Malware?

Discussion in 'Malware Help (A Specialist Will Reply)' started by Simonm, Oct 22, 2007.

  1. Simonm

    Simonm Private E-2

    Help please!

    I seem to have downloaded some unwanted software which diverts my Internet explorer to 'http://asecurityassurance.com/' from which I seem to be given only the 'opportunity' to download further software (Malware?).

    Thankfully, I can still (at present) use my Favourites to access other websites - but I can't get away from this other site. When I try, it comes up with a long message about 'W32.Myzor.FK@fy is a virus that infects files with exe extensions...'.

    I have gone to my Control Panel and removed one file which said it was installed today. There are now 3 other files showing as installed today - IE Custom Tools, IE Safety Features and Information Center. Should I uninstall these?? When I try, I am told I need to Reboot my PC before uninstalling. Do I really want to reboot my PC - or will it just embed these files further into my system??

    Any help will be gratefully received!:)
     
    Simonm, Oct 22, 2007
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Oct 22, 2007
    #2
  3. Simonm

    Simonm Private E-2

    Hi chaslang,

    I've tried to follow your instructions but got stuck with running Combofix.exe as it simply says:

    "Please wait.
    ComboFix is preparing to run.

    Out of memory"

    I then get a message "Freeware implementation of REG.EXE has stopped working"

    Where do I fo to next?!

    The file that infected me is, I think Video Add-on. I have 2 files ictmdl.dll and isfmdl.dll which I am unable to remove from the Video Add-on folder. Any suggestions??

    Simon
     
    Simonm, Oct 22, 2007
    #3
  4. Simonm

    Simonm Private E-2

    Chaslang, I've now managed to get ComboFix to run and it's produced a log for me which I attach.

    Simon
     

    Attached Files:

    Simonm, Oct 22, 2007
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You need to complete the rest of the instructions. ComboFix is only a small piece.
     
    chaslang, Oct 23, 2007
    #5
  6. Simonm

    Simonm Private E-2

    Hi Chaslang,

    Yeah, I think I'd realised that ComboFix was only a part of the process, but I thought that having sent a message to say I couldn't get it to run, I should confirm that I had actually run it OK. Anyway...

    I've completed all of Section 1 - Uninstalled the programs installed yesterday - ensured that Msconfig is in Normal mode - ensured there's nothing in my Norton quarantine - emptied my recycle bin (but I don't know how to empty the Norton Protected Recycle Bin if this is different - the instructions in your link say 'click on the icon' - but not what the icon looks like...). I've installed and run Ccleaner.

    I've completed Section 2 - and enabled hidden files to be seen.

    I've run the Vista cleaning procedure:
    I've downloaded and run ComboFix and Spybot.
    I've downloaded and run AVG anti-Spyware. At the end, it had found 22 Tracking Cookies which I 'destroyed' by 'Applying all actions'. When I then clicked on Reports, it gave me the message 'No reports available'. It did not find any files which were not Tracking cookies.
    I have downloaded the MGTools into my C: drive root directory, run DisableUAC.reg and am trying to run GetLogs.bat but keep getting a pop-up saying Windows needs your permission to continue - when I click Continue, the same window just reappears...again and again. If I click Cancel, the cmd.exe file shows the message 'Access denied'. I've rebooted the laptop and gone back into this again but it still gives the same message. I've tried clicking Continue and then just waiting - but nothing seems to happen... except the Access is denied message comes up. What am I doing wrong here??

    Simon
     
    Simonm, Oct 23, 2007
    #6
  7. Simonm

    Simonm Private E-2

    Hi Chaslang,

    Ok, so I left it until this afternoon - and tried GetLogs.bat again.. and it's worked this time. Strange or what?

    So, where was I? GetLogs has run and created a Zip file... so we should be nearly there...

    I've rebooted the pc... and EXCELLENT!

    I have now been able to delete the 2 files: ictmdl.dll and isfmdl.dll from the folder Video Add-on - and deleted the folder itself (which I was unable to do yesterday).

    WONDERFUL - it all now seems to be working.

    THANKS for a great product and set of help notes. They may be long and detailed - but they've worked for me!

    Simon
     
    Simonm, Oct 23, 2007
    #7
  8. abri

    abri MajorGeek

    Hi Simonm!
    Please post the logs which were produced by your efforts so we can see if your computer is actually clean or not.
    abri
     
    abri, Oct 23, 2007
    #8
  9. Simonm

    Simonm Private E-2

    Hi Abri,

    Thanks for your concern!

    Here is the MGlogs.zip. AVG didn't produce a log as such - and it only found 'tracking cookies'... and the ComboFix.txt file was submitted in this thread earleir. Can you pick it up from there?

    Hope these are OK!?

    Simon
     

    Attached Files:

    Simonm, Oct 24, 2007
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Uninstall the below old versions of software:
    Java(TM) SE Runtime Environment 6

    Run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {B499D34E-58EF-4927-AB9F-7AF52B2C4C82} - C:\Program Files\Video Add-on\isfmdl.dll
    O3 - Toolbar: IE Custom Tools - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} - C:\Program Files\Video Add-on\ictmdl.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O18 - Protocol: bw+0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    After clicking Fix, exit HJT.

    Now delete the below folder. If you cannot delete it, reboot into safe mode and try again
    C:\Program Files\Video Add-on

    Now reboot your PC (no matter whether you are currently in safe mode or normal mode, I want you to reboot) into normal boot mode.
    After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

    Now run the GetLogs.bat program in the C:\MGtools folder and attach the new MGlogs.zip file that will be created.

    Make sure you tell me how things are working now!
     
    chaslang, Oct 24, 2007
    #10
  11. Simonm

    Simonm Private E-2

    Thanks Chaslang,

    Am I being stupid, or what?

    When I click on Java to uninstall it, it 'prepares to remove'... then comes up with the 'unidentified program wants access to your computer' window (which I think is trying to 'update' Java rather than remove it?). Should I click Cancel or Allow at this stage? If I click Cancel, will Java have been removed? If I click Allow, will it simply have been updated?

    Also... 'though I can see HijackThis in the uninstall window, I can't seem to find it in Explorer so as to be able to start it... or do I actually just run MGtools.exe??

    Help!

    Simon
     
    Simonm, Oct 25, 2007
    #11
  12. Simonm

    Simonm Private E-2

    Chaslang,

    Ignore the previous mesage!

    I've uninstalled Java and run analyse.exe -
    The following line wasn't visible in the log.

    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"

    but I checked the others and then fixed them.

    The C:\Program Files\Video Add-on folder has been deleted, I've rebooted the pc and I've reinstalled Java.

    Somewhere along the line I have acquired two 'desktop.ini' icons on my desktop. Can I simply delete these??

    Again, I'm having problems getting GetLog.bat to run - I'm getting the 'Access denied' message again as I described previously... help! Please!

    Simon
     
    Simonm, Oct 25, 2007
    #12
  13. abri

    abri MajorGeek

    Please don't delete the desktop.ini files right now. It's always good to know where something came from before you delete it.
    abri
     
    Last edited by a moderator: Oct 25, 2007
    abri, Oct 25, 2007
    #13
  14. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Make sure that UAC is disabled by double clicking of the disableUAC.reg file in the MGtools folder. Allow it to be added to the registry. If this does not help, try running the GetLogs.bat file as Administrator by right clicking on it and selecting Run As.
     
    chaslang, Oct 25, 2007
    #14
  15. Simonm

    Simonm Private E-2

    Ah, thanks Chaslang. Doh! Simple answer to a simple question... Running as Administrator worked straight away... so here's the new MGLogs.zip file.

    The pc seems to be working OK now. I can get into my family tree files on the internet again - which I couldn't do earlier in the week.

    I do, however, now get a message on start up saying 'Security Centre Service is not running'. I'm not sure which 'security system' this is referring to... should I leave it 'off' or turn it 'on'?

    I also get a message to say 'Your AVG Anti-Spyware trial period has expired - buy a licence to stay protected'. If I click Cancel, this message simply reappears next time I boot up. I don't think I want to buy a licence. Do I need one?? or should I uninstall the trial software (until next time I need it...!)

    I still have the 2 desktop.ini icons on my desktop.

    Thanks for all your help with this. Sorry it's becoming a bit of a marathon!

    Simon
     

    Attached Files:

    Simonm, Oct 26, 2007
    #15
  16. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It looks like you did not do what I requested in message # 14 based on your logs.

    Follow the steps below in the order written.

    Disable Windows Defender:
    • Open Windows Defender
    • Click Tools
    • Click General Settings
    • Scroll down to Real Time Protection Options
    • Uncheck Turn on Real Time Protection (recommended)
    • Close Windows Defender
    Once your log is clean you can re-enable Windows Defender Real Time Protection.



    Run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {B499D34E-58EF-4927-AB9F-7AF52B2C4C82} - C:\Program Files\Video Add-on\isfmdl.dll (file missing)
    O3 - Toolbar: IE Custom Tools - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} - C:\Program Files\Video Add-on\ictmdl.dll (file missing)
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O18 - Protocol: bw+0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {EAF73445-99D4-4D95-A867-F308337D7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    After clicking Fix, exit HJT.

    Now rerun the GetLogs.bat file and attach the new C:\MGlogs.zip file

    Then go into the C:\MGtools folder and double click on the EnableUAC.reg file and allow it to be added to the registry. This will renable UAC.

    Are you still getting any popups about security center?
     
    chaslang, Oct 27, 2007
    #16
  17. Simonm

    Simonm Private E-2

    Hum, I thought I'd done what you asked... maybe not...

    Hopefully I've done it OK this time.

    I turned off the Defender software as you desribed, then ran disableUAC and then ran HijackThis 'as administrator'. I then checked the lines to delete, closed down everything else, and clicked Fix.

    I've then re-run GetLogs.bat file and attached the new C:\MGlogs.zip file to this post.

    I ran enableUAC, then rebooted the pc.

    Nothing seems to have changed... I'm still getting the message on start up saying 'Security Centre Service is not running'; and also the message to say 'Your AVG Anti-Spyware trial period has expired - buy a licence to stay protected'. I also still have the 2 desktop.ini icons on my desktop.

    ????

    Simon
     

    Attached Files:

    Simonm, Oct 29, 2007
    #17
  18. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes it has. The items I had asked you to fix are now fixed. ;)


    • Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
    • On the page that opens, scroll down to Security Center
    • Double click on Security Center.
    • In Properties windows that opens what do you see for each of the below settings
      • Startup Type
      • Service Status
    • Click OK until you get back to Windows.
    Uninstall AVG AntiSpyware now.

    The 2 desktop.ini files may be occurring because you have one on your Desktop and one in the C:\Users folder.

    Uninstall Spybot Search & Destroy temporarily too.
     
    chaslang, Oct 29, 2007
    #18
  19. Simonm

    Simonm Private E-2

    Hi Chaslang,

    Yeah, well, when I said nothing was different, I was just talking about the startup bit... it's great that the bits you told me to fix are fixed:)

    In Properties windows that opens what do you see for each of the below settings
    Startup Type - Automatic(Delayed Start)
    Service Status - Stopped

    I haven't changed these - OK?

    I have uninstalled AVG AntiSpyware and Spybot Search & Destroy.

    The 2 desktop.ini files may be occurring because you have one on your Desktop and one in the C:\Users folder.

    I've deleted the desktop.ini file from the C:\Users folder. Is this OK?

    Having rebooted... I no longer get the 'Security Centre Service is not running'; and 'Your AVG Anti-Spyware trial period has expired - buy a licence to stay protected' messages. Good. But the 2 desktop.ini icons are still there. Should I simply delete them?? 'Hovvering' over them, they both say they were modified 02/09/2007 - well before my 'problems' started...

    Presumably I now need to re-set my Norton Internet Security - though actually it says all the settings are 'on'.

    Simon
     
    Simonm, Oct 30, 2007
    #19
  20. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Go back and change the Status to Started if it is still stopped.

    You don't really need to worry about these. They only show now because viewing of hidden and system files was enabled during malware cleaning steps.

    What do you mean you need to re-set NIS?
     
    chaslang, Oct 30, 2007
    #20
  21. Simonm

    Simonm Private E-2

    OK, thanks Chaslang.

    I'm getting an 'Error 1079:The account specified for this service is different from the account specified for other services running in the same program.' message comes up when I click on Start in the Security Centre Properties screen...:confused

    So, I'll just ignore the desktop.ini icons. Fine.

    Not sure what I meant about resetting Norton!

    Simon
     
    Simonm, Oct 31, 2007
    #21
  22. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You may need to work this issue in the Software Forum but let's try something first.

    • Run services.msc again.
      • Under the Log On As column, what do you see listed for the Security Center service? Is it Local System?
    • Now double click on the Security Center service.
    • On the next form click the Log On tab.
      • Which button is selected under the Log on as: area and are any other fields checked and do you see any password fields filled in?
     
    chaslang, Nov 1, 2007
    #22
  23. Simonm

    Simonm Private E-2

    Good morning Chaslang (well, it is here in England! a lovely sunny November day),

    I have run services.msc again.

    Under the Log On As column, what do you see listed for the Security Center service? Is it Local System? YES
    Now double click on the Security Center service.
    On the next form click the Log On tab.
    Which button is selected under the Log on as: Local System account

    area and are any other fields checked and do you see any password fields filled in? No, nothing else is checked, and no passwords

    Simon
     
    Simonm, Nov 1, 2007
    #23
  24. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Try booting in safe mode and using the user account names Administrator. Is the Windows Security Center service running in that account? If not, see if you can start it there. Then also logout of the Administrator account and login to your account which I assume has administrator priviledges. Then while in safe mode, see if you can start the service on your account.
     
    chaslang, Nov 1, 2007
    #24
  25. Simonm

    Simonm Private E-2

    OK, I've booted into normal mode to start off with, and I no longer get the Security warning, though my Norton Security icon has a red cross over it. I've gone back into the Security Centre and it gives me a warning:
    Configuration Manager: The specified device instance handle does not correspond to a present device.


    I have then booted into 'safe mode with networking' and logged on as administrator - and the only icons at the bottom of the screen are for the network and Audio Service (the latter isn't running, it says). There are no security or other icons showning.

    Going on into the Security Centre, I'm getting exactly the same warning message as above. If I carry on, under General, it still says Startup type is Automatic (Delayed Start). In the Log On page the Local System account has a black dot - the 'Allow service to interact with desktop' has a white (empty) square beside it - and 'This account' has a white empty circle.

    If I click on This account... the top box is blank, the two password boxes both have a row of 15 dots in them. I am loathe to change anything here unless you tell me what to do and we know how to 'undo' it later!!! OK? I'm guessing I need to type administrator in the top box and the administrator's p£ssw0rd in the lower two boxes... but maybe not?!

    So, I've now gone back out of here and booted into normal mode and ru it both as administrator and as simonm and it's exactly the same as above.

    Any suggestions?

    Simon
     
    Simonm, Nov 2, 2007
    #25
  26. abri

    abri MajorGeek

    Simon,
    Please start a thread about this problem in the Software Forum. When you do, please copy the webpage address from this thread here in Malware into your first post, so the people in the Software Forum can refer to the information you and Chaslang have exchanged over here.
    Thanks.
    abri
     
    abri, Nov 3, 2007
    #26

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds