Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Action center Disabled


  • Please log in to reply
27 replies to this topic

#1 dmach8

dmach8

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 15 January 2012 - 10:11 AM

Hi, got my step daughters pc and she asked me to look at, she said their use to be the flag to let her know when things needed to be checked, its disabled, No matter what i do i cant enable it, i have run Microsoft security essentials and Malware bytes and nothing shows on the scans.. I am wondering how to turn this on, Its windows 7 Home Premium
Thanks

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:50 PM

Posted 15 January 2012 - 10:44 AM

Download

FSS

Launch it,check mark firewall and security center options

* Click on "Scan".
* It will create a log (FSS.txt) in the same directory the tool is run.

Launch the FSS again and type

consrv.dll in the BOX and click on search files

Please copy and paste both the logs in your reply

Edited by narenxp, 15 January 2012 - 10:59 AM.


#3 dmach8

dmach8
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 15 January 2012 - 07:51 PM

Farbar Service Scanner
Ran by Steve (administrator) on 15-01-2012 at 19:44:44
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


Security Center:
============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 19:09] - [2009-07-13 20:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll
[2009-07-13 19:09] - [2009-07-13 20:40] - 0703488 ____A (Microsoft Corporation) 4992C609A6315671463E30F6512BC022

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\wscsvc.dll
[2011-06-27 21:35] - [2010-12-21 01:16] - 0097280 ____A (Microsoft Corporation) 8F9F3969933C02DA96EB0F84576DB43E

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Second Scan
Farbar Service Scanner
Ran by Steve (administrator) on 15-01-2012 at 19:50:33
Windows 7 Home Premium (X64)

************************************************
================== Search: "consrv.dll" ===================

====== End Of Search ======

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:50 PM

Posted 15 January 2012 - 08:16 PM

Please download GMER from here

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.

Good luck

Edited by narenxp, 15 January 2012 - 09:45 PM.


#5 dmach8

dmach8
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 15 January 2012 - 09:16 PM

Farbar Service Scanner
Ran by Steve (administrator) on 15-01-2012 at 21:15:46
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


Security Center:
============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 19:09] - [2009-07-13 20:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll
[2009-07-13 19:09] - [2009-07-13 20:40] - 0703488 ____A (Microsoft Corporation) 4992C609A6315671463E30F6512BC022

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\wscsvc.dll
[2011-06-27 21:35] - [2010-12-21 01:16] - 0097280 ____A (Microsoft Corporation) 8F9F3969933C02DA96EB0F84576DB43E

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Farbar Service Scanner
Ran by Steve (administrator) on 15-01-2012 at 20:42:30
Windows 7 Home Premium (X64)

************************************************
================== Search: "consrv.dll" ===================

====== End Of Search ======

Gmer Log
Found Nothing it printed a blank log

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:50 PM

Posted 15 January 2012 - 09:25 PM

Hi

I asked you the GMER log and not your FSS log.


To be on safer side before running registry fixes i would suggest you to

Download

http://www.snapfiles.com/get/erunt.html

Install it and backup your registry to C:/Windows/erdnt


Open a notepad and copy the script


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc]
"DisplayName"="@%SystemRoot%\\System32\\wscsvc.dll,-200"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
  00,65,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,52,00,65,00,73,00,74,00,\
  72,00,69,00,63,00,74,00,65,00,64,00,00,00
"Start"=dword:00000002
"Type"=dword:00000020
"Description"="@%SystemRoot%\\System32\\wscsvc.dll,-201"
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,57,00,69,00,6e,00,\
  4d,00,67,00,6d,00,74,00,00,00,00,00
"ObjectName"="NT AUTHORITY\\LocalService"
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\
  00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
  67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\
  00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
  00,00,00,00
"DelayedAutoStart"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Parameters]
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  77,00,73,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Security]
"Security"=hex:01,00,14,80,c8,00,00,00,d4,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,98,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
  05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\
  00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,\
  00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,28,00,15,00,00,00,01,06,00,\
  00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,\
  7b,42,13,56,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,\
  00,00,00


Click on FILE-SAVE AS

filename:wscsvc.reg
Save as:all types

Launch it ,click on YES when you get a UAC prompt

Restart your PC and check your action center

Edited by narenxp, 15 January 2012 - 09:33 PM.


#7 dmach8

dmach8
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 15 January 2012 - 09:42 PM

Restart the PC and run a scan again.Your mbam log should be clean.

I assumed you wanted it run again i didnt realize you were referring to malware bytes, my first post said those scan never showed anything but after installing this
THe action center through control panel is behaving correctly, if you turn off MSE there is no flag on the tray area, if you try to turn it on, its still disabled.
I am going through tray area to Customize notification Icons
Then turn system icons on or off, the Action center is grayed out, you cant do anything

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:50 PM

Posted 15 January 2012 - 09:48 PM

Ok,no issues :)

can you post the GMER log?

Did you try the registry fix,if YES then

click on start button and type

services.msc and press ENTER

Right click on SECURITY CENTER service-start it

Good luck

Edited by narenxp, 15 January 2012 - 09:48 PM.


#9 dmach8

dmach8
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 15 January 2012 - 09:52 PM

Registry fix=Yes
Action center in Services.msc was already started.
The GMER log is blank, when it completed it was blank in there and the log, it did state there was nothing found.
Did I DO something wrong, i turned off MSE and it took forever for it to scan the harddrive

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:50 PM

Posted 15 January 2012 - 10:04 PM

it did state there was nothing found.//

Can you post the LOG?

Go to control panel-System security-Action center

How does it look like? Does it show any errors? May be if i could get a screenshot it would be helpful

Thanks

#11 dmach8

dmach8
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 15 January 2012 - 10:15 PM

I tried to attach the gmer.log and it wont allow it, the file says its 0 bytes.
This where i cant get the action center icon turned on for tray area, it seems to be fine in the control panel, Usually if you turn of The virus protection it will tell you your not protected, right? I have to enter the control panel go to action center to see that its turned off.
Not sure what you would like me to do, it seems like there was nothing in the log file, would you like me to run it again?

Attached Files



#12 dmach8

dmach8
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 15 January 2012 - 10:20 PM

Off to bed I will check back on this tomorrow, and thank you for your help and patience

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:50 PM

Posted 15 January 2012 - 10:28 PM

No issues,its ok, if gmer log is clean.

Usually if you turn of The virus protection it will tell you your not protected, right?//

yes

When you look at the screenshot,you have an option called Restore default icons behaviour
,try that and let me know

Good luck

#14 dmach8

dmach8
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 16 January 2012 - 06:12 AM

Nothing happens when you click it, already tried that.

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:50 PM

Posted 16 January 2012 - 11:33 AM

Lets try this

Click on start button and type

cmd

Right click cmd and select run as administrator

Now run this command

net stop winmgmt

Click Y and press ENTER

Now type

start wbem

Delete the repository folder in WBEM

Now again run this command

net start winmgmt

Restart your PC

See if that enables your action center icon

Good luck

Edited by narenxp, 16 January 2012 - 11:33 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users