Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

windows defender will not start. getting error code 577


  • This topic is locked This topic is locked
14 replies to this topic

#1 Alibi00

Alibi00

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 26 April 2015 - 03:53 PM

I can not start windows defender and im receiving an error code of 577 when i try to star from the services screen. I have downloaded the frst64.exe and have run it and have the log files. was wondering if there is anyone that can help. 

Attached Files


Edited by Chris Cosgrove, 26 April 2015 - 06:09 PM.
Moved from Win 8 to 'Virus, trojan etc. logs'. FRST report included


BC AdBot (Login to Remove)

 


#2 Alibi00

Alibi00
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 29 April 2015 - 11:32 AM

I have done some more exploring into the problem. I am unable to change in permissions in the windows defender. it says access denied.  I have tried to change the permissions by going under the registry settings under windows defender and give myself full control but it says access denied. I cant seem to get around this.



#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:48 AM

Posted 30 April 2015 - 08:25 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===



Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
CloseProcesses:

HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3956354571-3701947242-370654185-1001\...\Run: [GoogleUpdate] => C:\Users\hill735\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe [16541474 2015-03-29] (Google Inc.)
HKU\S-1-5-21-3956354571-3701947242-370654185-1001\...\Run: [eqig] => C:\Users\hill735\AppData\Local\Temp\2e68\AppData\Local\eqig\eqig.exe [376373 2015-04-07] (Microsoft Corporation) <===== ATTENTION
HKU\S-1-5-21-3956354571-3701947242-370654185-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"ix8\..\mshtml,RunHTMLApplication ";eval("sg7<odv!@buhwdYNckdbu)#VRbshqu/Rid (the data entry has 27907 more characters). <==== Poweliks!
HKU\S-1-5-21-3956354571-3701947242-370654185-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com
HKU\S-1-5-21-3956354571-3701947242-370654185-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
C:\Users\hill735\AppData\Roaming\FrameworkUpdate
C:\Users\hill735\AppData\Local\Temp\2e68
C:\Users\hill735\AppData\Roaming\HELP_DECRYPT.HTML
C:\Users\hill735\AppData\Roaming\HELP_DECRYPT.PNG
C:\Users\hill735\AppData\Roaming\HELP_DECRYPT.TXT
C:\Users\hill735\AppData\Roaming\HELP_DECRYPT.URL
C:\Users\hill735\AppData\Local\HELP_DECRYPT.HTML
C:\Users\hill735\AppData\Local\HELP_DECRYPT.PNG
C:\Users\hill735\AppData\Local\HELP_DECRYPT.TXT
C:\Users\hill735\AppData\Local\HELP_DECRYPT.URL
C:\ProgramData\@system.temp
C:\ProgramData\@system3.att
C:\ProgramData\DP45977C.lfl
C:\ProgramData\HELP_DECRYPT.HTML
C:\ProgramData\HELP_DECRYPT.PNG
C:\ProgramData\HELP_DECRYPT.TXT
C:\ProgramData\HELP_DECRYPT.URL
C:\Users\hill735\AppData\Local\Temp\COMAP.EXE
C:\Users\hill735\AppData\Local\Temp\Intel_Technology_Access_Software.exe
C:\Users\hill735\AppData\Local\Temp\octBB6.tmp.exe
C:\Users\hill735\AppData\Local\Temp\octE2EA.tmp.exe
C:\Users\hill735\AppData\Local\Temp\scpB08C.tmp.exe
C:\Users\hill735\AppData\Local\Temp\SkypeSetup.exe
C:\Users\hill735\AppData\Local\Temp\update.exe

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#4 Alibi00

Alibi00
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 30 April 2015 - 02:17 PM

I ran the frst64  and clicked fix. I am still getting error code 577 when i try to start windows defender. it is set to start type manuel. the log file is below:

Attached File  Fixlog.txt   5.61KB   1 downloads

 



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:48 AM

Posted 01 May 2015 - 06:37 AM

Have you seen and tried the fixes on this page.

http://answers.microsoft.com/en-us/windows/forum/windows8_1-system/windows-defender-error-code-577/33c92149-32de-4151-92fb-594d3a5c9ea8

#6 Alibi00

Alibi00
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 01 May 2015 - 10:07 AM

I went to the above link and followed the steps they recommended. when i get to the action center to turn on the Windows Defender, it takes me straight to the system32 folder to search for it. On the follow-up  link on that page it states to search for defender, well when I do and bring it up it tells me : if your using another app to check for malicious or unwanted software, use security and maintenance to check that app's status. and that windows defender has been turned off. 

 

I am no not using another program and I have not installed one. so I am lost, nor can I get to security and maintenance.



#7 Alibi00

Alibi00
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 01 May 2015 - 11:37 AM

I went back through my event viewer under windows logs - security and found that a security-enable local group was created on a specific date.  They also set special privileges to this group they are as follows:

SetAssignPrimaryTokenPrivilege

SeTcbPrivilege

SeSecurityPrivilege

SeTakeOwnershipPrivilege

SeLoadDriverPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeDebugPrivilege

SeAuditPrivilegeSeSystemEnvironmentPrivilege

SeImpersonatePrivilege

 

I cant give myself privileges to do anything, I have read only privileges :(

Administrator cant do anything 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:48 AM

Posted 01 May 2015 - 12:19 PM

Please Download Tweaking.com - Windows Repair from Here
  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click on Repairs
  • Click Repairs - Open Repairs in the bottom right corner
  • Click the Unselect All button then select just the item(s) listed below

  • 01 - Repair Registry Permissions
    03 - Reset Service permissions
    04 - Register System Files
    10 - Remove Policies Set By Infections
    15 - Repair Proxy Settings
    26 - Restore Important Windows Services
    27 - Set Windows Service to Default Startup
    
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.

  • ===

    p.s. Do not forget th Backup in Step 5

    How is it now?


#9 Alibi00

Alibi00
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 01 May 2015 - 06:05 PM

I performed the above things. the log is attached. still can't start windows defender. But and I say But Windows Defender is now set to startup Type Automatic instead of manual. I was able to change that but when I try to start it i get error code 577 still. :(

Attached Files


Edited by Alibi00, 01 May 2015 - 06:32 PM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:48 AM

Posted 02 May 2015 - 07:05 AM

Please run this tool.

Download Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender


Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.

#11 Alibi00

Alibi00
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 02 May 2015 - 11:12 AM

Here are the results of the scan

Farbar Service Scanner Version: 17-01-2015
Ran by Cathy (administrator) on 02-05-2015 at 12:07:40
Running from "E:\"
Microsoft Windows 8.1 with Bing (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

Attached Files

  • Attached File  FSS.txt   2.43KB   3 downloads

Edited by nasdaq, 03 May 2015 - 06:36 AM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:48 AM

Posted 03 May 2015 - 06:39 AM

Copy the text IN THE QUOTE BOX below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files" Once you have saved Right click the .reg file and allow it to merge with the registry.
 

Windows Registry Editor Version 5.00


CHANGE THE KEYS FOR THE NEW FILE.......

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=-


Restart the when completed.

You can delete the fixme.reg file when done.

How is it now?

#13 Alibi00

Alibi00
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 04 May 2015 - 10:56 AM

works great now thanks for your help! :) :)



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:48 AM

Posted 04 May 2015 - 01:27 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:48 AM

Posted 10 May 2015 - 09:53 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users