Windows Security Center Service Can't be Started

Status
Not open for further replies.

gavin2478

New Member
Thread author
Verified
Nov 23, 2012
18
The only obvious symptom of my computer being infected is that the security service won't start. I might not have any viruses at all. Everything else on my computer is fine.

I scanned with avast and they found 21 infected files, then scanned with malwarebytes and found 11 then with hitmanpro, superantispyware, sophos, and kaspersky tdss killer and all of them found none. I have not used combofix yet because I don't know how to use it. After Malwarebytes and Avast removed the infected files the security center service was still not turning on and wasn't on the services list.
 

Attachments

  • OTL.Txt
    103.4 KB · Views: 243
  • Extras.Txt
    30.9 KB · Views: 139
  • aswMBR.txt
    1.8 KB · Views: 111

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Hi and welcome to the malwaretips.com forums!

I'm Kuttus and I am going to try to assist you with your problem. Please take note of the below:
  • I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.


Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
<hr />
STEP 1: Run a scan with Farbar Service Scanner

<ol> <li>Download Farbar Service Scanner from the below link.
<><a title="External link" href="http://download.bleepingcomputer.com/farbar/FSS.exe" rel="external">FABAR SERVICE SCANNER</a></> <em> (This link will automatically download Farbar Service Scanner on your computer)</em></li>
<li>Run the ulity and checkmark all the boxes</li>
<li> Click on the Scan button.
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/09/fabar.png" /></li>
<li>Add the log that will produce in your next reply.</li></ol>
<hr />
 
Last edited by a moderator:

gavin2478

New Member
Thread author
Verified
Nov 23, 2012
18
System Restore and Windows Defender are turned off too. They should be on. I didn't notice this until now but I tried to turn the windows defender back on but an error message pops up saying "The specified service does not exist as an installed service. (Error Code: 0x80070424)"
 

Attachments

  • FSS.txt
    3.3 KB · Views: 332

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Okay... Let me check the new Logs... Till then try the following fix... :)

STEP 1: Run the below OTL fix
<ol><li>Start <>OTL.exe</></li>
<li>Copy/paste the following text written <>inside of the code box</> into the <>Custom Scans/Fixes</> box located at the bottom of OTL

Code:
:Files
C:\ProgramData\pcdfdata
C:\ProgramData\7531CCA9004B23FD16A291DDF875F002
C:\Users\Gavin\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
C:\Users\Gavin\AppData\Roaming\result.db
C:\ProgramData\connector.swf

:Commands
[EmptyTemp]
[EmptyFlash]
[EmptyJava]
[Reboot]

<>NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system</></li>
<li>Then click the <>Run Fix</> button at the top</li>
<li>Let the program run unhindered, reboot when it is done</li>
<li>Attach the new log produced by OTL (C:\_OTL)</li>
</ol>

<hr />
 
Last edited by a moderator:

gavin2478

New Member
Thread author
Verified
Nov 23, 2012
18
I waited for 20 minutes for my computer to shut off but it wouldn't so I was forced to press the power button.Security Service and Defender still won't turn on. The log that came up when the compute turned on won't attach, MalwareTips says " Please correct the following errors before continuing:
•The type of file that you attached is not allowed. Please remove the attachment or choose a different type."
 

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Okay. Please open the log file and press on Control + A. It will select all the content inside the Log. Copy that one and Paste the Log in your next replay.........
 

gavin2478

New Member
Thread author
Verified
Nov 23, 2012
18
All processes killed
========== FILES ==========
C:\ProgramData\pcdfdata folder moved successfully.
C:\ProgramData\7531CCA9004B23FD16A291DDF875F002 folder moved successfully.
C:\Users\Gavin\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl moved successfully.
C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl moved successfully.
C:\Users\Gavin\AppData\Roaming\result.db moved successfully.
C:\ProgramData\connector.swf moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gavin
->Temp folder emptied: 179458459 bytes
->Temporary Internet Files folder emptied: 510446321 bytes
->Java cache emptied: 604362 bytes
->FireFox cache emptied: 63480219 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 5611 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5472 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67429 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 720.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Gavin
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Gavin
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02162013_192630

Files\Folders moved on Reboot...
File\Folder C:\Users\Gavin\AppData\Local\Temp\hsperfdata_Gavin\10428 not found!
C:\Users\Gavin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Gavin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Gavin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZC99FLN1\Thread-Windows-Security-Center-Service-Can-t-be-Started[1].htm moved successfully.
C:\Users\Gavin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\61ACWJHI\tweet_button.1360972506[1].htm moved successfully.
C:\Users\Gavin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3RO838V7\fastbutton[2].htm moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Okay Cool... That one seems good... :) Now please do the following steps to fix the Security Center Service...
It seems 3 critical services are missing on your computer... So we need to add them in your computer. Download the following files and save them on your computer desktop.

  1. wscsvc
  2. wuauserv
  3. WinDefend
Double-click on the downloaded file one by one to run it. Click “Yes” for Registry Editor prompt window,then click OK.
After completing it you have to restart the computer. After the restart check if the Security Center Service is working or not...
 

gavin2478

New Member
Thread author
Verified
Nov 23, 2012
18
Windows defender is working, security center service is on, and my computer restarted like normal with no delay. Everything seems to be running like normal. Should run scan with avast? or anyone else?
 

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Great to hear that everything is back to Normal now..... Let's See if there is any other virus hiding inside your computer. :D

STEP 1: Run a HitmanPro scan
<ol>
<li><>Download the latest official version of HitmanPro</>.
<a href="http://www.surfright.nl/en/hitmanpro/" rel="nofollow" target="_blank"> <>HITMANPRO DOWNLOAD LINK</></a> <em>(This link will open a download page in a new window from where you can download HitmanPro)</em></li>
<li>Start HitmanPro by <>double clicking on the previously downloaded file.</> and then following the prompts.
<img src="http://malwaretips.com/images/removalguide/hpro4.png" alt="[Image: hitmanproscan4.png]" border="0" /></li>
<li>Once the scan is complete, a screen displaying all the malicious files that the program found will be shown as seen in the image below.After reviewing each malicious object click <>Next</> .
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/02/rsz_hpro5.png" alt="[Image: hitmanproscan5.png]" border="0" /></li>
<li>Click <>Activate free license</> to start the free 30 days trial and remove the malicious files.
<img src="http://malwaretips.com/images/removalguide/hpro6.png" alt="[Image: hitmanproscan6.png]" border="0" /></li>
<li>HitmanPro will now start removing the infected objects, and in some instances, may suggest a reboot in order to completely remove the malware from your system. In this scenario, always confirm the reboot action to be on the safe side.
</ol>
Add to your next reply, any log that HitmanPro might generate.
<hr />

You should be able to run both scans while in Normal mode...
STEP 2: Run a scan with Malwarebytes Anti-Malware in Chamelon mode

<ol>
<li>Download <>Malwarebytes Chameleon from <a title="External link" href="http://downloads.malwarebytes.org/file/chameleon" rel="nofollow external">here</a> </>and extract it to a folder in a convenient location</li>
<li>Make certain that your PC is connected to the internet and then open the folder where you extracted Chameleon to and double-click on the Chameleon help file and then follow the onscreen instructions to use it.</li>
<li>If the Chameleon help file itself will not open, then double-click each file one by one until you find one that works, which will be indicated by a black DOS/command prompt window <em><>Note:</> Do not attempt to open <>mbam-killer</> as that is not a Chameleon executable and serves a different purpose)</em></li>
<li>Follow the onscreen instructions to press a key to continue and Chameleon will proceed to download and install Malwarebytes Anti-Malware for yo</li>
<li>Once it has done this, it will attempt to update Malwarebytes Anti-Malware, click <>OK</> when it says that the database was updated successful</li>
<li>Next, Malwarebytes Anti-Malware will automatically open and perform a Quick scan</li>
<li>Upon completion of the scan, if anything has been detected, click on <>Show Result</></li>
<li>Have Malwarebytes Anti-Malware remove any threats that are detected and click <>Yes</> if prompted to reboot your computer to allow the removal process to complete</li>
<li>After your computer restarts, open <>Malwarebytes Anti-Malware</> and perform a Full System scan to verify that there are no remaining threats</li>
Please add both logs in your next reply.
</ol>

<hr />
 
Last edited by a moderator:

gavin2478

New Member
Thread author
Verified
Nov 23, 2012
18
No threats detected on either one except one cookie. Just in case I'll run avast again. Thanks for your help and everything seems normal now.

For some reason Hitman pro log wont attach so I did the same thing as last
HITMAN PRO LOG:

Code:
HitmanPro 3.7.2.188
www.hitmanpro.com

   Computer name . . . . : GAVIN-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Gavin-PC\Gavin
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Trial (17 days left)

   Scan date . . . . . . : 2013-02-16 20:08:38
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 2m 56s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 1

   Objects scanned . . . : 1,598,922
   Files scanned . . . . : 10,110
   Remnants scanned  . . : 793,075 files / 795,737 keys

Cookies _____________________________________________________________________

   C:\Users\Gavin\AppData\Roaming\Microsoft\Windows\Cookies\K3LJPC3Q.txt
 

Attachments

  • mbam-log-2013-02-16 (20-15-50).txt
    1.8 KB · Views: 107
  • mbam-log-2013-02-16 (20-18-41).txt
    1.8 KB · Views: 93

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Okay Great...... Is there any thing else that I can assist you with?

Now that your PC is clean, I recommend you to create a new System Restore point then purge the old ones after.

For XP
How to create a Restore Point in XP
Delete all restore points except the most recent one

For Vista
Create a restore point
Delete all but the most recent restore point

For Windows 7
Create a restore point
Delete all but the most recent restore point - Click the Delete all but the most recent restore point link




Keep your system updated
  • Keeping your programs (especially Adobe and Java products) updated is essential. Update Checker will notify you if any of your programs require an update.
  • Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office product bugs and vulnerabilities.
  • Please ensure you update your system regularly and have automatic updates on. You can learn how to turn Automatic Updates on here


I also recommend you to switch your antivirus program to a better one. Here are some suggestions:

In addition to your antivirus, you need additional protection such as a firewall and behavioural blocker.


Here are only a few suggestions that will improve your system security. Should you wish to allow us to make full recommendations and set your PC up with maximum security, please start a thread here. Our community of PC enthusiasts and experts will give you feedback and help you secure your system from future malware infections.


Internet Explorer may be the most popular browser but it's definitely not the most secure browser. Consider using other browsers with addition add-ons to safeguard your system while browsing the internet.

Firefox is a more secure, faster browser than Internet Explorer. Firefox contains less vulnerabilities, reducing the risk of drive-by downloads. In addition, you can add the following add-ons to increase security.
  • KeyScramber - Encrypts your keystrokes to protect you against keyloggers that steals personal & banking information
  • AdBlock - Disable/blocks advertisements on websites so you won't accidentally click on a malicious ad.
  • NoScript - Disables Flash & Java contents to avoid exploits or drive-by attacks
  • Web of Trust - Shows the website rating by other users and blocks dangerous and poor-rated sites

Google Chrome is another good browser that is faster and more secure than Internet Explorer by having a sandbox feature. Additionally, you can add the following add-on to Chrome to heighten security.


Lastly, it is important to perform system maintenance on a regular basis. Here are a few tools and on-demand scanners that you should keep & use every 1-2 weeks to keep your system healthy.

Other than that, stay safe out there! If you have any other questions or concerns, feel free to ask :)

<hr />
What's next?
  1. Bulild up your malware defenses by starting a new thread in Security Configuration Wizard forum.
  2. Learn how to avoid malware by reading this article <a href="http://malwaretips.com/blogs/how-to-easily-avoid-pc-infections/">How to easily avoid malware</a>
  3. Be an active member in the MalwareTips community! :)
 

gavin2478

New Member
Thread author
Verified
Nov 23, 2012
18
Thank you for all your help. I now have one more problem. System Restore was turned off and when I tried to turn in back on the error message popped up saying "There was an unexpected error in the property page: The filename, directory name, or volume label syntax is incorrect. (0x8007007B) Please close the property tab page and try again". Also thank you for your suggestions but I already use Avast Internet Security which comes with a firewall, I use firefox, my computer is updated, I usually use system restore (except now because it isn't working), and I use CCleaner, Malwarebytes, and Temp File Cleaner by OldTimer. Lastly, I know you probably can't answer this but I wonder where the 30 infected files came from and why Windows Defender, System Restore, and Security Center were all turned off.
 

kuttus

Level 2
Verified
Oct 5, 2012
2,697
It seems your computer was infected with a spyware

C:\ProgramData\pcdfdata
C:\ProgramData\7531CCA9004B23FD16A291DDF875F002

these files are part of that spyware....... This one make all this problems..


The error 0x8007007B occurs when the system is set to store restore points to a wrong path or location.

Set the proper restore point path in Windows 7.

To remove this error message, do the following workaround:

Step 1:

To set the proper restore point path in Windows 7, performing the following steps:

a. Click on Start.
b. Type sysdm.cpl in the search box and press <Enter>.
The User Account Control window will prompt for permission to run the program. Click Continue.
c. Now you will get The System Properties window appears.
d. Click the System Protection tab.
e. Under Automatic restore points, uncheck any invalid or duplicate location
f. Click to check the C: drive with the Windows Logo
g. Click on Apply and click Ok

Step 2:

Creating system restore point manually:

a. Open System by clicking the Start button, clicking Control Panel, clicking System and Maintenance, and then clicking System.
b. In the left pane, click System Protection, if you are prompted for an administrator password or confirmation, type the password or provide confirmation.
c. Click the System Protection tab, and then click Create.
d. In the System Protection dialog box, type a description, and then click Create.


Let me know if you are facing any issues......
 

gavin2478

New Member
Thread author
Verified
Nov 23, 2012
18
Thank you for all your help! System restore and everything else is now working. Thanks again.
 

kuttus

Level 2
Verified
Oct 5, 2012
2,697
This thread is now closed.​
Reason:&nbsp;<span style="color: #ff0000;">Resolved</span>

<span style="color: #ff0000;"><>The procedures contained in this thread are for this user and this user only.&nbsp;&nbsp;Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair.&nbsp;&nbsp;</></span>

<span style="color: #ff0000;"><>DO NOT use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.</></span>

All members requesting Malware Removal Assistance are required to follow all procedures in the thread
 
Last edited by a moderator:
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top