Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 Security Center


  • This topic is locked This topic is locked
1 reply to this topic

#1 nl18612

nl18612

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 25 February 2012 - 07:24 AM

Hi,

I had trouble with the "Strong Malware Defender", but cleared that with the help of another topic.

Ran mbam and fixed the detected malware.
Ran hijackthis and fixed the suspicious stuff.
Tried the clean registry with wscsvc.reg

But still have (at least) one problem. The windows security center is not running.
When I enable the security center, something is stopping the service and putting the service to disabled.
Same for Windows Defender service.

Cleaned out the windows startup folder, but no change.

Here the dds.scr output


DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Administrator at 13:35:55 on 2012-02-25
Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.3031.2143 [GMT 1:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Enabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
FW: Bitdefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
C:\Program Files\CliniView\Database\DBBackup.exe
C:\Program Files\Duerr\Server\DBSSrv.exe
C:\PROGRA~1\Duerr\FBS\bin\fbguard.exe
C:\Windows\system32\hasplms.exe
C:\Program Files\CliniView\Database\Binn\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\PROGRA~1\Duerr\FBS\bin\fbserver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x86.exe
c:\39d64d6ea8b1dde9d3d1\Setup.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\MsiExec.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Windows\system32\MsiExec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C9EA4D96-14B0-42E5-AB24-351EACE72EC8} : DhcpNameServer = 192.168.0.1
IFEO: image file execution options - svchost.exe
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2011-3-12 81920]
R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\broadcom\mgmtagent\BrcmMgmtAgent.exe [2009-4-17 110592]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 DBBackupSrv;CliniView Database Backup Service;c:\program files\cliniview\database\DBBackup.exe [2010-4-28 1501184]
R2 DBSService;Duerr Application Service;c:\program files\duerr\server\DBSSrv.exe [2011-6-24 1698816]
R2 FirebirdGuardianDuerrInstance;Firebird Guardian - DuerrInstance;c:\progra~1\duerr\fbs\bin\fbguard.exe -s duerrinstance --> c:\progra~1\duerr\fbs\bin\fbguard.exe -s DuerrInstance [?]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2011-3-11 13336]
R2 MSSQL$CLINIVIEW;SQL Server (CLINIVIEW);c:\program files\cliniview\database\binn\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-14 399416]
R3 DdxDrv;Serial Link PCI Device;c:\windows\system32\drivers\ddxdrv.sys [2010-1-11 24544]
R3 FirebirdServerDuerrInstance;Firebird Server - DuerrInstance;c:\progra~1\duerr\fbs\bin\fbserver.exe -s duerrinstance --> c:\progra~1\duerr\fbs\bin\fbserver.exe -s DuerrInstance [?]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-6-20 273448]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-11-25 139368]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S2 gupdate;Google Updateservice (gupdate);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S2 RecoService;PaloDEx 3D Reconstruction Service;c:\program files\cliniview\vt\RecoServer.exe [2010-5-17 8711680]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatch12OEM.exe [2010-11-25 219632]
S3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update-service (gupdatem);"c:\program files\google\update\googleupdate.exe" /medsvc --> c:\program files\google\update\GoogleUpdate.exe [?]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2011-3-12 132480]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-24 52224]
S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-19 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-02-25 12:35:15 -------- d-----w- C:\39d64d6ea8b1dde9d3d1
2012-02-25 12:13:11 -------- d-s---w- C:\ComboFix
2012-02-25 12:01:24 25048 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll
2012-02-25 12:01:24 140248 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2012-02-25 11:58:52 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2012-02-25 11:56:34 -------- d-----w- c:\users\administrator\appdata\local\Secunia PSI
2012-02-25 11:56:30 -------- d-----w- c:\program files\Secunia
2012-02-25 11:39:09 101421 ----a-w- c:\programdata\1330169949.bdinstall.bin
2012-02-25 11:13:30 -------- d-----w- c:\programdata\Fighters
2012-02-25 11:05:56 285650 ----a-w- c:\programdata\1330167022.bdinstall.bin
2012-02-25 10:57:09 -------- d-----w- c:\programdata\BDLogging
2012-02-25 10:52:02 -------- d-----w- c:\users\administrator\appdata\roaming\QuickScan
2012-02-25 10:50:39 -------- d-----w- c:\program files\Bitdefender
2012-02-25 10:49:30 -------- d-----w- c:\program files\common files\Bitdefender
2012-02-25 07:48:14 -------- d-----w- c:\windows\pss
2012-02-24 21:38:54 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a4a3c47a-6964-47e8-85ba-b8a3dbfcceb0}\gapaengine.dll
2012-02-24 21:38:39 6552120 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{fac69fca-6215-4c91-a982-3e02b8c7b44d}\mpengine.dll
2012-02-24 21:35:25 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2012-02-24 21:02:48 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-24 20:24:46 6552120 ------w- c:\programdata\microsoft\windows defender\definition updates\{e5bcefb7-de50-45d3-b675-d46f7d7471bc}\mpengine.dll
2012-02-24 19:40:37 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-10 16:16:12 102400 --sha-r- c:\windows\system32\pnpuiq.dll
.
==================== Find3M ====================
.
2012-02-25 12:01:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-24 19:41:57 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-01-31 03:59:04 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-18 16:15:26 446696 ----a-w- c:\windows\system32\drivers\avckf.sys
2012-01-14 03:35:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-04 08:58:41 442880 ----a-w- c:\windows\system32\ntshrui.dll
2011-12-30 05:27:56 478720 ----a-w- c:\windows\system32\timedate.cpl
2011-12-20 15:07:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-16 07:54:22 981504 ----a-w- c:\windows\system32\wininet.dll
2011-12-16 07:52:58 690688 ----a-w- c:\windows\system32\msvcrt.dll
2011-12-16 06:09:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2002-07-26 15:02:06 153088 ----a-w- c:\program files\UNWISE.EXE
.
============= FINISH: 13:36:12,38 ===============


Please advise on the next step.

Edited by boopme, 25 February 2012 - 11:13 AM.


BC AdBot (Login to Remove)

 


#2 nl18612

nl18612
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 26 February 2012 - 09:02 AM

Hello,

I used aswMBR and this pointed me to a currupt dll c:\\windows\system32\pnpuiq.dll.

I deleted the file and can now start the security Center, without it being stopped.

Please close this topic.

Many thanks for the readers of this topic




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users