PDA

View Full Version : The Security Center is not running



curly
25-02-2013, 04:37 PM
"The Security Center can't be started" , anybody know how to fix the problem ? Windows Vista.

Speedy Gonzales
25-02-2013, 05:05 PM
You maybe infected with something. Does anything / everything else work?? ie: The firewall / msconfig / task manager?

Get farbar service scanner. Run it as admin. Select all but the last option. Then scan (http://www.bleepingcomputer.com/download/farbar-service-scanner/). Copy what comes up in here. We'll see if any services are missing

curly
25-02-2013, 05:56 PM
You maybe infected with something. Does anything / everything else work?? ie: The firewall / msconfig / task manager?

Get farbar service scanner. Run it as admin. Select all but the last option. Then scan (http://www.bleepingcomputer.com/download/farbar-service-scanner/). Copy what comes up in here. We'll see if any services are missing

The firewall/msconfig/task manager all seem to be working OK.

Farbar produced a report, but what do I need to do to send it to you ?

Incidently, my win 7 machine you fixed is working just fine, just like a new one :-)

Speedy Gonzales
25-02-2013, 06:09 PM
Sweet when the txt file opens press ctrl-a together. So everything is selected then ctrl-c together to copy it. Then reply here then press ctrl-v together to paste it

Or get teamviewer install run it give me the id and pw it gives you in a PM. I'll have a look

curly
25-02-2013, 07:36 PM
Sweet when the txt file opens press ctrl-a together. So everything is selected then ctrl-c together to copy it. Then reply here then press ctrl-v together to paste it

Or get teamviewer install run it give me the id and pw it gives you in a PM. I'll have a look
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-02-2013 01
Ran by Iain at 25-02-2013 19:21:52
Running from C:\Users\Iain\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Content.IE5\Y88BJFOZ
Service Pack 2 (X86) OS Language: English(US)
Attention: Could not load system hive.
ERROR: The process cannot access the file because it is being used by another process.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


==================== One Month Created Files and Folders ========

2013-02-25 17:38 - 2013-02-25 19:21 - 00000000 ____D C:\FRST
2013-02-25 13:48 - 2013-01-09 11:23 - 12321280 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-02-25 13:48 - 2013-01-09 11:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-02-25 13:48 - 2013-01-09 11:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-02-25 13:48 - 2013-01-09 11:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-02-25 13:48 - 2013-01-09 11:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-02-25 13:48 - 2013-01-09 11:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-02-25 13:48 - 2013-01-09 11:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-02-25 13:48 - 2013-01-09 11:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-02-25 13:48 - 2013-01-09 10:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-02-25 13:48 - 2013-01-09 10:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-02-25 13:48 - 2013-01-09 10:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-02-25 13:48 - 2013-01-09 10:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-02-25 13:48 - 2013-01-09 10:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-02-25 13:48 - 2013-01-09 10:56 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-02-25 13:48 - 2013-01-09 10:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-02-25 13:48 - 2013-01-09 10:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-02-25 13:38 - 2013-01-05 00:28 - 00914792 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-02-25 13:38 - 2013-01-04 14:55 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2013-02-25 13:36 - 2013-01-05 18:26 - 03602808 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-02-25 13:36 - 2013-01-05 18:26 - 03550072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-02-25 13:36 - 2013-01-04 14:38 - 02048512 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-02-25 13:36 - 2012-11-08 16:48 - 01314816 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2013-02-03 17:54 - 2013-02-03 17:54 - 00448512 ____A (OldTimer Tools) C:\Users\Iain\Downloads\TFC.exe
2013-02-03 17:50 - 2013-02-03 17:50 - 00000000 ____D C:\Users\Iain\AppData\Local\{8E516ED1-1A19-4945-911D-6DB0751D877A}
2013-02-03 17:34 - 2013-02-25 13:54 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-02-03 16:34 - 2013-02-03 16:34 - 00688776 ____A (CNET Download.com) C:\Users\Iain\Downloads\cbsidlm-cbsi5_3_0_93-Temp_File_Cleaner-ORG-10628816.exe

==================== One Month Modified Files and Folders ========

2013-02-25 19:21 - 2013-02-25 17:38 - 00000000 ____D C:\FRST
2013-02-25 19:20 - 2012-07-15 15:32 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-02-25 19:12 - 2009-07-07 10:31 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-02-25 19:12 - 2008-06-18 11:16 - 00000000 ____D C:\Users\Iain\AppData\Roaming\Mozilla
2013-02-25 18:45 - 2007-11-21 20:01 - 01908922 ____A C:\Windows\WindowsUpdate.log
2013-02-25 17:57 - 2006-11-03 01:46 - 00003696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-02-25 17:57 - 2006-11-03 01:46 - 00003696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-02-25 17:26 - 2012-07-01 18:01 - 00000000 ____D C:\Program Files\Auslogics
2013-02-25 16:17 - 2007-09-11 15:46 - 00000000 ____D C:\Windows\SMINST
2013-02-25 14:15 - 2010-04-09 08:35 - 00000370 ____A C:\Windows\Tasks\Ad-Aware Update (Daily 2).job
2013-02-25 14:04 - 2006-11-03 00:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-02-25 14:03 - 2006-11-02 23:33 - 00759698 ____A C:\Windows\System32\PerfStringBackup.INI
2013-02-25 13:57 - 2006-11-03 02:00 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-02-25 13:57 - 2006-11-03 01:46 - 03929368 ____A C:\Windows\System32\FNTCACHE.DAT
2013-02-25 13:56 - 2007-09-11 15:11 - 00000000 ____D C:\ProgramData\NVIDIA
2013-02-25 13:54 - 2013-02-03 17:34 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-02-25 13:52 - 2006-11-03 02:00 - 00032606 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-02-24 08:15 - 2010-04-09 08:35 - 00000370 ____A C:\Windows\Tasks\Ad-Aware Update (Daily 1).job
2013-02-23 20:14 - 2010-04-09 08:35 - 00000370 ____A C:\Windows\Tasks\Ad-Aware Update (Daily 3).job
2013-02-23 08:14 - 2010-04-09 08:35 - 00000370 ____A C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2013-02-21 07:44 - 2009-09-19 18:28 - 00000000 ____D C:\DXTOOLBOX
2013-02-20 10:50 - 2008-11-19 10:20 - 00000052 ____A C:\Windows\System32\DOErrors.log
2013-02-19 21:44 - 2008-05-04 14:26 - 00077312 ____A C:\Users\Iain\Documents\Running.xlr
2013-02-19 21:44 - 2008-02-09 14:48 - 00000894 ____A C:\Users\Iain\AppData\Roaming\wklnhst.dat
2013-02-10 20:21 - 2012-05-12 18:33 - 00697712 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-02-10 20:21 - 2011-05-20 07:30 - 00074096 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-02-08 19:16 - 2011-10-24 17:51 - 00073216 ____A C:\Users\Iain\Desktop\10 mtrs.xlr
2013-02-04 22:29 - 2006-11-02 23:24 - 67823584 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-02-03 17:54 - 2013-02-03 17:54 - 00448512 ____A (OldTimer Tools) C:\Users\Iain\Downloads\TFC.exe
2013-02-03 17:50 - 2013-02-03 17:50 - 00000000 ____D C:\Users\Iain\AppData\Local\{8E516ED1-1A19-4945-911D-6DB0751D877A}
2013-02-03 16:34 - 2013-02-03 16:34 - 00688776 ____A (CNET Download.com) C:\Users\Iain\Downloads\cbsidlm-cbsi5_3_0_93-Temp_File_Cleaner-ORG-10628816.exe
2013-01-30 23:53 - 2009-10-03 08:21 - 00232336 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2012-12-13 08:11] - [2012-08-22 00:47] - 0224640 ____A (Microsoft Corporation) 786DB5771F05EF300390399F626BF30A


==================== Memory info ===========================

Percentage of memory in use: 52%
Total physical RAM: 3070.58 MB
Available physical RAM: 1459.82 MB
Total Pagefile: 7073.59 MB
Available Pagefile: 5536.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.16 MB

==================== Partitions =============================

1 Drive c: (HP) (Fixed) (Total:1384.61 GB) (Free:1251.5 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.65 GB) (Free:5.92 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (PhotoStorage) (Fixed) (Total:1397.26 GB) (Free:1386.31 GB) NTFS
9 Drive m: () (Removable) (Total:59.75 GB) (Free:55.59 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 1397 GB 0 B
Disk 1 Online 1397 GB 6144 KB
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 Online 60 GB 0 B

Partitions of Disk 0:
===============

Disk ID: F316966F

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1397 GB 32 KB

================================================== =======

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 F PhotoStorag NTFS Partition 1397 GB Healthy

================================================== =======

Partitions of Disk 1:
===============

Disk ID: 1549F232

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1385 GB 32 KB
Partition 2 Primary 13 GB 1385 GB

================================================== =======

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C HP NTFS Partition 1385 GB Healthy System (partition with boot components)

================================================== =======

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 D FACTORY_IMA NTFS Partition 13 GB Healthy

================================================== =======

Partitions of Disk 6:
===============

Disk ID: C3072E18

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 60 GB 8 KB

================================================== =======

Disk: 6
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 9 M NTFS Removable 60 GB Healthy

================================================== =======

Last Boot: 2013-02-25 14:01

==================== End Of Log ============================

Speedy Gonzales
25-02-2013, 07:39 PM
Err where did you get that from thats not farbar service scanner. I dont think thats the program in the link I posted. It should say service scanner when you run it. Not recovery scan tool

curly
25-02-2013, 07:51 PM
Ha Ha Ha, well I dunno! Says "Results of farbar scan tool (FRST) (x86) version 23-02-2013"

My ctrl-a, ctrl-c and ctrl-v all seemed to work as I might have expected. Control-a produced a heap of stuff, ctrl-c highlighted it all and ctrl-v seemed to have sent it. Should I run farbar again and try again ?

Speedy Gonzales
25-02-2013, 07:53 PM
You copied and pasted right, but with the wrong program lol. The download button is in the middle of the screen, where I posted the link in post #2. The name is fss.exe if you download service scanner

curly
25-02-2013, 08:06 PM
Farbar Service Scanner Version: 20-02-2013
Ran by Iain (administrator) on 25-02-2013 at 19:50:43
Running from "C:\Users\Iain\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Content.IE5\X8TP428C"
Windows Vista (TM) Ultimate Service Pack 2 (X86)
Boot Mode: Normal
************************************************** **************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-02-25 13:38] - [2013-01-05 00:28] - 0914792 ____A (Microsoft Corporation) 3535CD93F944C00F098E73E12EE7FEB6

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Speedy Gonzales
25-02-2013, 08:12 PM
Hmm go to start/run. Type services.msc double click on security center. If its disabled, change it to auto / delayed start then start it. See if it starts. If an error comes up, tell us what it says

curly
25-02-2013, 08:37 PM
Hmm go to start/run. Type services.msc double click on security center. If its disabled, change it to auto / delayed start then start it. See if it starts. If an error comes up, tell us what it says

My Vista machine does not show the "run" command, win 7 has it, but I cannot remember where I can find it. Help please !

Speedy Gonzales
25-02-2013, 08:39 PM
Press the windows key+R it'll do the same thing. You have to right mouse on the taskbar / properties then enable it to see it

curly
25-02-2013, 09:23 PM
Its already set to Auto (delayed start), clicked on Service status/start and got an error 1079, if that means anything to you .

Speedy Gonzales
25-02-2013, 09:36 PM
Follow this. Someone has changed the local account for security center. (http://support.microsoft.com/kb/2519899?wa=wsignin1.0). Same place where you tried to start it. Start from 5

The bit under it maybe tricky, it deals with the registry. This bit is only if it doesnt work after completing 6-11, and after you reboot. And it doesnt turn on

Speedy Gonzales
26-02-2013, 01:04 PM
So if you tried 6-11 did it work?