1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

security & related disabled

Discussion in 'Virus & Other Malware Removal' started by searcher144s, Mar 14, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. searcher144s

    searcher144s Thread Starter

    Joined:
    Mar 14, 2013
    Messages:
    5
    I just got the flag I've seen before that notifies "Turn on windows security center service" of course clicking on it produces, windows security center service can't be started. A trip to services.msc tells me that WSCSVC, WinDefend, Sharedaccess, Max25vc, NetTcpPort Sharing, & RemoteAccess are all Disabled.
    clicking the down arrow to change back to Automatic does not work in General. Looks greyed out & functionally unchangable for any of these services??? Any help would be great!!!
     
  2. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Please run this scan:

    Please download Farbar Service Scanner and run it on the computer with the issue.

    • Put a check mark in all the boxes.
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log into your reply.
     
  3. searcher144s

    searcher144s Thread Starter

    Joined:
    Mar 14, 2013
    Messages:
    5
    Farbar Service Scanner Version: 03-03-2013
    Ran by Tom (ATTENTION: The logged in user is not administrator) on 14-03-2013 at 10:45:22
    Running from "C:\Users\Tom\Downloads"
    Windows 7 Professional Service Pack 1 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============
     
  4. searcher144s

    searcher144s Thread Starter

    Joined:
    Mar 14, 2013
    Messages:
    5
    FSS
    Farbar Service Scanner Version: 03-03-2013
    Ran by Administrator (administrator) on 14-03-2013 at 10:51:31
    Running from "C:\Users\Tom\Downloads"
    Windows 7 Professional Service Pack 1 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============


    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============


    Firewall Disabled Policy:
    ==================


    System Restore:
    ============


    System Restore Disabled Policy:
    ========================


    Action Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    The start type of wscsvc service is set to Disabled. The default start type is Auto.
    The ImagePath of wscsvc service is OK.
    The ServiceDll of wscsvc service is OK.


    Windows Update:
    ============


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Disabled. The default start type is
    Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Page 1


    FSS

    Other Services:
    ==============

    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcore.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys
    [2013-02-12 15:43] - [2013-01-02 23:05] - 1293672 ____A (Microsoft Corporation)
    7C0507D2391AF5933600CBCED799F277

    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\ipnathlp.dll => MD5 is legit
    C:\Windows\system32\iphlpsvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit

    **** End of log ****

    Page 2


    this is scan as administrator
     
  5. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    That scan shows a service that should be running that isn't, as you listed in your opening post, so I suspect Malware, let's see what these scans show us.

    Can you see, or do you know, what the service Max25vc relates to as I have not been able to find any information on it.

    Please go Here and follow the instructions to run DDS, then Copy and Paste both the logs into your next reply. You need not run HJT or GMER.

    Please also run these two scans and post the logs:

    SCAN 1
    Click on this link to download : ADWCleaner and save it to your desktop.

    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    Close your browser and click on this icon on your desktop: [​IMG]

    You will then see the screen below, click on the Delete button (as indicated), accept any prompts that appear and allow it to reboot the PC. When the PC has rebooted you will be presented with the report, copy & paste it into your next post.

    [​IMG]



    SCAN 2
    Download RogueKiller (by tigzy) and save direct to your Desktop.
    On the web page select the 32bit or 64bit button to match the bit rate of your version of Windows.

    • Quit all running programs.
    • Start RogueKiller.exe by double clicking on the icon.
    • Wait until Prescan has finished.
    • Ensure all boxes are ticked under "Report" tab.
    • Click on Scan.
    • Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
    • NOTE: DO NOT attempt to remove anything that the scan detects.

    [​IMG]
     
  6. searcher144s

    searcher144s Thread Starter

    Joined:
    Mar 14, 2013
    Messages:
    5
    Mark
    I ran ADW cleaner & had conflicts with new AVG program I had installed earlier. AVG saw it as a threat & Microsoft produced a popup complaining the software was not written for 7 and later complained of catastrophic failure which did not take place so suspect the Microsoft popups were spoofs produced by Trogan Horse backdoor 6 which AVG suddenly detected. No scan results ever appeared. So, ran ADW cleaner again. It appeared to run normally without popups this time but still no log??
     
  7. searcher144s

    searcher144s Thread Starter

    Joined:
    Mar 14, 2013
    Messages:
    5
    RogueKiller V8.5.3 [Mar 13 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Started in : Normal mode
    User : Administrator [Admin rights]
    Mode : Scan -- Date : 03/14/2013 16:23:46
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 5 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\RunOnce : DeleteOnReboot (C:\Windows\DeleteOnReboot.bat) [-] -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-274910554-775296786-2313869735-500[...]\RunOnce : DeleteOnReboot (C:\Windows\DeleteOnReboot.bat) [-] -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST3160828AS ATA Device +++++
    --- User ---
    [MBR] 7b964436cfe4c673c833e207b43b0417
    [BSP] cf42810ed9eb59b389d280cc8e4491c9 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 152578 Mo
    1 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 312480315 | Size: 8 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: WDC WD2500AVVS-63L2B0 ATA Device +++++
    --- User ---
    [MBR] 2f47213849ff28793ac0d15a40398271
    [BSP] 211b8ab9ac41f1fe797166309d14a2a0 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 152578 Mo
    1 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 312480315 | Size: 85895 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_03142013_02d1623.txt >>
    RKreport[1]_S_03142013_02d1623.txt
     
  8. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    AVG often causes problems with some of our tools and Windows does complain on occasion, rest assured the program is completely safe and compatible with Windows 7.

    You should find the log on your C: drive as AdwCleaner[S1]

    It seems clear from the AVG detection that you have an infection, if it is a Backdoor Trojan chances are it will return even if AVG deleted it. I will have this thread moved to the Malware forum.

    Please run this scan:



    Please follow the instructions exactly as written, deviating from the instructions and trying to fix anything before I have seen the logs may make your PC unbootable. If TDSSKiller does not offer the Cure option DO NOT select delete as you may remove files needed for the system to operate.

    Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!
    -- The tool is frequently updated...if you used TDSSKiller before, delete that version and download the most current one before using again.

    Be sure to print out and follow the instructions for performing a scan.

    • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop.
    • Alternatively, you can download TDSSKiller.exe and use that instead.
    • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • If an update is available, TDSSKiller will prompt you to update and download the most current version. Click Load Update. Close TDSSKiller and start again.


    • When the program opens, click the Change parameters.

      [​IMG]

    • Under "Additional options", check the boxes next to Verify file digital signatures and Detect TDLFS file system, then click OK.

      [​IMG]

    • Click the Start Scan button.

      [​IMG]

    • Do not use the computer during the scan
    • If the scan completes with nothing found, click Close to exit.
    • If 'Suspicious objects' are detected, the default action will be Skip. Leave the default set to Skip and click on Continue.
    • If Malicious objects are detected, they will show in the Scan results - Select action for found objects: and offer three options.

      [​IMG]

    • Ensure Cure is selected...then click Continue -> Reboot computer for cure completion.

      [​IMG]

    • Important! -> If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed. If you choose Delete you may remove critical system files and make your PC unstable or possibly unbootable.
    • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C: ).
    • Copy and paste the contents of that file in your next reply.

    -- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it to something else before beginning the download and saving to the computer or to perform the scan in "safe mode".
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - security related disabled
  1. migolfergirl
    Replies:
    31
    Views:
    1,152
  2. parman
    Replies:
    1
    Views:
    441
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1093037

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice