Windows security not working and shows me blank page, could you please help me?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • MaXz
    PCHF Member
    • Sep 2023
    • 26

    #31
    Originally posted by Malnutrition
    @MaXz Sorry for the delay. The Log I requested takes time to go over.

    Please for now, uninstall malwarebytes.





    Download AV block remover .
    Unzip to your desktop, Right click run as admin and follow the instructions. If it does not start, rename the AVbr.exe file to, for example, AV_br.exe
    Click yes to reset hosts file.
    After the machine reboots then there will be a logfile in the new folder created, post that please.








    Copy the content of the code box below.
    [COLOR=rgb(184, 49, 47)]Do not copy the word code!!!
    Right Click FRST and run as Administrator.
    Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
    Attach it to your next message.
    Code:
    Start::
    CloseProcesses:
    SystemRestore: On
    CreateRestorePoint:
    RemoveProxy:
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center: Restriction <==== ATTENTION
    HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
    DeleteKey: HKCU\SOFTWARE\153f8ce0-b97a-575b-ba12-4ff8b1481894
    DeleteKey: HKU\S-1-5-21-3989784722-1943139329-1569411945-1001\SOFTWARE\153f8ce0-b97a-575b-ba12-4ff8b1481894
    DeleteKey: HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
    DeleteKey: HKCU\SOFTWARE\nwjs
    DeleteKey: HKU\S-1-5-21-3989784722-1943139329-1569411945-1001\SOFTWARE\nwjs
    DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\ozaga\AppData\Local\Updates\WindowsService.exe
    DeleteValue: HKU\S-1-5-21-3989784722-1943139329-1569411945-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\ozaga\AppData\Local\Updates\WindowsService.exe
    VirusTotal: C:\WINDOWS\System32\drivers\RoutePolicy.sys
    File: C:\WINDOWS\System32\drivers\RoutePolicy.sys
    CMD: gpupdate /force
    cmd: DISM.exe /Online /Cleanup-image /Restorehealth
    cmd: sfc /scannow
    cmd: winmgmt /salvagerepository
    cmd: winmgmt /verifyrepository
    CMD: "%WINDIR%\SYSTEM32\lodctr.exe /R"
    CMD: "%WINDIR%\SysWOW64\lodctr.exe /R"
    CMD: "C:\Windows\SYSTEM32\lodctr.exe /R"
    CMD: "C:\Windows\SysWOW64\lodctr.exe /R"
    CMD: sc stop sysmain
    CMD: sc config sysmain start= disabled
    CMD: sc stop DiagTrack
    CMD: sc config DiagTrack start= disabled
    CMD: sc stop dmwappushservice
    CMD: sc config dmwappushservice start= disabled
    CMD: sc stop WSearch
    CMD: sc config WSearch start= disabled
    CMD: sc stop lfsvc
    CMD: sc config lfsvc start= disabled
    CMD: del /s /q %ProgramData%\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl
    CMD: echo "" > %ProgramData%\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl
    CMD: WMIC SERVICE WHERE Name="windefend" set startmode="auto"
    CMD: WMIC SERVICE WHERE Name="wscsvc" set startmode="auto"
    CMD: net start windefend
    CMD: net start wscsvc
    StartRegedit:
    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService]
    "Start"=dword:00000002
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
    "Start"=dword:00000002
    EndRegedit:
    emptytemp:
    Reboot:
    End::
    [/COLOR]
    [COLOR=rgb(184, 49, 47)][/color]

    Comment

    • Malnutrition
      PCHF Moderator
      • Jul 2016
      • 7041

      #32
      Figured out the problem.

      Registry ====> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\wscsvc <==== Access Denied
      Registry ====> ERROR: Error accessing the registry.

      I’ll write a script to repair the permission on this key when I get home. Then security center will start for sure.

      Comment

      • Malnutrition
        PCHF Moderator
        • Jul 2016
        • 7041

        #33
        We must run FRST via Run-X to set the permissions straight for the registry.

        Current version:  1.0.0.1  Released May 19th, 2021 (fixed a bug with launching processes in general d7x code as explained here.) RunX is designed to easily launch any process with System account or…

        Download RunX unzip to your desktop.
        Make sure that FRST64 is also there.
        Make sure they are side by side on your desktop.
        [COLOR=rgb(184, 49, 47)]Drag and drop FRST64.exe onto the RunX App.[/COLOR][COLOR=rgb(184, 49, 47)]
        Code:
           [IMG alt="1691859100564.png"]https://pchelpforum.net/attachments/1691859100564-png.12499/
        Copy the content of the code box below.
        [COLOR=rgb(184, 49, 47)]Do not copy the word code!!!
        Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
        Attach it to your next message.
        Code:
        Start::
        CreateRestorePoint:
        CloseProcesses:
        RemoveProxy:
        HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
        HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
        HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center: Restriction <==== ATTENTION
        SetDefaultFilePermissions: C:\Windows\regedit.exe
        SetDefaultFilePermissions: C:\Windows\System32\nsisvc.dll
        SetDefaultFilePermissions: C:\Windows\System32\Drivers\nsiproxy.sys
        SetDefaultFilePermissions: C:\Windows\System32\Drivers\afd.sys
        SetDefaultFilePermissions: C:\Windows\System32\Drivers\tdx.sys
        SetDefaultFilePermissions: C:\Windows\System32\Drivers\tcpip.sys
        SetDefaultFilePermissions: C:\Windows\System32\dnsrslvr.dll
        SetDefaultFilePermissions: C:\Windows\System32\dnsapi.dll
        SetDefaultFilePermissions: C:\Windows\SysWOW64\dnsapi.dll
        SetDefaultFilePermissions: C:\Windows\System32\mpssvc.dll
        SetDefaultFilePermissions: C:\Windows\System32\bfe.dll
        SetDefaultFilePermissions: C:\Windows\System32\Drivers\mpsdrv.sys
        SetDefaultFilePermissions: C:\Windows\System32\SDRSVC.dll
        SetDefaultFilePermissions: C:\Windows\System32\vssvc.exe
        SetDefaultFilePermissions: C:\Windows\System32\SecurityHealthService.exe
        SetDefaultFilePermissions: C:\Windows\System32\wscsvc.dll
        SetDefaultFilePermissions: C:\Windows\System32\wbem\WMIsvc.dll
        SetDefaultFilePermissions: C:\Windows\System32\wuaueng.dll
        SetDefaultFilePermissions: C:\Windows\System32\qmgr.dll
        SetDefaultFilePermissions: C:\Windows\System32\es.dll
        SetDefaultFilePermissions: C:\Windows\System32\cryptsvc.dll
        SetDefaultFilePermissions: C:\Program Files\Windows Defender\MpSvc.dll
        SetDefaultFilePermissions: C:\Windows\System32\ipnathlp.dll
        SetDefaultFilePermissions: C:\Windows\System32\iphlpsvc.dll
        SetDefaultFilePermissions: C:\Windows\System32\svchost.exe
        SetDefaultFilePermissions: C:\Windows\System32\rpcss.dll
        
        
        StartRegedit:
        Windows Registry Editor Version 5.00
        
        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService]
        "Start"=dword:00000002
        
        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
        "Start"=dword:00000002
        EndRegedit:
        
        CMD: gpupdate /force
        CMD: WMIC SERVICE WHERE Name="windefend" set startmode="auto"
        CMD: WMIC SERVICE WHERE Name="wscsvc" set startmode="auto"
        CMD: WMIC SERVICE WHERE Name="windefend" CALL startservice
        CMD: WMIC SERVICE WHERE Name="wscsvc" CALL startservice
        CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*"
        C:\Windows\Temp\*.*
        C:\WINDOWS\system32\*.tmp
        C:\WINDOWS\syswow64\*.tmp
        emptytemp:
        Reboot:
        End::
        [/COLOR][/color]

        Comment

        • MaXz
          PCHF Member
          • Sep 2023
          • 26

          #34
          Originally posted by Malnutrition
          We must run FRST via Run-X to set the permissions straight for the registry.

          Current version:  1.0.0.1  Released May 19th, 2021 (fixed a bug with launching processes in general d7x code as explained here.) RunX is designed to easily launch any process with System account or…

          Download RunX unzip to your desktop.
          Make sure that FRST64 is also there.
          Make sure they are side by side on your desktop.
          [COLOR=rgb(184, 49, 47)]Drag and drop FRST64.exe onto the RunX App.[/COLOR][COLOR=rgb(184, 49, 47)]
          Code:
             [IMG alt="1691859100564.png"]https://pchelpforum.net/attachments/1691859100564-png.12499/
          Copy the content of the code box below.
          [COLOR=rgb(184, 49, 47)]Do not copy the word code!!!
          Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
          Attach it to your next message.
          Code:
          Start::
          CreateRestorePoint:
          CloseProcesses:
          RemoveProxy:
          HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
          HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
          HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center: Restriction <==== ATTENTION
          SetDefaultFilePermissions: C:\Windows\regedit.exe
          SetDefaultFilePermissions: C:\Windows\System32\nsisvc.dll
          SetDefaultFilePermissions: C:\Windows\System32\Drivers\nsiproxy.sys
          SetDefaultFilePermissions: C:\Windows\System32\Drivers\afd.sys
          SetDefaultFilePermissions: C:\Windows\System32\Drivers\tdx.sys
          SetDefaultFilePermissions: C:\Windows\System32\Drivers\tcpip.sys
          SetDefaultFilePermissions: C:\Windows\System32\dnsrslvr.dll
          SetDefaultFilePermissions: C:\Windows\System32\dnsapi.dll
          SetDefaultFilePermissions: C:\Windows\SysWOW64\dnsapi.dll
          SetDefaultFilePermissions: C:\Windows\System32\mpssvc.dll
          SetDefaultFilePermissions: C:\Windows\System32\bfe.dll
          SetDefaultFilePermissions: C:\Windows\System32\Drivers\mpsdrv.sys
          SetDefaultFilePermissions: C:\Windows\System32\SDRSVC.dll
          SetDefaultFilePermissions: C:\Windows\System32\vssvc.exe
          SetDefaultFilePermissions: C:\Windows\System32\SecurityHealthService.exe
          SetDefaultFilePermissions: C:\Windows\System32\wscsvc.dll
          SetDefaultFilePermissions: C:\Windows\System32\wbem\WMIsvc.dll
          SetDefaultFilePermissions: C:\Windows\System32\wuaueng.dll
          SetDefaultFilePermissions: C:\Windows\System32\qmgr.dll
          SetDefaultFilePermissions: C:\Windows\System32\es.dll
          SetDefaultFilePermissions: C:\Windows\System32\cryptsvc.dll
          SetDefaultFilePermissions: C:\Program Files\Windows Defender\MpSvc.dll
          SetDefaultFilePermissions: C:\Windows\System32\ipnathlp.dll
          SetDefaultFilePermissions: C:\Windows\System32\iphlpsvc.dll
          SetDefaultFilePermissions: C:\Windows\System32\svchost.exe
          SetDefaultFilePermissions: C:\Windows\System32\rpcss.dll
          
          
          StartRegedit:
          Windows Registry Editor Version 5.00
          
          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService]
          "Start"=dword:00000002
          
          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
          "Start"=dword:00000002
          EndRegedit:
          
          CMD: gpupdate /force
          CMD: WMIC SERVICE WHERE Name="windefend" set startmode="auto"
          CMD: WMIC SERVICE WHERE Name="wscsvc" set startmode="auto"
          CMD: WMIC SERVICE WHERE Name="windefend" CALL startservice
          CMD: WMIC SERVICE WHERE Name="wscsvc" CALL startservice
          CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*"
          C:\Windows\Temp\*.*
          C:\WINDOWS\system32\*.tmp
          C:\WINDOWS\syswow64\*.tmp
          emptytemp:
          Reboot:
          End::
          [/COLOR][/color]
          [COLOR=rgb(184, 49, 47)][COLOR=rgb(184, 49, 47)][/color][/color]

          Comment

          • Malnutrition
            PCHF Moderator
            • Jul 2016
            • 7041

            #35
            Security center started after fix?

            Comment

            • MaXz
              PCHF Member
              • Sep 2023
              • 26

              #36
              Originally posted by Malnutrition
              Security center started after fix?
              still blank screen

              Comment

              • Malnutrition
                PCHF Moderator
                • Jul 2016
                • 7041

                #37
                Time for a repair install. Everything has been replaced and even the services are started… Still not working tho.



                This tutorial will show you how to do a repair install of Windows 11 by performing an in-place upgrade without losing anything. If you need to repair or create a new recovery partition or having problems with the Windows 11 operating system on your PC, and the usual solutions will not fix it...

                Comment

                • MaXz
                  PCHF Member
                  • Sep 2023
                  • 26

                  #38
                  Originally posted by Malnutrition
                  Time for a repair install. Everything has been replaced and even the services are started… Still not working tho.



                  This tutorial will show you how to do a repair install of Windows 11 by performing an in-place upgrade without losing anything. If you need to repair or create a new recovery partition or having problems with the Windows 11 operating system on your PC, and the usual solutions will not fix it...
                  before proceding with this step, is there any way I can keep windows.old in case I wanted to go back to w10 in the future?

                  Comment

                  • Malnutrition
                    PCHF Moderator
                    • Jul 2016
                    • 7041

                    #39
                    There are steps for windows 10 repair. I edited my post. This is just a repair, you lose no files. You could try and create a new user and see if security center works there, We could just be dealing with profile corruption because all of the virus has been removed and services are intact

                    Comment

                    • MaXz
                      PCHF Member
                      • Sep 2023
                      • 26

                      #40
                      Originally posted by Malnutrition
                      There are steps for windows 10 repair. I edited my post. This is just a repair, you lose no files.
                      Ok but why does it say this?[ATTACH type=“full”]12711[/ATTACH]

                      Comment

                      • MaXz
                        PCHF Member
                        • Sep 2023
                        • 26

                        #41
                        Originally posted by Malnutrition
                        There are steps for windows 10 repair. I edited my post. This is just a repair, you lose no files. You could try and create a new user and see if security center works there, We could just be dealing with profile corruption because all of the virus has been removed and services are intact
                        Also should I delete the frst and fss app since it says delete any AV or security program?

                        Comment

                        • Malnutrition
                          PCHF Moderator
                          • Jul 2016
                          • 7041

                          #42
                          As long as you do the instructions for the repair install you were not replacing your operating system you are just repairing it, it is always a good idea to make it back up. As far as any security program just make sure you delete Malwarebytes.
                          And rogue killer

                          Comment

                          • MaXz
                            PCHF Member
                            • Sep 2023
                            • 26

                            #43
                            Is it the third one?

                            Comment

                            • Malnutrition
                              PCHF Moderator
                              • Jul 2016
                              • 7041

                              #44
                              Yes.

                              Comment

                              • MaXz
                                PCHF Member
                                • Sep 2023
                                • 26

                                #45
                                Originally posted by Malnutrition
                                As long as you do the instructions for the repair install you were not replacing your operating system you are just repairing it, it is always a good idea to make it back up. As far as any security program just make sure you delete Malwarebytes.
                                And rogue killer
                                Thank you so much, it finally worked

                                Comment

                                Working...