Help with MS Security Center

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by proghuman, Dec 26, 2005.

  1. proghuman

    proghuman Private E-2

    Hey all,

    New to the forums, but I've come here often for various problems when I've had them outside. I can't figure this one out, though.

    Last night (yeah, great Christmas gift) I was hit by a multitude of trojans and spyware and spent a few hours cleaning. However, when I was done, I noticed that MS Security Center has been disabled (or it tells me "The Security Center is unavailable because the "Security Center" service has not started or was stopped.") It suggests I Restart, etc. and none of the suggestions work. The option to "Change the way Security CEnter alerts me," has also been greyed out. When I click Windows Updates from the control panel, everything is greyed out, as well.

    Any help/steps I can take to get this back to normal?

    Thank you in advance. AIM name is RealPoeticVoice if you want to give more real-time instructions.

    Proghuman
     
    proghuman, Dec 26, 2005
    #1
  2. proghuman

    proghuman Private E-2

    Log posted, sorry.
     
    proghuman, Dec 26, 2005
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    We need to see if there is any malware at play or if it is just due to some configuration change made to your system. So, please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

    - Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

    Make sure you check version numbers and get all updates.

    - Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


    After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

    Downloading, Installing, and Running HijackThis

    .
     
    chaslang, Dec 26, 2005
    #3
  4. proghuman

    proghuman Private E-2

    I went through all the above-mentioned and I'll attach the logs. Some viruses were found and removed by BitDefender (mainly in the quarantined sections), but thanks for your prompt reply.

    The logs should be the Hijackthis log, panda log, and the BitDefender log, saved properly.
     

    Attached Files:

    proghuman, Dec 26, 2005
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Do you know what the below two file are that Panda was worried about. It thought they could possibly be a virus.
    C:\Documents and Settings\Owner\My Documents\Etc\Guild_Wars_Special_Edition_Soundtrack.exe
    C:\Documents and Settings\Owner\My Documents\Etc\Sorrows_Furnace_Mini-Pak.exe
    You should empty the MS AS Quarantine which will get rid of the below lines.
    C:\Program Files\Microsoft AntiSpyware\Quarantine\6A6D80E4-AEA8-4925-BA28-077CF6\C4FD3056-1D8C-4BF5-BE91-6A41AF
    C:\Program Files\Microsoft AntiSpyware\Quarantine\93308689-ACA5-4D59-8589-FFDF9A\A529CC47-7339-4C54-AB51-5A7FBE
    You should also empty the Quarantine for Housecall because you are saving alot of bad stuff in there and it is being detected by the scanners.

    For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O18 - Protocol: bw+0 - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {EB73737D-857C-40F0-AB5F-B68EA5D84CCE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: ssldr - ssldr32.dll (file missing)

    After clicking Fix, exit HJT.
    Boot into safe mode and use Windows Explorer to delete    :
    c:\windows\system32\ssldr32.dll
    C:\WINDOWS\desktop.html
    C:\WINDOWS\kl.exe
    C:\WINDOWS\secure32.html
    C:\WINDOWS\system32\08mcdqrw.dll
    C:\WINDOWS\teller2.chk

    If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

    Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.

    Now we need to Reset Web Settings:
    1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
    2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
    3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

    Now reboot in normal mode and post a new HJT log. And tell us how things are working.

    Reminder Note: Once we have determine you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.
     
    chaslang, Dec 26, 2005
    #5
  6. proghuman

    proghuman Private E-2

    I did as you requested, I'll post a new HJT log and hopefully we'll go from there. Sadly, the security center and automatic updates are still greyed out, but at least some of the files (appear) to be removed.

    There are two pictures attached, the first is the "Security Center" That I'm currently looking at, the second is the "Automatic Updates" that I find in control panel.

    Thanks again for all your help.
     

    Attached Files:

    proghuman, Dec 26, 2005
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Did you forget to fix this line, or did it come back? Try again.

    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

    You can also fix the below two lines:
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    There is a strong possibility that Windows Security Center is disabled because you are using Symantec Security Center instead of Windows. Windows Update not working is a different issue and Symantec software has been know to break this many times. Especially when uninstalling certain versions or upgrading.

    You can try what is in the below link:

    Fixing Windows Update Problems (Win 2K and XP)
     
    chaslang, Dec 26, 2005
    #7
  8. proghuman

    proghuman Private E-2

    Hmm...The reason I bring up Security Center breaking now is that, at least not prior to my knowledge, it has always run fine. I use Symantec via my college's request, and I'm more worried that I won't be able to install Windows updates (granted, I could go to the site manually) due to problems, which is why i first posted here.

    No errors occurred by following the link that you posted above, and the computer doesn't seem to be any worse for the wear. Ad-aware, Spyware, and Housecall found nothing. I'll post the recent HJT log and see if there's anything else you can suggest.
     

    Attached Files:

    proghuman, Dec 26, 2005
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You did not say whether the link I gave you changed the problem with Automatic Updates. If the service is not running, autoupdates will not work.
     
    chaslang, Dec 26, 2005
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You can look at the service for Automatic updates yourself by running services.msc from the command prompt. Look at the service names Automatic Updates and see if it is set to Startup type: Automatic and Status: Started

    You can do the same for the Security Center service.
     
    chaslang, Dec 26, 2005
    #10
  11. proghuman

    proghuman Private E-2

    Going by the services.msc, then the Automatic Updates is Automatic and it is indeed started.
     
    proghuman, Dec 26, 2005
    #11
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Is the little icon for it showing in your tray?

    What about Security Center?
     
    chaslang, Dec 26, 2005
    #12
  13. proghuman

    proghuman Private E-2

    No, the icon (I believe it is a little shield, yellow if you have updates, red if you're in "danger' mode) isn't showing on the tray, but wouldn't that be because I have no updates I currently need?
     
    proghuman, Dec 26, 2005
    #13
  14. proghuman

    proghuman Private E-2

    In control panel, the Security Center and Automatic Updates are both the same as they were in the pictures posted above.

    However, in Services, Windows FIrewall is Automatic and Started, same thing with Automatic Updates.

    So unless something is blocking those two, they should be working fine, right?
     
    proghuman, Dec 26, 2005
    #14
  15. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The security center icon is a shield! Windows updates is like a globe with the MS log at the top.

    What I was asking is if you checked the Security Center service like you did for Auto Updates?
     
    chaslang, Dec 26, 2005
    #15
  16. proghuman

    proghuman Private E-2

    Any help as to what it's labeled under Services? It's not Security Center.
     
    proghuman, Dec 26, 2005
    #16
  17. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Let's take a look at all your services. Download GetService.zip from here: Getservice.zip

    Extract the file to a folder where you can find it, then go to the folder and double-click on the getservices.bat file. A notepad will open up. Save it to a file named services.txt and upload it here as an attachment.
     
    chaslang, Dec 26, 2005
    #17
  18. proghuman

    proghuman Private E-2

    Here you go.
     

    Attached Files:

    proghuman, Dec 26, 2005
    #18
  19. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Use Services.msc to look at the Alerter service and tell me what you see for
    Startup type:
    and
    Status: Started
     
    chaslang, Dec 26, 2005
    #19
  20. proghuman

    proghuman Private E-2

    Alerter:

    Status is blank
    Startup type: Disabled


    There's also no blue link to the left (where the description is) like normal to restart the service.
     
    proghuman, Dec 26, 2005
    #20
  21. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The Startup Type should be changed to Manual and Status should be Stopped.

    Change it and reboot. See if there is any change in you status.
     
    chaslang, Dec 26, 2005
    #21
  22. proghuman

    proghuman Private E-2

    Changed and rebooted.

    It is now a stopped status, and a manual startup type.

    No change in Automatic updates/Security Center. (I'm starting to think this is setup by the Symantec Antivi the school has on here.)
     
    proghuman, Dec 26, 2005
    #22
  23. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    That's what I was suspecting in what I said in message # 7. You'll have to check with your school to see if they do this.
     
    chaslang, Dec 26, 2005
    #23
  24. proghuman

    proghuman Private E-2

    Will do. Thanks for all the time/help anyhow :) We did get rid of some harmful stuff, which is worth its weight in gold.

    Good luck with the spyware hunting.
     
    proghuman, Dec 26, 2005
    #24
  25. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Dec 26, 2005
    #25

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds