Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

The windows security center service can't be started


  • Please log in to reply
9 replies to this topic

#1 windowsufferer

windowsufferer

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 10 April 2013 - 02:06 PM

Hi

 

My laptop has suddenly developed this issue and I'm pretty sure I have picked up something dirty somehow from the net. Please can some one help me with this, I did read a similar post here but wasn't sure if the same steps would be valid for my case as they were little old.

 

At the moment I'm on safe mode with networking and have my McAfee full scan running although it does show me that the my computer is at risk.

 

Thanks

 

WS


Edited by hamluis, 10 April 2013 - 04:00 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 zzz7

zzz7

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:12 AM

Posted 10 April 2013 - 04:26 PM

http://answers.microsoft.com/en-us/windows/forum/windows_7-security/windows-7-windows-security-center-service-cant-be/7fe60dc3-4cb9-4ca5-aa0d-3e77a78384cb try this:

#3 windowsufferer

windowsufferer
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 11 April 2013 - 01:21 PM

Thanks for the link zzz7, unfortunately none of the three options in the link were helpful in my case.

 

The SFC scan came out with no issue and the Malicious detection has nothing picked up & finally the registry also didn't do anything. I did all the above in the safe mode, I hope that is ok?

 

Any other help would be greatly received...

 

 

WS



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:12 AM

Posted 12 April 2013 - 09:35 PM

Please download [url=http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/]Farbar Service Scanner[/url] and run it on the computer with the issue.[list] [*]Make sure the following options are checked: [list] [*][b]Internet Services[/b] [*]Windows Firewall [*]System Restore [*]Security Center/Action Center[/b] [*][b]Windows Update[/b] [*][b]Windows Defender[/b] [/list] [*]Press "[b]Scan". [*]It will create a log (FSS.txt) in the same directory the tool is run. [*]Please copy and paste the log to your reply. [/list]


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 windowsufferer

windowsufferer
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 13 April 2013 - 12:41 AM

Thanks boopme, please see below the FSS log,

 

Farbar Service Scanner Version: 03-03-2013
Ran by JEYA (administrator) on 13-04-2013 at 06:38:17
Running from "C:\Users\JEYA\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:12 AM

Posted 13 April 2013 - 08:43 PM

Ok, Please run this Services Repair Tool


Edited by boopme, 13 April 2013 - 08:44 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 windowsufferer

windowsufferer
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 14 April 2013 - 04:41 PM

Boopme there were 6 infected files found and have been cleaned according to the ESET scan. BTW, the link you gave me didn't work and I had to use an old ESET exe that I had for this purpose, hope this is ok.

 

C:\Users\JEYA\AppData\Local\ejfwjqbr\mpwjtqkf.exe    a variant of Win32/Kryptik.AYLT trojan    cleaned by deleting - quarantined
C:\Users\JEYA\AppData\Local\Temp\0.5485136496947137.exe    a variant of Win32/Kryptik.AYLT trojan    cleaned by deleting - quarantined
C:\Users\JEYA\AppData\Local\Temp\eurhvsjo.exe    a variant of Win32/Kryptik.AYLT trojan    cleaned by deleting - quarantined
C:\Users\JEYA\AppData\Local\Temp\jar_cache8533867062484925239.tmp    a variant of Java/Exploit.CVE-2013-1493.J trojan    cleaned by deleting - quarantined
C:\Users\JEYA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\792658bb-24f7f52e    a variant of Win32/Kryptik.AYLT trojan    cleaned by deleting - quarantined
C:\Users\JEYA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mpwjtqkf.exe    a variant of Win32/Kryptik.AYLT trojan    cleaned by deleting - quarantined

 

After the above scan, I repeated the ESET scan second time to check if it again detects any threats or infected files but this time there was none. However, when I restarted the system in the normal mode, the security centre still doesn't seem to get started and the McAfee still doesn't seem to get enabled. The same messages repeat!

 

Please tell me what is the next step?

 

Thanks

WS
 


Edited by windowsufferer, 14 April 2013 - 04:55 PM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:12 AM

Posted 15 April 2013 - 09:49 AM

Hello, use this link for the Services Repair Tool

 

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 windowsufferer

windowsufferer
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 16 April 2013 - 02:52 PM

Thanks boopme, the problem appears to have been fixed with the new link you provided.

 

Thanks once again..

 

WS



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:12 AM

Posted 16 April 2013 - 07:15 PM

Excellent!
Now you should Create a New Restore Point (alternate method) to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.
The easiest and safest way to do this is:
  • Go to Start > All Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
Then use Disk Cleanup to remove all but the newly created Restore Point.

Edited by boopme, 16 April 2013 - 07:16 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users