combofix used now securitycenter problem

i used the combo fix because i was getting an error st start up saying that winservice.exe was not working and from what i found that was some kind of trojan or something. Well after i ran it, it did fix the error but now i can't turn on security center. Even trying through services i get error number 1079. So how do i fix this guys?

 

First of all ComboFix should not be ran for a startup error. It should only be ran if a Malware Expert request it be ran for a specific infection.

I would recommend you start our initial instructions because there are more than likely further traces of malware on your system.

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

Read & RUN ME FIRST Before Asking for Support

 

well first off i ran combofix because it was listed in the run and read me first vista section, if it was not i would not have run it. Next i don't think it was a start up error, i think i was some kind of trojan or something and one of my other av/scanners took care of it but left something behind. But anyway here are the logs, for some reason i can not save the avg report, even after setting it up right. But i can tell you all that it found was two cookies and nothing else.

 

First, please disable any antivirus and/or antispy programs you have installed so they will not block this fix.

Download Pocket KillBox

• Save it to your desktop or a place easy to find.
• Do not run it yet

Step 1:
First, we need to remove a bad service…

• Now Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
• On the page that opens, scroll down to SCM_Service
• Then right click the entry, select Properties and press Stop Service.
• When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
• Click OK until you get back to Windows.

• Next, run HJT, but instead of scanning, click on the None of the above, just start the program button at the bottom of the choices.
• At the lower right, click on the Config button
• Then click the Misc tools button
• Select Delete an NT Service
• Copy/paste SCM_Service into the box that opens, and press OK
• If you receive any error messages just ignore them and continue.
• Now exit HJT but do not reboot when it tells you it needs to. We will do that further down after running HJT again to fix some other items.

Step 2:
Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

Again, make sure ALL browser windows are closed when you click FIX.

Step 3:
Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Now, Copy and Paste C:\Windows\System32\WinService.exe into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click NO.

Now, Copy and Paste C:\Windows\System32\WinService.exere into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES and allow your PC to reboot.

• If you get an error message about Pending Operations, just reboot your computer manually.

Step 4: Begin here after rebooting from Step 3!
Next Reset Web Settings & Default Security Settings

Select Internet Options, then the Advanced Tab and then the Reset button under Reset Internet Explorer Settings.


Step 5:
Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.


Step 6:
Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

trying to delete the scm_service did not work, it said something about making sure the name is right and the service is not running even though it was not running. killbox did not work, i'm including a log. and i could not run atf cleaner because it says its for xp and 2000 only and i have vista. anyway here are the logs. i have also included a combofix log.

 

oki finally got them to run, you never said that i had to run them as administrator. I still did not run atf cleaner, but here are the new logs.

 

Your logs are clean. If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix, you can delete the ComboFix.exe file, C:\ComboFix folder, C:\QooBox folder, C:\WINDOWS\nircmd.exe, C:\combofix.txt and C:\ComboFix-quarantined-files.txt logs that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used SmitFraudFix, you can delete all files and folders related to it now including the c:\rapport.txt log.
5. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
6. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
7. If we had you run Avenger, you can delete all files related to Avenger now.
8. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
9. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete C:\MGlogs.zip
10. If you are running Windows XP or Windows ME, do the below:
    • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.
11. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

thats great that my logs are clean but my original problem is that after using combofix and mgtools my security center is disabled and i can't turn it back on. i will include some pictures so you can see what i am talking about. picture one is the error i get if i try to start it the usual way. picture two is the error if i try to start it from the services window. And lastly picture three is what i get when i right click on it and hit properties.

picture 1

http://lh4.google.com/julianflorian/R028Wf4Z9xI/AAAAAAAAAHQ/JuR5LlUOv0M/s288/picture 1.jpg

picture 2

http://lh4.google.com/julianflorian/R028Wf4Z9yI/AAAAAAAAAHY/Nfkut5-g3Uw/picture 2.jpg

picture 3

http://lh4.google.com/julianflorian/R028Wf4Z9zI/AAAAAAAAAHg/6sYVd4_ubaY/picture 3.jpg

 

I understand the problem however since it's not malware related I will recommend the Software Forum for this issue.

 

thats great but it was caused by one of your guys tools. So i thought that you guys might know what happened. Someone else has a problem with combofix here too, something about their clock being gone. But i'll just start a new thread in software i guess.

 

ComboFix is not ours, it's was written by sUBs from another forum, it's just used everywhere.