Solved Malware removal / windows security is not launching

Malnutrition · Aug 17, 2023

Please run this fix via FRST

@taimrarchy
Copy the content of the code box below.
Do not copy the word code!!!
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next message.

Code:

Start::
cmd: del /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\*.*"
cmd: del /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Detections.log"
cmd: del /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\results\quick\*.*"
cmd: del /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\results\resource\*.*"
cmd: del /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\results\system\*.*"
startpowershell:
Set-MpPreference -DisableAutoExclusions $true -Force
Set-MpPreference -Mapsreporting basic -Force
Set-MpPreference -DisableRealtimeMonitoring $false -Force
Set-MpPreference -DisablePrivacyMode $true -Force
Set-MpPreference -DisableIOAVProtection $false -Force
Set-MpPreference -CheckForSignaturesBeforeRunningScan $true -Force
Set-MpPreference -PUAProtection enabled -Force
Update-MpSignature
Get-MpComputerStatus
Get-MpPreference
endpowershell:

StartPowerShell:
# Function to manage Windows Defender, remove exclusions, run scan, report on status
  Function Manage-WindowsDefender {
    Get-MpComputerStatus
    echo "Listing of exclusions"
    Get-MpPreference | Select-Object -Expand ExclusionPath  | Out-String -width 4096
    $Paths=(Get-MpPreference).ExclusionPath
    $Extensions=(Get-MpPreference).ExclusionExtension
    $Processes=(Get-MpPreference).ExclusionProcess
    foreach ($Path in $Paths) { Remove-MpPreference -ExclusionPath $Path -Force}
    foreach ($Extension in $Extensions) { Remove-MpPreference -ExclusionExtension $Extension -Force}
    foreach ($Process in $Processes) { Remove-MpPreference -ExclusionProcess $Process -Force}
    Set-MpPreference -DisableAutoExclusions $true -Force
    Set-MpPreference -CheckForSignaturesBeforeRunningScan $true -Force
    Set-MpPreference -DisableArchiveScanning $false -Force
    Set-MpPreference -DisableBehaviorMonitoring $false -Force
    Set-MpPreference -DisableEmailScanning $False -Force
    Set-MpPreference -DisableIOAVProtection $false -Force
    Set-MpPreference -DisablePrivacyMode $true -Force
    Set-MpPreference -DisableRealtimeMonitoring $false -Force
    Set-MpPreference -MAPSReporting Advanced -Force
    Set-MpPreference -PUAProtection enabled -Force
    Set-MpPreference -SignatureScheduleDay Everyday -Force
    Set-MpPreference -DisableRemovableDriveScanning $false -Force
    Set-MpPreference -SubmitSamplesConsent SendSafeSamples
    # Reset and check Secure Health status
    Get-AppxPackage Microsoft.SecHealthUI -AllUsers | Reset-AppxPackage
    Get-AppxPackage Microsoft.SecHealthUI -AllUsers|select Name, Status
    # Check if these services are running
    Get-Service Windefend, SecurityHealthService, wscsvc, mpsdrv, mpssvc, WdNisSvc | Select Name,DisplayName, Status
      # Check for signature updates
      Update-MpSignature
      Start-MpScan -ScanType QuickScan
      Remove-MpThreat
    # Check computer status again after setting to make sure changes were applied
    Get-MpComputerStatus
    Get-MpPreference
    Get-MpThreatDetection
  }
EndPowerShell:
Reboot:
End::

Strange, everything is corrected now.

Let's see if there is something preventing Defender from starting.

Security Check Scan.

Download Security Check to your desktop.
Right click it run as administrator.
When the program completes, the tool will automatically open a log file.
Please Copy and paste that log here in your next post

taimrarchy · Aug 21, 2023

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-08-2023 01
Ran by tmmrcy (21-08-2023 04:23:23) Run:3
Running from C:\Users\tzahi\Desktop\PC Help Forum Tings
Loaded Profiles: tmmrcy
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
cmd: del /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\*.*"
cmd: del /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Detections.log"
cmd: del /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\results\quick\*.*"
cmd: del /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\results\resource\*.*"
cmd: del /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\results\system\*.*"
startpowershell:
Set-MpPreference -DisableAutoExclusions $true -Force
Set-MpPreference -Mapsreporting basic -Force
Set-MpPreference -DisableRealtimeMonitoring $false -Force
Set-MpPreference -DisablePrivacyMode $true -Force
Set-MpPreference -DisableIOAVProtection $false -Force
Set-MpPreference -CheckForSignaturesBeforeRunningScan $true -Force
Set-MpPreference -PUAProtection enabled -Force
Update-MpSignature
Get-MpComputerStatus
Get-MpPreference
endpowershell:

StartPowerShell:
# Function to manage Windows Defender, remove exclusions, run scan, report on status
Function Manage-WindowsDefender {
Get-MpComputerStatus
echo "Listing of exclusions"
Get-MpPreference | Select-Object -Expand ExclusionPath | Out-String -width 4096
$Paths=(Get-MpPreference).ExclusionPath
$Extensions=(Get-MpPreference).ExclusionExtension
$Processes=(Get-MpPreference).ExclusionProcess
foreach ($Path in $Paths) { Remove-MpPreference -ExclusionPath $Path -Force}
foreach ($Extension in $Extensions) { Remove-MpPreference -ExclusionExtension $Extension -Force}
foreach ($Process in $Processes) { Remove-MpPreference -ExclusionProcess $Process -Force}
Set-MpPreference -DisableAutoExclusions $true -Force
Set-MpPreference -CheckForSignaturesBeforeRunningScan $true -Force
Set-MpPreference -DisableArchiveScanning $false -Force
Set-MpPreference -DisableBehaviorMonitoring $false -Force
Set-MpPreference -DisableEmailScanning $False -Force
Set-MpPreference -DisableIOAVProtection $false -Force
Set-MpPreference -DisablePrivacyMode $true -Force
Set-MpPreference -DisableRealtimeMonitoring $false -Force
Set-MpPreference -MAPSReporting Advanced -Force
Set-MpPreference -PUAProtection enabled -Force
Set-MpPreference -SignatureScheduleDay Everyday -Force
Set-MpPreference -DisableRemovableDriveScanning $false -Force
Set-MpPreference -SubmitSamplesConsent SendSafeSamples
# Reset and check Secure Health status
Get-AppxPackage Microsoft.SecHealthUI -AllUsers | Reset-AppxPackage
Get-AppxPackage Microsoft.SecHealthUI -AllUsers|select Name, Status
# Check if these services are running
Get-Service Windefend, SecurityHealthService, wscsvc, mpsdrv, mpssvc, WdNisSvc | Select Name,DisplayName, Status
# Check for signature updates
Update-MpSignature
Start-MpScan -ScanType QuickScan
Remove-MpThreat
# Check computer status again after setting to make sure changes were applied
Get-MpComputerStatus
Get-MpPreference
Get-MpThreatDetection
}
EndPowerShell:
Reboot:
End::
*****************

========= del /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\*.*" =========

The system cannot find the path specified.

========= End of CMD: =========

========= del /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Detections.log" =========

The system cannot find the path specified.

========= End of CMD: =========

========= del /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\results\quick\*.*" =========

The system cannot find the path specified.

========= End of CMD: =========

========= del /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\results\resource\*.*" =========

The system cannot find the path specified.

========= End of CMD: =========

========= del /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\results\system\*.*" =========

The system cannot find the path specified.

========= End of CMD: =========

========= Powershell: =========

Set-MpPreference : Invalid class
At C:\FRST\tmp000.ps1:1 char:1
+ Set-MpPreference -DisableAutoExclusions $true -Force
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : MetadataError: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Set-MpPreference],
CimException
+ FullyQualifiedErrorId : HRESULT 0x80041010,Set-MpPreference

Set-MpPreference : Invalid class
At C:\FRST\tmp000.ps1:2 char:1
+ Set-MpPreference -Mapsreporting basic -Force
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : MetadataError: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Set-MpPreference],
CimException
+ FullyQualifiedErrorId : HRESULT 0x80041010,Set-MpPreference

Set-MpPreference : Invalid class
At C:\FRST\tmp000.ps1:3 char:1
+ Set-MpPreference -DisableRealtimeMonitoring $false -Force
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : MetadataError: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Set-MpPreference],
CimException
+ FullyQualifiedErrorId : HRESULT 0x80041010,Set-MpPreference

Set-MpPreference : Invalid class
At C:\FRST\tmp000.ps1:4 char:1
+ Set-MpPreference -DisablePrivacyMode $true -Force
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : MetadataError: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Set-MpPreference],
CimException
+ FullyQualifiedErrorId : HRESULT 0x80041010,Set-MpPreference

Set-MpPreference : Invalid class
At C:\FRST\tmp000.ps1:5 char:1
+ Set-MpPreference -DisableIOAVProtection $false -Force
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : MetadataError: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Set-MpPreference],
CimException
+ FullyQualifiedErrorId : HRESULT 0x80041010,Set-MpPreference

Set-MpPreference : Invalid class
At C:\FRST\tmp000.ps1:6 char:1
+ Set-MpPreference -CheckForSignaturesBeforeRunningScan $true -Force
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : MetadataError: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Set-MpPreference],
CimException
+ FullyQualifiedErrorId : HRESULT 0x80041010,Set-MpPreference

Set-MpPreference : Invalid class
At C:\FRST\tmp000.ps1:7 char:1
+ Set-MpPreference -PUAProtection enabled -Force
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : MetadataError: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Set-MpPreference],
CimException
+ FullyQualifiedErrorId : HRESULT 0x80041010,Set-MpPreference

Update-MpSignature : Invalid class
At C:\FRST\tmp000.ps1:8 char:1
+ Update-MpSignature
+ ~~~~~~~~~~~~~~~~~~
+ CategoryInfo : MetadataError: (MSFT_MpSignature:ROOT\Microsoft\...SFT_MpSignature) [Update-MpSignature]
, CimException
+ FullyQualifiedErrorId : HRESULT 0x80041010,Update-MpSignature

Get-MpComputerStatus : Invalid class
At C:\FRST\tmp000.ps1:9 char:1
+ Get-MpComputerStatus
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : MetadataError: (MSFT_MpComputerStatus:ROOT\Microsoft\...pComputerStatus) [Get-MpComputer
Status], CimException
+ FullyQualifiedErrorId : HRESULT 0x80041010,Get-MpComputerStatus

Get-MpPreference : Invalid class
At C:\FRST\tmp000.ps1:10 char:1
+ Get-MpPreference
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : MetadataError: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Get-MpPreference],
CimException
+ FullyQualifiedErrorId : HRESULT 0x80041010,Get-MpPreference

========= End of Powershell: =========

========= Powershell: =========

========= End of Powershell: =========

The system needed a reboot.

==== End of Fixlog 04:23:27 ====

taimrarchy · Aug 21, 2023

SecurityCheck by glax24 & Severnyj v.1.4.0.54 [06.12.21]
WebSite: www.safezone.cc
DateLog: 21.08.2023 04:25:35
Path starting: C:\Users\tzahi\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: tmmrcy
VersionXML: 10.65is-19.08.2023
___________________________________________________________________________

Windows 11(6.3.22621) (x64) Core Release: 22H2 Lang: English(0409)
Installation date OS: 22.09.2022 05:53:16
LicenseStatus: Windows(R), Core edition The machine is permanently activated.
LicenseStatus: Office 16, Office16MondoVL_KMS_Client edition Windows is in Notification mode
LicenseStatus: Office 21, Office21ProPlus2021R_Grace edition Windows is in Notification mode
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
SystemDrive: C: FS: [NTFS] Capacity: [461.2 Gb] Used: [245.1 Gb] Free: [216.1 Gb]
------------------------------- [ Windows ] -------------------------------
User Account Control disabled
The elevation prompt for administrators disabled
^It is recommended to enable (default): Win+R typing UserAccountControlSettings and Enter^
Security Center (wscsvc) - The service has stopped
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
--------------------------- [ FirewallWindows ] ---------------------------
Windows Defender Firewall (mpssvc) - The service is running
--------------------------- [ OtherUtilities ] ----------------------------
Steam v.2.10.91.91
Intel® Driver & Support Assistant v.23.3.25.6
Epic Games Launcher v.1.2.17.0
------------------------------- [ Backup ] --------------------------------
Microsoft OneDrive v.23.153.0724.0003
------------------------------ [ ArchAndFM ] ------------------------------
WinRAR 6.02 (64-bit) v.6.02.0 Warning! Download Update
-------------------------- [ IMAndCollaborate ] ---------------------------
Zoom v.5.7.7 (1105) Warning! Download Update
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 381 v.8.0.3810.9
------------------------------- [ Browser ] -------------------------------
Microsoft Edge v.115.0.1901.203
------------------ [ AntivirusFirewallProcessServices ] -------------------
Windows Defender (WinDefend) - The service has stopped
----------------------------- [ End of Log ] ------------------------------

Malnutrition · Aug 21, 2023

Strange that the services will not start but are intact. Time for a repair install.

Repair Install Windows 10 with an In-place Upgrade

How to Do a Repair Install of Windows 10 with an In-place Upgrade

www.tenforums.com

taimrarchy · Aug 24, 2023

Yeah, it worked finally

thanks. Need anything else?

Malnutrition · Aug 24, 2023

Update your older programs with Patch My PC home Edition.

We will clean all the tools we used...

Download KpRM
Save to Desktop
Check Delete Tools'
Check Delete Restore points.
Create Restore point.
Click delete quarantines.
Then click run.

I suggest:
Ublock Origin
O&O Shutup Ten
O&O App Buster

Malnutrition

Malnurished Admin

taimrarchy

taimrarchy

Malnutrition

Malnurished Admin

Repair Install Windows 10 with an In-place Upgrade

taimrarchy

Malnutrition

Malnurished Admin

Search

Search

Solved Malware removal / windows security is not launching

We value your privacy