Malware removal / windows security is not launching

Please run this fix via FRST

@taimrarchy
Copy the content of the code box below.
Do not copy the word code!!!
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next message.
Strange, everything is corrected now.

Let’s see if there is something preventing Defender from starting.

Security Check Scan.

[ul]
[li]Download Security Check to your desktop.[/li][li]Right click it run as administrator.[/li][li]When the program completes, the tool will automatically open a log file.[/li][li]Please [COLOR=rgb(184, 49, 47)]Copy and paste that log here in your next post[/li][/ul][/COLOR]

[HEADING=1]Fix result of Farbar Recovery Scan Tool (x64) Version: 17-08-2023 01
Ran by tmmrcy (21-08-2023 04:23:23) Run:3
Running from C:\Users\tzahi\Desktop\PC Help Forum Tings
Loaded Profiles: tmmrcy
Boot Mode: Normal[/HEADING]
fixlist content:

---

Start::
cmd: del /s /q “C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory*."
cmd: del /s /q “C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Detections.log”
cmd: del /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\results\quick*.”
cmd: del /s /q “C:\ProgramData\Microsoft\Windows Defender\Scans\History\results\resource*."
cmd: del /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\results\system*.”
startpowershell:
Set-MpPreference -DisableAutoExclusions $true -Force
Set-MpPreference -Mapsreporting basic -Force
Set-MpPreference -DisableRealtimeMonitoring $false -Force
Set-MpPreference -DisablePrivacyMode $true -Force
Set-MpPreference -DisableIOAVProtection $false -Force
Set-MpPreference -CheckForSignaturesBeforeRunningScan $true -Force
Set-MpPreference -PUAProtection enabled -Force
Update-MpSignature
Get-MpComputerStatus
Get-MpPreference
endpowershell:

StartPowerShell:
[HEADING=1]Function to manage Windows Defender, remove exclusions, run scan, report on status[/HEADING]
Function Manage-WindowsDefender {
Get-MpComputerStatus
echo “Listing of exclusions”
Get-MpPreference | Select-Object -Expand ExclusionPath | Out-String -width 4096
$Paths=(Get-MpPreference).ExclusionPath
$Extensions=(Get-MpPreference).ExclusionExtension
$Processes=(Get-MpPreference).ExclusionProcess
foreach ($Path in $Paths) { Remove-MpPreference -ExclusionPath $Path -Force}
foreach ($Extension in $Extensions) { Remove-MpPreference -ExclusionExtension $Extension -Force}
foreach ($Process in $Processes) { Remove-MpPreference -ExclusionProcess $Process -Force}
Set-MpPreference -DisableAutoExclusions $true -Force
Set-MpPreference -CheckForSignaturesBeforeRunningScan $true -Force
Set-MpPreference -DisableArchiveScanning $false -Force
Set-MpPreference -DisableBehaviorMonitoring $false -Force
Set-MpPreference -DisableEmailScanning $False -Force
Set-MpPreference -DisableIOAVProtection $false -Force
Set-MpPreference -DisablePrivacyMode $true -Force
Set-MpPreference -DisableRealtimeMonitoring $false -Force
Set-MpPreference -MAPSReporting Advanced -Force
Set-MpPreference -PUAProtection enabled -Force
Set-MpPreference -SignatureScheduleDay Everyday -Force
Set-MpPreference -DisableRemovableDriveScanning $false -Force
Set-MpPreference -SubmitSamplesConsent SendSafeSamples
# Reset and check Secure Health status
Get-AppxPackage Microsoft.SecHealthUI -AllUsers | Reset-AppxPackage
Get-AppxPackage Microsoft.SecHealthUI -AllUsers|select Name, Status
# Check if these services are running
Get-Service Windefend, SecurityHealthService, wscsvc, mpsdrv, mpssvc, WdNisSvc | Select Name,DisplayName, Status
# Check for signature updates
Update-MpSignature
Start-MpScan -ScanType QuickScan
Remove-MpThreat
# Check computer status again after setting to make sure changes were applied
Get-MpComputerStatus
Get-MpPreference
Get-MpThreatDetection
}
EndPowerShell:
Reboot:
End::

---

========= del /s /q “C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory*.* ” =========

The system cannot find the path specified.

========= End of CMD: =========

========= del /s /q “C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Detections.log” =========

The system cannot find the path specified.

========= End of CMD: =========

========= del /s /q “C:\ProgramData\Microsoft\Windows Defender\Scans\History\results\quick*.*” =========

The system cannot find the path specified.

========= End of CMD: =========

========= del /s /q “C:\ProgramData\Microsoft\Windows Defender\Scans\History\results\resource*.*” =========

The system cannot find the path specified.

========= End of CMD: =========

========= del /s /q “C:\ProgramData\Microsoft\Windows Defender\Scans\History\results\system*.*” =========

The system cannot find the path specified.

========= End of CMD: =========

========= Powershell: =========

Set-MpPreference : Invalid class
At C:\FRST\tmp000.ps1:1 char:1

• Set-MpPreference -DisableAutoExclusions $true -Force
• Code:

    + CategoryInfo          : MetadataError: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Set-MpPreference], 
    CimException
    + FullyQualifiedErrorId : HRESULT 0x80041010,Set-MpPreference

Set-MpPreference : Invalid class
At C:\FRST\tmp000.ps1:2 char:1

• Set-MpPreference -Mapsreporting basic -Force
• Code:

    + CategoryInfo          : MetadataError: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Set-MpPreference], 
    CimException
    + FullyQualifiedErrorId : HRESULT 0x80041010,Set-MpPreference

Set-MpPreference : Invalid class
At C:\FRST\tmp000.ps1:3 char:1

• Set-MpPreference -DisableRealtimeMonitoring $false -Force
• Code:

    + CategoryInfo          : MetadataError: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Set-MpPreference], 
    CimException
    + FullyQualifiedErrorId : HRESULT 0x80041010,Set-MpPreference

Set-MpPreference : Invalid class
At C:\FRST\tmp000.ps1:4 char:1

• Set-MpPreference -DisablePrivacyMode $true -Force
• Code:

    + CategoryInfo          : MetadataError: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Set-MpPreference], 
    CimException
    + FullyQualifiedErrorId : HRESULT 0x80041010,Set-MpPreference

Set-MpPreference : Invalid class
At C:\FRST\tmp000.ps1:5 char:1

• Set-MpPreference -DisableIOAVProtection $false -Force
• Code:

    + CategoryInfo          : MetadataError: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Set-MpPreference], 
    CimException
    + FullyQualifiedErrorId : HRESULT 0x80041010,Set-MpPreference

Set-MpPreference : Invalid class
At C:\FRST\tmp000.ps1:6 char:1

• Set-MpPreference -CheckForSignaturesBeforeRunningScan $true -Force
• Code:

    + CategoryInfo          : MetadataError: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Set-MpPreference], 
    CimException
    + FullyQualifiedErrorId : HRESULT 0x80041010,Set-MpPreference

Set-MpPreference : Invalid class
At C:\FRST\tmp000.ps1:7 char:1

• Set-MpPreference -PUAProtection enabled -Force
• Code:

    + CategoryInfo          : MetadataError: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Set-MpPreference], 
    CimException
    + FullyQualifiedErrorId : HRESULT 0x80041010,Set-MpPreference

Update-MpSignature : Invalid class
At C:\FRST\tmp000.ps1:8 char:1

• Update-MpSignature
• Code:

    + CategoryInfo          : MetadataError: (MSFT_MpSignature:ROOT\Microsoft\...SFT_MpSignature) [Update-MpSignature] 
   , CimException
    + FullyQualifiedErrorId : HRESULT 0x80041010,Update-MpSignature

Get-MpComputerStatus : Invalid class
At C:\FRST\tmp000.ps1:9 char:1

• Get-MpComputerStatus
• Code:

    + CategoryInfo          : MetadataError: (MSFT_MpComputerStatus:ROOT\Microsoft\...pComputerStatus) [Get-MpComputer 
   Status], CimException
    + FullyQualifiedErrorId : HRESULT 0x80041010,Get-MpComputerStatus

Get-MpPreference : Invalid class
At C:\FRST\tmp000.ps1:10 char:1

• Get-MpPreference
• Code:

    + CategoryInfo          : MetadataError: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Get-MpPreference], 
    CimException
    + FullyQualifiedErrorId : HRESULT 0x80041010,Get-MpPreference

========= End of Powershell: =========

========= Powershell: =========

========= End of Powershell: =========

The system needed a reboot.

==== End of Fixlog 04:23:27 ====

SecurityCheck by glax24 & Severnyj v.1.4.0.54 [06.12.21]
WebSite: www.safezone.cc
DateLog: 21.08.2023 04:25:35
Path starting: C:\Users\tzahi\AppData\Local\Temp\SecurityCheck\Se curityCheck.exe
Log directory: C:\SecurityCheck
IsAdmin: True
User: tmmrcy
VersionXML: 10.65is-19.08.2023

---

Windows 11(6.3.22621) (x64) Core Release: 22H2 Lang: English(0409)
Installation date OS: 22.09.2022 05:53:16
LicenseStatus: Windows(R), Core edition The machine is permanently activated.
LicenseStatus: Office 16, Office16MondoVL_KMS_Client edition Windows is in Notification mode
LicenseStatus: Office 21, Office21ProPlus2021R_Grace edition Windows is in Notification mode
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
SystemDrive: C: FS: [NTFS] Capacity: [461.2 Gb] Used: [245.1 Gb] Free: [216.1 Gb]
------------------------------- [ Windows ] -------------------------------
User Account Control disabled
The elevation prompt for administrators disabled
^It is recommended to enable (default): Win+R typing UserAccountControlSettings and Enter[1]
Security Center (wscsvc) - The service has stopped
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
--------------------------- [ FirewallWindows ] ---------------------------
Windows Defender Firewall (mpssvc) - The service is running
--------------------------- [ OtherUtilities ] ----------------------------
Steam v.2.10.91.91
Intel® Driver & Support Assistant v.23.3.25.6
Epic Games Launcher v.1.2.17.0
------------------------------- [ Backup ] --------------------------------
Microsoft OneDrive v.23.153.0724.0003
------------------------------ [ ArchAndFM ] ------------------------------
WinRAR 6.02 (64-bit) v.6.02.0 Warning! Download Update
-------------------------- [ IMAndCollaborate ] ---------------------------
Zoom v.5.7.7 (1105) Warning! Download Update
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 381 v.8.0.3810.9
------------------------------- [ Browser ] -------------------------------
Microsoft Edge v.115.0.1901.203
------------------ [ AntivirusFirewallProcessServices ] -------------------
Windows Defender (WinDefend) - The service has stopped
----------------------------- [ End of Log ] ------------------------------

---

1. /b ↩︎

Strange that the services will not start but are intact. Time for a repair install.

Yeah, it worked finally ??? thanks. Need anything else?

Update your older programs with Patch My PC home Edition.

---

We will clean all the tools we used…

Download KpRM
Save to Desktop
Check Delete Tools’
Check Delete Restore points.
Create Restore point.
Click delete quarantines.
Then click run.

---

I suggest:
Ublock Origin
O&O Shutup Ten
O&O App Buster