Problems after Vista Cleaning Procedure

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by drum_bum04, Jan 6, 2008.

  1. drum_bum04

    drum_bum04 Private E-2

    I visited this forum for a guide to routine maintenance and cleaning of my computer. I did not have any major problems to speak of, but I wanted to go ahead and go through the "Basic Computer Maintenance" and "Vista Cleaning Procedure" because I'm not naive enough to believe that just because there aren't any noticeable problems I am not infected with malware in some way. I also thought the cleaning would help optimize performance. I made it through all the steps in the Maintenance and Cleaning threads and was feeling pretty good about cleaning up my computer; however, shortly after finishing I noticed that my Windows Security Center service has been turned off. When I try to turn this service back on I get a message saying, "The Security Service can't be started" (see: screenshot1). I tried consulting google and found several pages with some suggestions, but I just keep running into more error messages. I tried starting the Security Center through services.msc and got a combination of error messages (see: screenshot2 and screenshot3). I also tried doing a system restore from multiple different restore points, but none of them were able to complete successfully. I would appreciate any help you guys could offer me regarding this problem. As far as I know I followed all of the recommended procedures word for word - let me know if there's something I did wrong. :confused THANK YOU!!
     

    Attached Files:

    drum_bum04, Jan 6, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    What specific thread are you referring to what you say Maintenance and Cleaning threads. We do not have a thread with tha title in this forum. We do have a Vista Cleaning Procedure though and it is part of this thread: READ & RUN ME FIRST. Malware Removal Guide

    Is this what you meant to say you ran?

    Exactly what things have you done up to the point where you noticed this issue?


    This is a fairly widespread problem (and I don't mean the READ & RUN ME, I mean the Security Center Service being shut down) that has been seen quite often with Vista. Sometimes special procedures work to fix this? I would however first suggest that you just try using System Restore to go back to a point just before running whatever you ran. (I still wish to know exactly what was run step by step).
     
    chaslang, Jan 6, 2008
    #2
  3. drum_bum04

    drum_bum04 Private E-2

    Ok, here is a more specific list of what procedures I followed:

    First I went through the steps outlined in the "Basic Computer Maintenance" section (http://forums.majorgeeks.com/showthread.php?t=106650).

    I then followed the steps in the "READ & RUN ME FIRST" section (http://forums.majorgeeks.com/showthread.php?t=35407)

    Finally I went through the "Vista Cleaning Procedure" (http://forums.majorgeeks.com/showthread.php?t=139681)

    I already tried doing a system restore from several points before any of the maintenance/cleaning was done; however, each time I got a message saying that the system restore had not been successfully completed and nothing had been changed. Thank you for your attention to my post. I hope I have been specific enough for you.
     
    drum_bum04, Jan 7, 2008
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay so then you finished everything before noticing the problem. I just wanted to try and get an idea of about when in the procedures it happened but it sounds like you only noticed when all steps were finished.

    Do you have the logs from the READ & RUN ME? That would be ComboFix, AVG AntiSpyware and MGlogs.zip from MGtools.


    Please do the below.



    Part 1
    1. Click the Window button
    2. Type eventvwr.msc in the search dialog
    3. Accept the UAC prompt
    4. Expand Windows Logs and click on System
    5. On the right-hand side, click Filter current log...
    6. Select Warning, Critical, and Error and hit OK
    7. Find the event(s) from the Service Control Manager that relates to the Security Center Service and select it
    8. Hit the Copy button on the right hand side
    9. Respond to this message and past the entire event into your response. I will change it into an attachment later (unless you know how to save it to a file and then attach it yourself.)
    Part 2
    1. Click the Window button: All Programs:Accessories
    2. Right-click Command Prompt and select Run as administrator...
    3. In the command prompt, type sc qc wscsvc
    4. Click the little "C:\_" icon in the upper left corner
    5. Select Edit:Mark...
    6. Click-drag the cursor over all the output from the sc command to select it
    7. Right-click anywhere in the selection
    8. Now in your reply to this post, paste the output of this command.
     
    chaslang, Jan 7, 2008
    #4
  5. drum_bum04

    drum_bum04 Private E-2

    Here is the first:

    Log Name: System
    Source: Service Control Manager
    Date: 1/6/2008 12:13:18 AM
    Event ID: 7000
    Task Category: None
    Level: Error
    Keywords: Classic
    User: N/A
    Computer: DREW
    Description:
    The Security Center service failed to start due to the following error:
    The executable program that this service is configured to run in does not implement the service.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
    <EventID Qualifiers="49152">7000</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2008-01-06T06:13:18.000Z" />
    <EventRecordID>100882</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>System</Channel>
    <Computer>DREW</Computer>
    <Security />
    </System>
    <EventData>
    <Data Name="param1">Security Center</Data>
    <Data Name="param2">%%1083</Data>
    </EventData>
    </Event>

    Microsoft Windows [Version 6.0.6000]
    Copyright (c) 2006 Microsoft Corporation. All rights reserved.

    C:\Windows\system32>sc qc wscsvc
    [SC] QueryServiceConfig SUCCESS

    And the second...

    SERVICE_NAME: wscsvc
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\Windows\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Security Center
    DEPENDENCIES : RpcSs
    : winmgmt
    SERVICE_START_NAME : LocalSystem

    I also attached the logs from the READ & RUN ME; however, I couldn't locate the one from AVG Anti-Spyware. I have it configured to automatically generate a report after every scan, as the instructions state, but I can't seem to locate the report. The Status Menu on AVG shows that a scan was run on 1/5//07, but when I go to the reports menu it says, "No Reports Available." Let me know if there's something else I need to do. Thanks again for your help, I really appreciate it.

    Drew
     

    Attached Files:

    drum_bum04, Jan 9, 2008
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    None of your logs showed any signs of malware to be removed and none was removed.

    This problem with Security Center appears to be a fairly common problem that many people have experience. Someone even wrote a tool to fix it for WinXP SP2 systems ( see this: http://windowsxp.mvps.org/wscsvcfix.htm ) but I would not recommend trying that fix because it only specifies WinXP SP2.

    A couple of lines in from the steps I had you run do not look correct. You have these two lines:
    I believe they should be like the below:
    Let's try the below. If this does not work I may have to send you to the Software Forum to fix this.
    • Click Start, Run, and enter services.msc in the bon and click OK.
    • This will bring up the Service window.
    • Scroll down until you see Security Center
    • Double click Security Center and in the next window set the StartupType to Automatic (Delayed Start)
    • Now click the Log On tab
    • In the next window you should should see the radio button This account: selected and the name in the box to the right should be LocalService
    • There are two more boxes for Password and Confirm Password
    • Delete the passwords in these boxes and then click Apply and OK.
    • Then close the Services window and reboot.
    Did that help?
     
    chaslang, Jan 11, 2008
    #6
  7. drum_bum04

    drum_bum04 Private E-2

    When I double click on Security Center from the services.msc window I get an error message (error1.jpg. The log on tab (before any changes) looks like this (log_on_tab.jpg). When I try to make the recommended changes, I get another error message error2.jpg. I noticed that it seemed to be a pretty common problem when I searched google; however no one really seemed to have any real solutions for Vista operating systems. I thought it had something to do with the cleanup I had done, but I guess maybe it was just a strange coincidence...
     

    Attached Files:

    drum_bum04, Jan 12, 2008
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You may have better luck posting this in the Software Forum where more Vista users can provide input. I'm not sure why you cannot change the service to the LocalService account because this is what it needs to be and because yours is not set this way, you have the problem that the service will not start. Try logging into the Administrator account in safe boot mode and making the change. Other than that, I would then say post in the Software Forum.
     
    chaslang, Jan 12, 2008
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds