Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security Center cannot start with error


  • Please log in to reply
22 replies to this topic

#1 jall65

jall65

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 29 March 2009 - 12:59 PM

Hello,
For the past 2 days I have been trying to fix my nieces computer.(acer aspire 5050/Windows Vista Home Basic, Version 6.0 build 6000) At first the computer was lagging something awful, Her AV was out of date so I installed 2009 McAfee Security Center Version 9.3. Whith this forums search features I was able to remove several hamrful items using the tools located on bleepingcomputer.com. I am still getting one error message though. Please forgive me I am not that familar with Windows Vista. While trying to start the Security Center from the services window I get an error message.



" Windows could not start the Security Center on local computer

Error 1068: The dependency service or group faild to start."


Is this an registery error, or something with the McAfee Program?

The computer is pretty much running normal other than this. Any suggestions.
Thanks,
jall65

Edited by boopme, 29 March 2009 - 08:44 PM.


BC AdBot (Login to Remove)

 


#2 jall65

jall65
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 29 March 2009 - 01:43 PM

Ok, I read where I had to have windows installer enabled to start the security center. I started windows installer and I tried to restart the security center and I get a new error message.

"Windows could not start the Security Center on local computer
Error 1079: The account specified for this service is dofferent from the account specified for other services in the same process."
:huh:

#3 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:01:35 AM

Posted 29 March 2009 - 02:00 PM

I'm moving this over to the Am I Infected forum. The folks there will help to assure that you've removed all the bad stuff and will assist with getting the system running well again. Once that's done, if there's any other issues, PM a mod to move this back over to the Vista forums.

Good luck!
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#4 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:35 AM

Posted 29 March 2009 - 02:10 PM

Please download processexplorer

http://technet.microsoft.com/en-us/sysinte...s/bb896653.aspx

Under file and save as, create a log and paste the contents into a reply here
Chewy

No. Try not. Do... or do not. There is no try.

#5 jall65

jall65
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 29 March 2009 - 02:43 PM

Process PID CPU Description Company Name
System Idle Process 0 36.92
Interrupts n/a 3.08 Hardware Interrupts
DPCs n/a 32.31 Deferred Procedure Calls
System 4 23.08
smss.exe 404
csrss.exe 468
wininit.exe 516
services.exe 592
svchost.exe 772
unsecapp.exe 3196 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation
WmiPrvSE.exe 3240
WLLoginProxy.exe 3568 WLLoginProxy.exe Microsoft Corporation
svchost.exe 820
svchost.exe 860
Ati2evxx.exe 924
Ati2evxx.exe 1272
svchost.exe 944
audiodg.exe 1136
svchost.exe 1040
dwm.exe 2664 Desktop Window Manager Microsoft Corporation
svchost.exe 1056
taskeng.exe 2748 Task Scheduler Engine Microsoft Corporation
taskeng.exe 1496
WMIADAP.exe 2852
SLsvc.exe 1168
svchost.exe 1360
svchost.exe 1380
svchost.exe 1584
CLCapSvc.exe 1824
McProxy.exe 1888
Mcshield.exe 1920
MpfSrv.exe 2000
msiexec.exe 264
msksrver.exe 420
svchost.exe 432
VSSVC.exe 1484
svchost.exe 740
eRecoveryService.exe 2124
mcmscsvc.exe 2740
mcsysmon.exe 3512
McNASvc.exe 3732
lsass.exe 604
lsm.exe 612
csrss.exe 524
winlogon.exe 572
taskmgr.exe 3420 Windows Task Manager Microsoft Corporation
explorer.exe 2696 Windows Explorer Microsoft Corporation
MSASCui.exe 2832 Windows Defender User Interface Microsoft Corporation
mcagent.exe 2864 McAfee Integrated Security Platform McAfee, Inc.
PCMService.exe 2972 CyberLink PowerCinema Resident Program CyberLink Corp.
QtZgAcer.EXE 3020 Launch Manager Dritek System Inc.
TeaTimer.exe 3056 3.08 System settings protector Safer-Networking Ltd.
ieuser.exe 3352 Internet Explorer Microsoft Corporation
iexplore.exe 3368 Internet Explorer Microsoft Corporation
procexp.exe 912 1.54 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

#6 jall65

jall65
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 29 March 2009 - 02:57 PM

Thank you DaChew for your response.
I usually can get the info I need off of here without having to bother anyone but this computer is turning me more gray every time I look at it LOL.

I did get the security center to start by changing the log properties but as soon as i did the computer started lagging again and the computer usage resources went up also.

#7 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:35 AM

Posted 29 March 2009 - 06:40 PM

Well there is a lot of bloat and some possible conflicts but I was looking for another AV running(remnant).

Would you give some details on what tools you used and logs please?
Chewy

No. Try not. Do... or do not. There is no try.

#8 jall65

jall65
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 29 March 2009 - 07:52 PM

Malwarebytes found numerous items and I used malwarebytes to delete those. I also installed spyboy search and destroy and scanned and fixed errors. After installation of McAfee it got a clean sweep. After all that the computer is still lagging and I cannot even log onto the computer unless its in safe mode. Here is the attached scan files from malwarebytes before and after scanning as well as hijack this. By the way I'm having to save copies on a jump drive in safe mode and post them from my computer. hijackthis is the last log


Malwarebytes log files below. infected one is first then the clean file

Malwarebytes' Anti-Malware 1.34
Database version: 1900
Windows 6.0.6000

3/26/2009 9:02:34 AM
mbam-log-2009-03-26 (09-02-34).txt

Scan type: Quick Scan
Objects scanned: 57657
Time elapsed: 3 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 31
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 7
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.




Second scan...


Malwarebytes' Anti-Malware 1.34
Database version: 1900
Windows 6.0.6000

3/26/2009 9:47:41 AM
mbam-log-2009-03-26 (09-47-41).txt

Scan type: Quick Scan
Objects scanned: 57729
Time elapsed: 3 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:02:51 PM, on 3/27/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16809)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

{Mod Edit Removed HJT log~~boopme}

Edited by boopme, 29 March 2009 - 08:36 PM.


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:35 AM

Posted 29 March 2009 - 08:46 PM

I've removed the HJT log as it one looked clean and 2 they aren't to be posted here. I am sending the topic back to the VIta forum. One thing I would suggest is to remove some toolbars and SpyBot.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:01:35 AM

Posted 30 March 2009 - 07:49 AM

As you don't seem to be infected, this is likely to be a remnant of the infection.
There's several things that we can try, but it all depends on the extent of the damage.
My point is that we may not be able to fix the damage in a reasonable amount of time (if at all), so now is the time to start considering a format and fresh install of Windows.

That being said, the first thing to try would be running SFC.EXE /SCANNOW from an elevated command prompt.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#11 jall65

jall65
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 30 March 2009 - 08:00 AM

As you don't seem to be infected, this is likely to be a remnant of the infection.
There's several things that we can try, but it all depends on the extent of the damage.
My point is that we may not be able to fix the damage in a reasonable amount of time (if at all), so now is the time to start considering a format and fresh install of Windows.

That being said, the first thing to try would be running SFC.EXE /SCANNOW from an elevated command prompt.



What do you mean from an elevated command prompt? I scanned SFC.EXE /SCANNOW as the administrator and all I see is a flash of a dos screen then nothing.

#12 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:35 AM

Posted 30 March 2009 - 08:15 AM

When you first use Vistaís command prompt as an administrator, you might be surprised to know that you donít get any admin priviledges. On Vista, youíll need to elevate the command prompt in order to do admin functions. Here is how you get an elevated command prompt.

Click on Start button.
In the Search box, type in Command Prompt. Command Prompt will show up in the search results.
Right click on Command Prompt icon and select Run as administrator.
Enter the admin credential and you are ready to go.

ps this is only one reason why I run xp

Edited by DaChew, 30 March 2009 - 08:16 AM.

Chewy

No. Try not. Do... or do not. There is no try.

#13 jall65

jall65
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 30 March 2009 - 08:55 AM

Thanks DaChew,
This is the first time I've had any experience using Vista. I not sure I'm liking it or just not use to it. I have the SFC.EXE /SCANNOW v scanning now. What does this exactly do, Does this check the files or does it actually fix them?

#14 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:35 AM

Posted 30 March 2009 - 08:58 AM

John's the expert in this field, he has the knack

sfc checks all critical system files and attempts to fix them depending upon availability of a replacement/backup copy?
Chewy

No. Try not. Do... or do not. There is no try.

#15 jall65

jall65
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 30 March 2009 - 10:47 AM

Okay,
The scan is complete.

"Verification 100% complete. Windows Resource Protection found corrupt files but was unable to fix them
c:\windows\logs\cbs\cbs.log."


When I tried to go into those logs it told me access wad denied. Do you need the content of the log or am I going to have to re-install windows, And can I do this without the CD?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users