Windows Security Center wont load

[Thridchild]

Aftr haing a virus on my pc I canot get Windows Security Center to work so not sure how protected I am.

[KenB]

Hi and welcome to ExTS

 

Did you have qualified help to get rid of the virus ?

 

One of our security experts should be along soon to help :)

[etavares]

Hi Thridchild,

 

That's a common issue. Given this is virus related, I've moved this to the virus removal forum instead of the security questions board.

 

Please follow the instructions in the link below and post the requested logs in reply to this thread.

Before posting for Malware Removal help.

 

 

Next, please also do this given the issues you are experiencing:

 

Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure the following options are checked:
  
  • Internet Services
    
  • Windows Firewall
    
  • System Restore
    
  • Security Center
    
  • Windows Update
    

  [*]Press "Scan".

  [*]It will create a log (FSS.txt) in the same directory the tool is run.

  [*]Please copy and paste the log to your reply.

Please post all logs in reply to this thread and I'll help you resolve the issues. You can use multiple posts if needed to post all the logs.

 

-etavares

[Thridchild]

Hi etavares Thanks for you reply and help. Have run log but am having problems attaching to thread

[Thridchild]

[attach]FSS[\ATTACH]

[etavares]

Hi Thridchild,

 

Click "reply" at the bottom right of this post. Then, click Go Advanced button at the bottom right, under the text field that pops up to type your reply. In the advanced editor, you'll see buttons in the gray bar above where you type. Click the paperclip over the piece of paper at the top right in the first row of buttons. A popup window will appear. Click add files and select your log files. They'll appear in the section. Then, drag them into the Attachments area at the bottom.

 

You can also copy/paste the entire contents by opening the log in Notepad, Edit --> Select All, Edit --> Copy, then paste in here. Do one log per post.

 

Did that work?

 

-etavares

[Thridchild]

Log FILE

 

Hi hope this works

FSS.txt

[etavares]

Hi Thridchild,

 

It did work! It does show some issues we'll have to resolve. Please go through these instructions in the link below and also post the requested logs as you did with the FSS log:

 

Before posting for Malware Removal help.

 

-etavares

[Thridchild]

Log Files as requested

 

Hi Have attached log files from mbam and otl as requested

mbam-log-2012-11-27 (11-17-10).txt

OTL.Txt

Extras.Txt

[etavares]

Hello, Thridchild.

 

 

There are a lot of things going on the log. Nothing appears to be active, but there is remnant damange that needs to be fixed. Let's get to work.

 

 

 

 

 

 

 

 

 

 

P2P Warning and Request

The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case uTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

 

 

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.

 

 

Registry Cleaner Warning

 

 

 

 

I also see that you have a registry cleaner installed (in your case Fix RegCleaner v1.0). Here at BC, we do not recommend using registry cleaners. If you do use it, make sure to use a tool like ERUNT to back up your registry first. Merely backing it up yourself via regedit wont' help you if you can't boot up as a result!

 

 

See here for more information:

http://www.bleepingcomputer.com/forums/index.php?showtopic=238799&st=0&p=1326578entry1326578

 

 

Registry Cleaner Warning

 

 

 

 

I also see that you have a Ccleaner installed. It is a great tool that I use. However, be careful of the registry cleaning functionality (versus file cleaning), Here at BC, we do not recommend using registry cleaners as they don't speed up your computer and they can do more harm than good if they remove a legitimate entry. If you do use it, make sure to use a tool like ERUNT to back up your registry first. Merely backing it up yourself via regedit wont' help you if you can't boot up as a result!

 

 

See here for more information:

http://www.bleepingcomputer.com/forums/index.php?showtopic=238799&st=0&p=1326578entry1326578

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Step 1

 

 

 

 

 

 

Next, please download ComboFix from one of these locations:

• 
   
  
• Bleepingcomputer
   
  
• InfoSpyware
  

* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe

• 
   
  
• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
   
  
• Double click on etavaresCF.exe & follow the prompts.
   
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
   
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

 

 

 

http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

 

http://img.photobucket.com/albums/v706/ried7/whatnext.png

 

 

Click on Yes, to continue scanning for malware.

 

 

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

 

 

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

 

 

 

 

 

 

Step 2

 

 

1. Download TDSSKiller.exe and save it to your desktop.
   
2. Double-click TDSSKiller.exe to run it.
   
3. Under "Objects to scan" ensure both "Services and Drivers" and "Boot Sectors" are checked.
   
4. Click Start scan and allow it to scan for Malicious objects.
   
5. If malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue.
   
6. If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue.
   
7. It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
   
8. A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
   for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt
   
9. If no reboot is required, click on Report. A log file should appear.
   
10. Please post the contents of the logfile in your next reply
    

 

 

 

 

 

 

Step 3

 

 

I don't see an Anti Virus Program running on your machine

• Download and install an antivirus program, and make sure that you keep it updated
  New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
  Two good antivirus programs free for non-commercial home use are Avast! and Avira
  Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
  Note: Avira now includes the Ask.com Toolbar unless you choose not to install it. This means it is pre-checked by default and it is recommended that you uncheck that option during installation.
  

 

 

etavares

[Thridchild]

Hi etavares Thanks for your continued support.

 

Have removed utorrent and registry cleaner as recommended.

 

After downloading and running Combofix pc hung after it ran scan and then started to delete files and one folder as below

Deleting files

 

C\:Documents and Settings\All Uers\Application Data\Temp\B63300d1.tmp

C\:Documents and Settings\paddy\win.qs7jqx

C\:Documents and Settings\shaun\Application Data\PCFix\log.dat\unresolvederors.dat

C\:WINDOWS\system32\ClientSyncloader.htm

C\:WINDOWS\system32\ClientSyncloaderDriver.htm

C\:WINDOWS\system32\SET29.tmp

C\:WINDOWS\system32\SET39.tmp

C\:WINDOWS\system32\SET75.tmp

 

Deleting folder

 

C\:Documents and Settings\All Users\Applicaton Data\TEMP

 

After hanging like this for 15 minutes I closed box and rebooted m/c okay.

 

Run TDSSKILLER scan was clean Have attached report.

 

Will download an anti virus program but have MSE which I thought would be sufficient.

 

Thanks again Shaun(thridchild)

TDSSKiller.2.8.15.0_28.11.2012_11.25.26_log.txt

[etavares]

You're right, I only saw Windows Defender running, but MSE was also running. No need to install another. Does C:\combofix.txt exist? If so, please copy/paste the contents of it here. If not, please let me know.

[Thridchild]

Hi etavares

 

I cannot find the file, when I try and search for it get stuck in a loop during search results?

[etavares]

Hi Thridchild,

 

No need to search, we know where it is. Try clicking Start --> Computer; navigate to C:\ and see if Combofix.txt is there.

 

-etavares

[Thridchild]

Hi etavares Its not showing in c:\

[etavares]

Hello, Thridchild.

 

 

OK, we'll move on then.

 

 

Step 1

 

 

We need run an OTL Script

1. Please download OTL from one of the following mirrors if you do not still have it.
   
   • This is first Mirror
     
   • This is the second mirror
     

[*]Save it to your desktop.

[*]Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/otlDesktopIcon.png icon on your desktop.

[*]Paste the following code under the Custom Scans/Fixes box at the bottom.

:files
C:\WINDOWS\System32\drivers\hfikspxp.dat
C:\Documents and Settings\shaun\Local Settings\Application Data\0wdprkm25e4fco8x6pdb468r30
C:\Documents and Settings\All Users\Application Data\0wdprkm25e4fco8x6pdb468r30
C:\WINDOWS\System32\drivers\sfi.dat
C:\WINDOWS\System32\drivers\goqcreau.dat
C:\WINDOWS\System32\drivers\pnlflccf.dat
C:\WINDOWS\System32\drivers\qrwiyyka.dat
C:\WINDOWS\System32\epfwdata.bin
:OTL
DRV - (WDICA) --  File not found
DRV - (vvkfpihf) -- C:\WINDOWS\system32\drivers\vvkfpihf.sys File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV - (Changer) --  File not found
DRV - (bcqjndro) -- C:\WINDOWS\system32\drivers\bcqjndro.sys File not found
IE - HKLM\..\URLSearchHook: {657E195F-066D-435C-92DB-7C261E6FE832} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\URLSearchHook: {657E195F-066D-435C-92DB-7C261E6FE832} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {AB79D3B4-AEDB-428a-B504-BAC00521A1C7}
IE - HKCU\..\SearchScopes\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}: "URL" = http://starwebsearch.com/results.php?q={searchTerms}
O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) -  File not found

[*]Click the Run Fix button at the top.

[*]let the program run unhindered and reboot when it is done.

[*]You will get a log when it is done, please post that in your reply.

[*]Please then create a new OTL report....

[*]Click the "Scan All Users" checkbox.

[*]Push the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/runscanbutton.png button.

[*]A report will open, copy and paste it in a reply here.

 

 

 

 

 

 

Step 2

 

 

Next, download aswMBR and save it to your desktop.

• Double click the aswMBR.exe to run it.
  
• The latest version gives you the option of adding the latest Avast definitions:
   
  http://img.photobucket.com/albums/v708/starbuck50/new/03-07-201116-24-19.png
  
• It is recommended at this time to click NO. ( as there is a possibility of crashing the system)
  
• Click the Scan button to start scan.
  

http://img.photobucket.com/albums/v708/starbuck50/new/asw1.gif

 

On completion of the scan click Save log and save it to your desktop.

 

http://img.photobucket.com/albums/v708/starbuck50/new/asw2.gif

 

Please post this in your reply.

 

NOTE:

aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

-etavres

[Thridchild]

1st olt log

olt2.txt

[Thridchild]

2nd otl log

OTL3.Txt

[Thridchild]

Hi etavares the is the mbr log

aswMBR.txt

[Thridchild]

Hi etavares

 

Have noticed since done the otl fix when opening internet explorer the manage addon screen appears with no default search provider and when i try to select one nothing happens so if i try to do a search using top right field next to spyglass nothing happens. Rgds Thridchild

[etavares]

Hello, Thridchild.

 

 

The aswMBR log shows you had a serious infection at one point, but it doesn't appear active.

 

 

In regards to the IE search provider, try following these instructions to set your default search provider.

http://windows.microsoft.com/is-IS/windows-vista/Change-or-choose-a-search-provider-in-Internet-Explorer

 

 

 

 

 

 

Step 1

 

 

• Open notepad.
  
• Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
  
• Save it to your desktop (click file, save as) as "fixit.reg" with the quotes.
  

 

 

REGEDIT4


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=-

 

 

NOTICE: This file was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

 

 

Locate fixit.reg on your Desktop and double-click on it.

You will receive a prompt similar to: "Do you wish to merge the information into the registry?".

Answer "Yes" and wait for a message to appear similar to "Merged Successfully".

 

 

Please reply back letting me know if it merged correctly.

 

 

 

 

 

 

 

 

Step 2

 

 

1. Please open Notepad.
   
2. Copy and paste the text in the box below into Notepad.
   

   @ECHO OFF
   sc config wuauserv start=auto > "%USERPROFILE%\Desktop\Update.log"
   start "%USERPROFILE%\Desktop\Update.log"
   del %0

   
   This fix is custom made for this user's computer.
   

3. Select File-->Save As
   
4. Select File as Type: All Types (*.*)
   
5. Save it to your desktop as fixme.bat
   
6. Double-click fixme.bat on your desktop to run the fix.
    
    
   
7. A window will briefly pop up then close.
   
8. A log will open, please copy and paste it into your response.
   

 

 

 

 

 

 

Step 3

 

 

 

 

Please restart your computer.

 

 

Once that's done, please run Farbar Service Scanner (FSS) again and post the resulting log in your reply.

 

 

 

 

etavares

[Thridchild]

Hi etavares

 

With regards to the fixit.reg got message " info in c:\Documents an Settings\shaun\my documents\fixit.reg successfully entered into the registry".

 

Have attached both fixme log and fss log.

 

Still having problems with default seach provider

 

Regards Thridchild

FIXME.txt

FSS.2.txt

[etavares]

Hi Thridchild,

 

OK, I've made a note about the default search provider. We'll come back to that in a bit.

 

Please Click Start --> Run type services.msc and press Enter.

The Services window should open.

Scroll down to Windows Update, right-click and select Properties.

Under Startup Type select Automatic

OK your way out of all the menus and close the Services window.

 

Next, click Start --> Run, type firewall.cpl and press Enter.

On the General tab click On (recommended)

Click OK.

 

Restart your computer.

 

Then, please run FSS and post the resulting log.

[Thridchild]

Hi etavares

 

Thereis no Windows Update in Services. Also when I try firewall.cpl get error message Winodws Firewall settings

cannot be displayed because the associated service is not running If i click on the option to start the service get

message windows cannot start the Windows Firewall\Internet Connection Sharing (ics) service which is the message

I got that made me report the problem in the first place

[etavares]

Hello, Thridchild.

 

 

OK, let's query that service then. The display name may be different than Windows Update.

 

 

Step 1

 

 

1. Please open Notepad.
   
2. Copy and paste the text in the box below into Notepad.
   

   @ECHO OFF
   sc query wuauserv > "%USERPROFILE%\Desktop\Query.txt"
   start "%USERPROFILE%\Desktop\Query.txt"
   del %0

   
   This fix is custom made for this user's computer.
   

3. Select File-->Save As
   
4. Select File as Type: All Types (*.*)
   
5. Save it to your desktop as fixme.bat
   
6. Double-click fixme.bat on your desktop to run the fix.
    
    
   
7. A window will briefly pop up then close.
   
8. A log will open, please copy and paste it into your response.
   

 

 

etavares