleted: HKU\S-1-5-21-2273034955-3136679368-1736891683-1002\Software\deskapp
[#] Key deleted on reboot: HKU\S-1-5-18\Software\UpgSvr
[#] Key deleted on reboot: HKCU\Software\Installer
[#] Key deleted on reboot: HKCU\Software\AutoTime
[#] Key deleted on reboot: HKCU\Software\SNDA
[#] Key deleted on reboot: HKCU\Software\PopWnd
[#] Key deleted on reboot: HKCU\Software\UpgSvr
[#] Key deleted on reboot: HKCU\Software\deskapp
[-] Key deleted: HKLM\SOFTWARE\SkypeUpdateEx
[-] Key deleted: HKLM\SOFTWARE\ScreenShot
[-] Key deleted: HKLM\SOFTWARE\WMPNetworkAcSvc
[-] Key deleted: HKLM\SOFTWARE\msServer
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{59B5A9CD-253D-4C41-A073-B387D4C9672D}
[#] Key deleted on reboot: [x64] HKCU\Software\Installer
[#] Key deleted on reboot: [x64] HKCU\Software\AutoTime
[#] Key deleted on reboot: [x64] HKCU\Software\SNDA
[#] Key deleted on reboot: [x64] HKCU\Software\PopWnd
[#] Key deleted on reboot: [x64] HKCU\Software\UpgSvr
[#] Key deleted on reboot: [x64] HKCU\Software\deskapp
[-] Key deleted: [x64] HKLM\SOFTWARE\SkypeUpdateEx
[-] Key deleted: [x64] HKLM\SOFTWARE\InterSect Alliance
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\foxi69.tlscdn.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\nova.rambler.ru
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\rambler.ru
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\tlscdn.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\foxi69.tlscdn.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\nova.rambler.ru
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\rambler.ru
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\tlscdn.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\foxi69.tlscdn.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\nova.rambler.ru
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\rambler.ru
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\tlscdn.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\foxi69.tlscdn.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\nova.rambler.ru
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\rambler.ru
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\tlscdn.com
[-] Value deleted: HKU\S-1-5-21-2273034955-3136679368-1736891683-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [apphide]
[-] Value deleted: HKU\S-1-5-21-2273034955-3136679368-1736891683-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [msiql]
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [gplyra]
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [DiskPower]
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [MyMemory]
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [BestCleaner]
[-] Value deleted: HKU\S-1-5-21-2273034955-3136679368-1736891683-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [svchost0]
[-] Key deleted: HKLM\SOFTWARE\Classes\DesktopBackground\Shell\Add event reminder
[-] Key deleted: HKLM\SOFTWARE\Classes\Directory\Background\shell\Add event reminder
[-] Key deleted: HKLM\SOFTWARE\Classes\Directory\shell\Add event reminder
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
[-] Key deleted: HKLM\SOFTWARE\Classes\*\shell\Add event reminder
[-] Value deleted: HKCU\SOFTWARE\Classes\.crx\OpenWithProgids [UCHTML.AssocFile.CRX]
[-] Value deleted: HKCU\SOFTWARE\Classes\.mht\OpenWithProgids [UCHTML.AssocFile.MHT]
[-] Value deleted: HKCU\SOFTWARE\Classes\.shtm\OpenWithProgids [UCHTML.AssocFile.SHTM]
[-] Value deleted: HKCU\SOFTWARE\Classes\.webp\OpenWithProgids [UCHTML.AssocFile.WEBP]
[-] Value deleted: HKLM\SOFTWARE\Classes\.htm\OpenWithProgids [UCHTML.AssocFile.HTM]
[-] Value deleted: HKLM\SOFTWARE\Classes\.html\OpenWithProgids [UCHTML.AssocFile.HTML]
[-] Value deleted: HKLM\SOFTWARE\Classes\.mht\OpenWithProgids [UCHTML.AssocFile.MHT]
[-] Value deleted: HKLM\SOFTWARE\Classes\.shtm\OpenWithProgids [UCHTML.AssocFile.SHTM]
[-] Value deleted: HKLM\SOFTWARE\Classes\.shtml\OpenWithProgids [UCHTML.AssocFile.SHTML]
[-] Value deleted: HKLM\SOFTWARE\Classes\.webp\OpenWithProgids [UCHTML.AssocFile.WEBP]
[-] Value deleted: HKLM\SOFTWARE\Classes\.xht\OpenWithProgids [UCHTML.AssocFile.XHT]
[-] Value deleted: HKLM\SOFTWARE\Classes\.xhtml\OpenWithProgids [UCHTML.AssocFile.XHTML]

***** [ Web browsers ] *****

[-] [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [9929 Bytes] - [11/04/2017 19:53:14]
C:\AdwCleaner\AdwCleaner[S0].txt - [9635 Bytes] - [11/04/2017 19:50:41]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [10075 Bytes] ##########

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Thanks for your valuable time.

TwinHeadedEagle · Apr 11, 2017

You will need to run this program to fix some issues caused by malware:

Tweaking.com - Windows Repair Free/Pro

Srvs · Apr 13, 2017

Thanks a lot.
And sorry for the late reply.

All viruses have been removed and services have also started. Just a bit slow, don't know why.
Do you want some log files to check or its fine??

Thanks a ton

TwinHeadedEagle · Apr 13, 2017

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

Right-click on

icon and select

Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Make sure that Addition.txt option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please attach report into your next reply.

Srvs · Apr 13, 2017

TwinHeadedEagle said:
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

Right-click on

icon and select

Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).

Make sure that Addition.txt option is checked.

Press Scan button and wait.

The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please attach report into your next reply.

------------------

PFA for the required files..

TwinHeadedEagle · Apr 14, 2017

Your computer is clean now.

Srvs · Apr 14, 2017

There is one problem i am still facing i.e. Backspace button is not working to go back to the previous page in chrome, previously it used to worked.
If you could help me then it would be much helpful for me, mostly i use Chrome.

Thank you so much for your help and your valuable time that you have given me.
Thanks a ton.

TwinHeadedEagle · Apr 17, 2017

Try to reinstall Chrome.

Solved Windows Security Center is not getting open

Level 1

Attachments

Level 41

Level 1

Attachments

Level 41

Level 1

Attachments

Level 41

Level 1

Attachments

Level 41

Attachments

Level 1

Attachments

Level 41

Level 1

Level 41

Level 1

Attachments

Level 41

Level 1

Level 41

Similar threads