Windows security not working and shows me blank page, could you please help me?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Malnutrition
    PCHF Moderator
    • Jul 2016
    • 7041

    #16
    [HEADING=1]Windows Defender:[/HEADING]
    WinDefend Service is not running. Checking service configuration:
    Checking Start type of WinDefend: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
    Checking ServiceDll of WinDefend: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

    Windows defender registry key is missing, let’s do this.

    Download Windows repair all-in-one .
    Second link. Use portable version,.
    Unzip the archive to your desktop.
    Boot the computer into safe mode.
    Double click the folder.
    Right click Run the file Repair_Windows.exe as admin.
    [IMG alt=“1691931798587.png”]https://pchelpforum.net/attachments/...587-png.12508/

    Go to the “Repairs” tab, click on the “Open Repairs” button
    Attention!!! Click the “Unselect all” button. This should uncheck all items.
    Check these boxes only:
    #1 - Reset Registry Permissions:
    #2 - Reset File Permissions:
    #3 - Reset Service Permissions:
    #5 - Repair WMI:
    #10 - Remove policies set by infections.
    #17 - Repair Windows Updates:
    #21 - Repair MSI (Windows Installer):
    #25 - Restore Important Windows Services:
    #26 - Set Windows Services To Default Startup:
    #29 - Restore Windows 8 COM+ Unmarshalers:
    Then click “Start Repairs”.
    This may take ten minutes or longer, do not use the machine while the scan runs.
    Reboot the computer after you are sure it is completed.

    After rebooting, check the issue and post a fresh FArbar Service Scanner log.[/IMG]

    Comment

    • MaXz
      PCHF Member
      • Sep 2023
      • 26

      #17
      Originally posted by Malnutrition
      Windows defender registry key is missing, let’s do this.

      Download Windows repair all-in-one .
      Second link. Use portable version,.
      Unzip the archive to your desktop.
      Boot the computer into safe mode.
      Double click the folder.
      Right click Run the file Repair_Windows.exe as admin.
      [IMG alt=“1691931798587.png”]https://pchelpforum.net/attachments/...587-png.12508/

      Go to the “Repairs” tab, click on the “Open Repairs” button
      Attention!!! Click the “Unselect all” button. This should uncheck all items.
      Check these boxes only:
      #1 - Reset Registry Permissions:
      #2 - Reset File Permissions:
      #3 - Reset Service Permissions:
      #5 - Repair WMI:
      #10 - Remove policies set by infections.
      #17 - Repair Windows Updates:
      #21 - Repair MSI (Windows Installer):
      #25 - Restore Important Windows Services:
      #26 - Set Windows Services To Default Startup:
      #29 - Restore Windows 8 COM+ Unmarshalers:
      Then click “Start Repairs”.
      This may take ten minutes or longer, do not use the machine while the scan runs.
      Reboot the computer after you are sure it is completed.

      After rebooting, check the issue and post a fresh FArbar Service Scanner log.
      Windows security is still not working and shows blank page.[/IMG][/QUOTE]

      Comment

      • Malnutrition
        PCHF Moderator
        • Jul 2016
        • 7041

        #18
        This file must be downloaded and unzipped to your desktop!!

        Download Windefend.reg save it to your desktop unzip it there.

        Now boot your machine into safe mode.

        Right click and select merge reboot the
        machine and check issue post new fss log.

        Comment

        • MaXz
          PCHF Member
          • Sep 2023
          • 26

          #19
          Originally posted by Malnutrition
          This file must be downloaded and unzipped to your desktop!!

          Download Windefend.reg save it to your desktop unzip it there.

          Now boot your machine into safe mode.

          Right click and select merge reboot the
          machine and check issue post new fss log.
          Download link is not working

          Comment

          • Malnutrition
            PCHF Moderator
            • Jul 2016
            • 7041

            #20
            OK this will have to wait until I return home.

            Comment

            • Malnutrition
              PCHF Moderator
              • Jul 2016
              • 7041

              #21
              @MaXz While you wait on me to return home from work, please run this tool.
              To make sure I didn’t miss anything. ???

              Download RogueKiller and install the program.
              Once downloaded and installed, right click and run as admin.
              Click the check for updates button.
              Go to scan setting then slide the MalPE option right to activate.
              Then go to scan, then start a full scan on your machine.
              Then click report when the scan completes.
              Under Share my report click on open then select text file.
              Copy it and paste the results here.
              Make sure you do not remove anything detected until I see the log please.

              Comment

              • MaXz
                PCHF Member
                • Sep 2023
                • 26

                #22
                Originally posted by Malnutrition
                @MaXz While you wait on me to return home from work, please run this tool.
                To make sure I didn’t miss anything. ???

                Download RogueKiller and install the program.
                Once downloaded and installed, right click and run as admin.
                Click the check for updates button.
                Go to scan setting then slide the MalPE option right to activate.
                Then go to scan, then start a full scan on your machine.
                Then click report when the scan completes.
                Under Share my report click on open then select text file.
                Copy it and paste the results here.
                Make sure you do not remove anything detected until I see the log please.
                Program : RogueKiller Anti-Malware
                Version : 15.12.1.0
                x64 : Yes
                Program Date : Sep 18 2023
                Location : C:\Program Files\RogueKiller\RogueKiller64.exe
                Premium : No
                Company : Adlice Software
                Website : https://www.adlice.com/
                Contact : Support Form | Contact • Adlice Software
                Website : Free Virus Cleaner | RogueKiller AntiMalware • Adlice Software
                Operating System : Windows 11 (10.0.22621) 64-bit
                64-bit OS : Yes
                Startup : 0
                WindowsPE : No
                User : ozaga
                User is Admin : Yes
                Date : 2023/09/22 22:05:36
                Type : Scan
                Aborted : No
                Scan Mode : Standard
                Duration : 138
                Found items : 4
                Total scanned : 69839
                Signatures Version : 20230918_094309
                Truesight Driver : Yes
                Updates Count : 7
                Arguments : -minimize

                ************************* Warnings *************************

                ************************* Updates *************************
                CPUID CPU-Z 2.06 (64-bit), version 2.06
                [+] Available Version : 2.07
                [+] Size : 5.22 MB
                [+] Wow6432 : No
                [+] Portable : No
                [+] update_location : C:\Program Files\CPUID\CPU-Z\

                WinRAR 6.11 (64-bit) (64-bit), version 6.11.0
                [+] Available Version : 6.23
                [+] Wow6432 : No
                [+] Portable : No
                [+] update_location : C:\Program Files\WinRAR\

                Java 8 Update 251 (64-bit) (64-bit), version 8.0.2510.8
                [+] Available Version : 8.0.3330.0
                [+] Size : 120 MB
                [+] Wow6432 : No
                [+] Portable : No
                [+] update_location : C:\Program Files\Java\jre1.8.0_251\

                Malwarebytes version 4.6.1.280 (64-bit), version 4.6.1.280
                [+] Available Version : 4.6.2
                [+] Wow6432 : No
                [+] Portable : No
                [+] update_location : C:\Program Files\Malwarebytes\Anti-Malware

                Google Chrome (32-bit), version 116.0.5845.188
                [+] Available Version : 117.0.5938.89
                [+] Wow6432 : Yes
                [+] Portable : No
                [+] update_location : C:\Program Files\Google\Chrome\Application

                OBS Studio (32-bit), version 29.0.2
                [+] Available Version : 29.1.3
                [+] Wow6432 : Yes
                [+] Portable : No

                Java 8 Update 251 (32-bit), version 8.0.2510.8
                [+] Available Version : 8.0.3330.0
                [+] Size : 104 MB
                [+] Wow6432 : Yes
                [+] Portable : No
                [+] update_location : C:\Program Files (x86)\Java\jre1.8.0_251\

                ************************* Processes *************************

                ************************* Modules *************************

                ************************* Services *************************

                ************************* Scheduled Tasks *************************

                ************************* Registry *************************
                O101 - Clsid
                └── [PUP.Restoro (Potentially Malicious)] (X64) HKEY_CLASSES_ROOT\CLSID{AE198C69-7358-4856-9029-F4C0FAD524C1} – (missing) → Found
                XX - System Policies
                └── [PUM.Policies (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System|ConsentPromptBehaviorAd min – 0 → Found
                XX - Security Center
                ├── [PUM.SecurityCenter (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center|UpdatesDisableNotify – 1 → Found
                └── [PUM.SecurityCenter (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center|FirewallDisableNotify – 1 → Found
                ************************* WMI *************************

                ************************* Hosts File *************************
                is_too_big : No
                hosts_file_path : C:\Windows\System32\drivers\etc\hosts

                ************************* Filesystem *************************

                ************************* Web Browsers *************************

                ************************* Antirootkit *************************

                the screenshot below is from rogue app and shows the results.

                Comment

                • Malnutrition
                  PCHF Moderator
                  • Jul 2016
                  • 7041

                  #23
                  @MaXz Re-run Rouge killer and fix everything found.





                  Here is the windows defender key, I have uploaded it for you.
                  Unzip it to your desktop.
                  Boot into safe mode and right click and select merge.
                  Reboot into normal mode and check the issue.
                  Post a new FSS log so I can see if the key has been replaced.




                  Adware Cleaner

                  [ul]
                  [li]Download AdwCleaner and save it to your Desktop[/li][li]Right-click on AdwCleaner.exeand select, Run as Administrator[/li][li]Accept the EULA (I accept), then click on Scan Now[/li][li]Let the scan complete[/li][li]Once the scan completes, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button[/li][li]Subsequently you may be asked to Run Basic Repair. This is optional. I would suggest holding off on this for now.[/li][li]Once the cleaning process is complete, AdwCleaner will ask you to restart your computer[/li][li]Close all other open windows and allow it to restart[/li][li]After the restart, Notepad will open with the AdwCleaner cleaning log[/li][li]Please Attach the contents of that log into your next reply to me[/li][/ul]

                  Comment

                  • Malnutrition
                    PCHF Moderator
                    • Jul 2016
                    • 7041

                    #24
                    Once you have completed all of the above, and security center will still not open.

                    Open PowerShell . Via Power Run
                    Unzip to your desktop.
                    Double click folder.
                    Drag[COLOR=rgb(184, 49, 47)] PowerRun_X64.exe to your desktop.
                    Run the program then run Powershell.
                    [ATTACH alt=“1695424112309.png”]12685[/ATTACH]

                    Copy and paste each command below hitting enter after each one, then reboot the computer.
                    Set-ExecutionPolicy Unrestricted
                    Get-AppxPackage Microsoft.SecHealthUI -AllUsers | Reset-AppxPackage
                    Get-AppxPackage Microsoft.Windows.SecHealthUI | Reset-AppxPackage
                    Get-AppXPackage -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\AppXManifest.xml”}[/COLOR]

                    Comment

                    • MaXz
                      PCHF Member
                      • Sep 2023
                      • 26

                      #25
                      Originally posted by Malnutrition
                      Once you have completed all of the above, and security center will still not open.

                      Open PowerShell . Via Power Run
                      Unzip to your desktop.
                      Double click folder.
                      Drag[COLOR=rgb(184, 49, 47)] PowerRun_X64.exe to your desktop.
                      Run the program then run Powershell.
                      [ATTACH alt=“1695424112309.png”]12685[/ATTACH]

                      Copy and paste each command below hitting enter after each one, then reboot the computer.
                      [/COLOR]
                      [COLOR=rgb(184, 49, 47)]
                      I did 3 scans for the adw[/color]

                      Comment

                      • MaXz
                        PCHF Member
                        • Sep 2023
                        • 26

                        #26
                        Originally posted by Malnutrition
                        Once you have completed all of the above, and security center will still not open.

                        Open PowerShell . Via Power Run
                        Unzip to your desktop.
                        Double click folder.
                        Drag[COLOR=rgb(184, 49, 47)] PowerRun_X64.exe to your desktop.
                        Run the program then run Powershell.
                        [ATTACH alt=“1695424112309.png”]12685[/ATTACH]

                        Copy and paste each command below hitting enter after each one, then reboot the computer.
                        [/COLOR]
                        [COLOR=rgb(184, 49, 47)]
                        Also I did the powershell commands and got a whole list of red texts[/color]

                        Comment

                        • MaXz
                          PCHF Member
                          • Sep 2023
                          • 26

                          #27
                          Originally posted by Malnutrition
                          Once you have completed all of the above, and security center will still not open.

                          Open PowerShell . Via Power Run
                          Unzip to your desktop.
                          Double click folder.
                          Drag[COLOR=rgb(184, 49, 47)] PowerRun_X64.exe to your desktop.
                          Run the program then run Powershell.
                          [ATTACH alt=“1695424112309.png”]12685[/ATTACH]

                          Copy and paste each command below hitting enter after each one, then reboot the computer.
                          [/COLOR]
                          [COLOR=rgb(184, 49, 47)]
                          And the windows security is still not working[/color]

                          Comment

                          • Malnutrition
                            PCHF Moderator
                            • Jul 2016
                            • 7041

                            #28
                            Hmmm, all registry keys have been replaced. It is still not starting, we may need to perform a repair install but lets check and make sure I did not miss anything first.

                            Download Malwarebytes v.4 . Install and run.

                            [ul]
                            [li]Once the MBAM dashboard opens, click on Settings (gear icon).[/li][li]Click on Security tab and make sure that all four Scan options are enabled.[/li][li]Close Settings and click on the Scan button on the dashboard.[/li][li]Once the scan is completed make sure you have it quarantine any detections it finds.[/li][li]If no detections were found click on the Save results drop-down, then the Export to TXT button and save the file as a Text file to your desktop.[/li][li]If there were detections then once the quarantine has completed click on the View report button, then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.[/li][li]If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and include that log on your next reply.[/li][/ul]




                            ZHP Diag Scanner.

                            Download ZHP Suite to your desktop.
                            Right Click Run as admin.
                            Hit the scanner button.
                            Once it is complete a file name ZHPdiag.txt will be on your desktop.
                            Attach it.

                            Comment

                            • MaXz
                              PCHF Member
                              • Sep 2023
                              • 26

                              #29
                              Originally posted by Malnutrition
                              Hmmm, all registry keys have been replaced. It is still not starting, we may need to perform a repair install but lets check and make sure I did not miss anything first.

                              Download Malwarebytes v.4 . Install and run.

                              [ul]
                              [li]Once the MBAM dashboard opens, click on Settings (gear icon).[/li][li]Click on Security tab and make sure that all four Scan options are enabled.[/li][li]Close Settings and click on the Scan button on the dashboard.[/li][li]Once the scan is completed make sure you have it quarantine any detections it finds.[/li][li]If no detections were found click on the Save results drop-down, then the Export to TXT button and save the file as a Text file to your desktop.[/li][li]If there were detections then once the quarantine has completed click on the View report button, then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.[/li][li]If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and include that log on your next reply.[/li][/ul]




                              ZHP Diag Scanner.

                              Download ZHP Suite to your desktop.
                              Right Click Run as admin.
                              Hit the scanner button.
                              Once it is complete a file name ZHPdiag.txt will be on your desktop.
                              Attach it.

                              Comment

                              • Malnutrition
                                PCHF Moderator
                                • Jul 2016
                                • 7041

                                #30
                                @MaXz Sorry for the delay. The Log I requested takes time to go over.

                                Please for now, uninstall malwarebytes.





                                Download AV block remover .
                                Unzip to your desktop, Right click run as admin and follow the instructions. If it does not start, rename the AVbr.exe file to, for example, AV_br.exe
                                Click yes to reset hosts file.
                                After the machine reboots then there will be a logfile in the new folder created, post that please.








                                Copy the content of the code box below.
                                [COLOR=rgb(184, 49, 47)]Do not copy the word code!!!
                                Right Click FRST and run as Administrator.
                                Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
                                Attach it to your next message.
                                Code:
                                Start::
                                CloseProcesses:
                                SystemRestore: On
                                CreateRestorePoint:
                                RemoveProxy:
                                HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
                                HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
                                HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center: Restriction <==== ATTENTION
                                HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
                                DeleteKey: HKCU\SOFTWARE\153f8ce0-b97a-575b-ba12-4ff8b1481894
                                DeleteKey: HKU\S-1-5-21-3989784722-1943139329-1569411945-1001\SOFTWARE\153f8ce0-b97a-575b-ba12-4ff8b1481894
                                DeleteKey: HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
                                DeleteKey: HKCU\SOFTWARE\nwjs
                                DeleteKey: HKU\S-1-5-21-3989784722-1943139329-1569411945-1001\SOFTWARE\nwjs
                                DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\ozaga\AppData\Local\Updates\WindowsService.exe
                                DeleteValue: HKU\S-1-5-21-3989784722-1943139329-1569411945-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\ozaga\AppData\Local\Updates\WindowsService.exe
                                VirusTotal: C:\WINDOWS\System32\drivers\RoutePolicy.sys
                                File: C:\WINDOWS\System32\drivers\RoutePolicy.sys
                                CMD: gpupdate /force
                                cmd: DISM.exe /Online /Cleanup-image /Restorehealth
                                cmd: sfc /scannow
                                cmd: winmgmt /salvagerepository
                                cmd: winmgmt /verifyrepository
                                CMD: "%WINDIR%\SYSTEM32\lodctr.exe /R"
                                CMD: "%WINDIR%\SysWOW64\lodctr.exe /R"
                                CMD: "C:\Windows\SYSTEM32\lodctr.exe /R"
                                CMD: "C:\Windows\SysWOW64\lodctr.exe /R"
                                CMD: sc stop sysmain
                                CMD: sc config sysmain start= disabled
                                CMD: sc stop DiagTrack
                                CMD: sc config DiagTrack start= disabled
                                CMD: sc stop dmwappushservice
                                CMD: sc config dmwappushservice start= disabled
                                CMD: sc stop WSearch
                                CMD: sc config WSearch start= disabled
                                CMD: sc stop lfsvc
                                CMD: sc config lfsvc start= disabled
                                CMD: del /s /q %ProgramData%\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl
                                CMD: echo "" > %ProgramData%\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl
                                CMD: WMIC SERVICE WHERE Name="windefend" set startmode="auto"
                                CMD: WMIC SERVICE WHERE Name="wscsvc" set startmode="auto"
                                CMD: net start windefend
                                CMD: net start wscsvc
                                StartRegedit:
                                Windows Registry Editor Version 5.00
                                
                                [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService]
                                "Start"=dword:00000002
                                
                                [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
                                "Start"=dword:00000002
                                EndRegedit:
                                emptytemp:
                                Reboot:
                                End::
                                [/COLOR]

                                Comment

                                Working...