Solved Note pad and UAC problem in Vista

Since you've removed Bit Torrent (insert applause), remove both of those values from the authorized applications list.

I'm investigating the security center error.

 

Please export the following key to txt and post it here.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc

Verify also the the Windows Management Instrumentation service is running.

BTW, Security Center service was set correctly at Automatic (Delayed Start)

 

here you go

I have re set the start to delayed
and yes Windows Management Instrumentation service is running

reg key

Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc
Class Name: <NO CLASS>
Last Write Time: 23/11/2007 - 19:58
Value 0
Name: DisplayName
Type: REG_SZ
Data: Security Center

Value 1
Name: ErrorControl
Type: REG_DWORD
Data: 0x1

Value 2
Name: ImagePath
Type: REG_EXPAND_SZ
Data: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted

Value 3
Name: Start
Type: REG_DWORD
Data: 0x2

Value 4
Name: Type
Type: REG_DWORD
Data: 0x20

Value 5
Name: Description
Type: REG_SZ
Data: @%SystemRoot%\System32\wscsvc.dll,-201

Value 6
Name: DependOnService
Type: REG_MULTI_SZ
Data: RpcSs
winmgmt

Value 7
Name: ObjectName
Type: REG_SZ
Data: LocalSystem

Value 8
Name: ServiceSidType
Type: REG_DWORD
Data: 0x1

Value 9
Name: RequiredPrivileges
Type: REG_MULTI_SZ
Data: SeChangeNotifyPrivilege
SeImpersonatePrivilege

Value 10
Name: DelayedAutoStart
Type: REG_DWORD
Data: 0x1

Value 11
Name: FailureActions
Type: REG_BINARY
Data:
00000000 80 51 01 00 00 00 00 00 - 00 00 00 00 03 00 00 00 .Q..............
00000010 14 00 00 00 01 00 00 00 - c0 d4 01 00 01 00 00 00 ........ÀÔ......
00000020 e0 93 04 00 00 00 00 00 - 00 00 00 00 à...........


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Enum
Class Name: <NO CLASS>
Last Write Time: 23/11/2007 - 16:46
Value 0
Name: 0
Type: REG_SZ
Data: Root\LEGACY_WSCSVC\0000

Value 1
Name: Count
Type: REG_DWORD
Data: 0x1

Value 2
Name: NextInstance
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Parameters
Class Name: <NO CLASS>
Last Write Time: 23/11/2007 - 16:46
Value 0
Name: ServiceDllUnloadOnStop
Type: REG_DWORD
Data: 0x1

Value 1
Name: ServiceDll
Type: REG_EXPAND_SZ
Data: %SYSTEMROOT%\system32\wscsvc.dll


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Security
Class Name: <NO CLASS>
Last Write Time: 02/11/2006 - 12:49
Value 0
Name: Security
Type: REG_BINARY
Data:
00000000 01 00 14 80 c8 00 00 00 - d4 00 00 00 14 00 00 00 ....È...Ô.......
00000010 30 00 00 00 02 00 1c 00 - 01 00 00 00 02 80 14 00 0...............
00000020 ff 01 0f 00 01 01 00 00 - 00 00 00 01 00 00 00 00 ÿ...............
00000030 02 00 98 00 06 00 00 00 - 00 00 14 00 fd 01 02 00 ............ý...
00000040 01 01 00 00 00 00 00 05 - 12 00 00 00 00 00 18 00 ................
00000050 ff 01 0f 00 01 02 00 00 - 00 00 00 05 20 00 00 00 ÿ........... ...
00000060 20 02 00 00 00 00 14 00 - 9d 01 02 00 01 01 00 00 ...............
00000070 00 00 00 05 04 00 00 00 - 00 00 14 00 8d 01 02 00 ................
00000080 01 01 00 00 00 00 00 05 - 06 00 00 00 00 00 14 00 ................
00000090 00 01 00 00 01 01 00 00 - 00 00 00 05 0b 00 00 00 ................
000000a0 00 00 28 00 15 00 00 00 - 01 06 00 00 00 00 00 05 ..(.............
000000b0 50 00 00 00 49 59 9d 77 - 91 56 e5 55 dc f4 e2 0e P...IY.w.VåUÜôâ.
000000c0 a7 8b eb ca 7b 42 13 56 - 01 01 00 00 00 00 00 05 §.ëÊ{B.V........
000000d0 12 00 00 00 01 01 00 00 - 00 00 00 05 12 00 00 00 ................

 

First, export the wscsvc key to a reg file for backup.

Double click the ObjectName entry then enter the following.

NT AUTHORITY\LocalService

Click OK and exit the registry, then reboot. Let me know if there's any change.

 

Hi Dave

No no change Security cent will still not start or run


Terry

 

Same error when trying to start the service?

I've got some errands to run .... will check back in later.

 

Hi Yes same thing

speak to ya in a bit


Thanks Terry

 

Hi Terry,

The export of wscsvc appeared to already have this configured properly, but lets check it anyway. Open the Services console and double click the Security Center entry. Select the Log On tab. Under Log On As select This account: then click Browse. Type Local in the Enter the object name to select field then click Check Names. It should come up with Local Service ..... click OK. Hit tab and the Password field should be highlighted. Hit Backspace to blank it, then tab again to the Confirm password field and Backspace to clear it. Click Apply and OK. Restart the computer.

If it fails to start, double click the registry backup you made of the wscsvc key to merge it. Go back to the Security Center service Log On tab and select Log On As: Local System account (1st option). Click Apply and OK then restart.

If it still does not start, do the following.

Highlight and copy the contents of the quote box below to a blank notepad. Save it to the desktop as;

Filename: check.bat
Save as type: All Files (*.*)

Double click check.bat to run it. It will open SC.txt when it completes. Please post it's contents.

Right click the C:\qoobox folder and Send To>Compressed folder. Please upload the zip file to my submission channel.

 

Hi Dave

I hope you are well

here is the log
HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center
cval REG_DWORD 0x1
UacDisableNotify REG_DWORD 0x0
InternetSettingsDisableNotify REG_DWORD 0x0
AutoUpdateDisableNotify REG_DWORD 0x0
FirewallDisableNotify REG_DWORD 0x0

HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\Monitoring
DisableMonitoring REG_DWORD 0x1

HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\Monitoring\SymantecAntiVirus
DisableMonitoring REG_DWORD 0x1

HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\Monitoring\SymantecFirewall
DisableMonitoring REG_DWORD 0x1

HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\Svc
AntiVirusOverride REG_DWORD 0x0
AntiSpywareOverride REG_DWORD 0x0
FirewallOverride REG_DWORD 0x0

HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\Svc\S-1-5-21-607522505-1722128092-4289418495-1000
EnableNotificationsRef REG_DWORD 0x6


HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\8.0

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\8.0\FeatureLockdown

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultExecMenuItems
tWhiteList REG_SZ Close|GeneralInfo|Quit|FirstPage|PrevPage|NextPage|LastPage|ActualSize|FitPage|FitWidth|FitHeight|SinglePage|OneColumn|TwoPages|TwoColumns|ZoomViewIn|ZoomViewOut|ShowHideBookmarks|ShowHideThumbnails|Print|GoToPage|ZoomTo|GeneralPrefs|SaveAs|FullScreen|OpenOrganizer|Scan|Web2PDF:OpnURL|AcroSendMail:SendMail|Spelling:Check Spelling|PageSetup|Find|FindSearch|GoBack|GoForward|FitVisible|ShowHideToolbarEditing|ShowHideToolbarCommenting|ShowHideToolbarEdit|ShowHideToolbarFile|ShowHideToolbarFind|ShowHideToolbarForms|ShowHideToolbarMeasuring|ShowHideToolbarData|ShowHideToolbarPageDisplay|ShowHideToolbarNavigation|ShowHideToolbarPrintProduction|ShowHideToolbarRedaction|ShowHideToolbarBasicTools|ShowHideToolbarTasks|ShowHideToolbarTypewriter|PropertyToolbar|ShowHideArticles|ShowHideFileAttachment|ShowHideAnnotManager|ShowHideFields|ShowHideOptCont|ShowHideModelTree|ShowHideSignatures|InsertPages|ExtractPages|ReplacePages|DeletePages|CropPages|RotatePages|AddFileAttachment|FindCurrentBookmark|BookmarkShowLocation|GoBackDoc|GoForwardDoc|HelpUserGuide|HelpReader

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchAttachmentPerms
tBuiltInPermList REG_SZ version:1|.ade:3|.adp:3|.app:3|.asp:3|.bas:3|.bat:3|.bz:3|.bz2:3|.chm:3|.class:3|.cmd:3|.com:3|.command:3|.cpl:3|.crt:3|.csh:3|.desktop:3|.exe:3|.fxp:3|.gz:3|.hex:3|.hlp:3|.hqx:3|.hta:3|.inf:3|.ini:3|.ins:3|.isp:3|.its:3|.job:3|.js:3|.jse:3|.ksh:3|.lnk:3|.lzh:3|.mad:3|.maf:3|.mag:3|.mam:3|.maq:3|.mar:3|.mas:3|.mat:3|.mau:3|.mav:3|.maw:3|.mda:3|.mde:3|.mdt:3|.mdw:3|.mdz:3|.msc:3|.msi:3|.msp:3|.mst:3|.ocx:3|.ops:3|.pcd:3|.pi:3|.pif:3|.prf:3|.prg:3|.pst:3|.rar:3|.reg:3|.scf:3|.scr:3|.sct:3|.sea:3|.shb:3|.shs:3|.sit:3|.tar:3|.tgz:3|.tmp:3|.url:3|.vb:3|.vbe:3|.vbs:3|.vsmacros:3|.vss:3|.vst:3|.vsw:3|.webloc:3|.ws:3|.wsc:3|.wsf:3|.wsh:3|.zip:3|.zlo:3|.zoo:3|.pdf:2|.fdf:2

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchURLPerms
tSchemePerms REG_SZ version:1|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|mailto:2|file:1

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Peernet
Disabled REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\RTC

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}
DisableServerCheck REG_DWORD 0x1
LegacyPresence REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\CertificatePolicy

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\PortRange

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CRLs

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CTLs

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Cache

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DriverSearching
DontPromptForWindowsUpdate REG_DWORD 0x1
DontSearchWindowsUpdate REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Network Connections
NC_PersonalFirewallConfig REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers
authenticodeenabled REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\EFS

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\FirstNetwork
Category REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Windows File Protection
KnownDllList REG_SZ nlhtml.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments
ScanWithAntiVirus REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDriveAutoRun REG_DWORD 0x3ffffff
NoDriveTypeAutoRun REG_DWORD 0xff

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} REG_DWORD 0x1
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} REG_DWORD 0x40000021
{0DF44EAA-FF21-4412-828E-260A8728E7F1} REG_DWORD 0x20

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
ConsentPromptBehaviorAdmin REG_DWORD 0x2
ConsentPromptBehaviorUser REG_DWORD 0x1
EnableInstallerDetection REG_DWORD 0x1
EnableLUA REG_DWORD 0x1
EnableSecureUIAPaths REG_DWORD 0x1
EnableVirtualization REG_DWORD 0x1
PromptOnSecureDesktop REG_DWORD 0x1
ValidateAdminCodeSignatures REG_DWORD 0x0
dontdisplaylastusername REG_DWORD 0x0
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
scforceoption REG_DWORD 0x0
shutdownwithoutlogon REG_DWORD 0x1
undockwithoutlogon REG_DWORD 0x1
FilterAdministratorToken REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\UIPI

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard\ExceptionFormats
CF_TEXT REG_DWORD 0x1
CF_BITMAP REG_DWORD 0x2
CF_OEMTEXT REG_DWORD 0x7
CF_DIB REG_DWORD 0x8
CF_PALETTE REG_DWORD 0x9
CF_UNICODETEXT REG_DWORD 0xd
CF_DIBV5 REG_DWORD 0x11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Uninstall


HKEY_CURRENT_USER\Software\Policies\Microsoft
HKEY_CURRENT_USER\Software\Policies\Power

 

Highlight and copy the contents of the quote box below to a blank notepad. Save it to the desktop as;

Filename: fix.reg
Save as type: All Files (*.*)

Double click fix.reg and allow it to merge with the registry.

Reboot and let me know if there's any change.


Bit confused by this value;

HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\Svc\S-1-5-21-607522505-1722128092-4289418495-1000
EnableNotificationsRef REG_DWORD 0x6


From what I can see there are 3 options for notification, and altering those change the value to 0x1, 0x2 or 0x3
What notification option have you selected?

 

Hi Dave

I set the notification to the 3rd option "not to notify me as when the UAC was off the message kept popping up.

Also please note that I have now removed Norton 360 and downloaded Windows OneCare and installed it hoping that it would resolve the Security centre problem..

After doing all the above security cent will still not open and run.

 

Did you zip and upload the qoobox folder?

Once again, reset the Log On for security center to Local Service and reboot.

Click Start>Run and type eventvwr.msc then hit enter. Look for any events pertaining to the security center (maybe under the Windows Logs section??). You can double click any entry and select copy to post the information (or save it to text).

 

Hi Dave

I think its to big a file 14meg zipped there is a file in qoobox called Hiv-backup thats 62mb


Terry

 

first one

Log Name: Application
Source: SecurityCenter
Date: 24/11/2007 17:55:48
Event ID: 1
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Terry-PC
Description:
The Windows Security Center Service has started.
Event Xml:
Event xmlns= "http://schemas.microsoft.com/win/2004/08/events/event "
System
Provider Name= "SecurityCenter"
EventID Qualifiers= "0 "1
Level4
Task0
Keywords0x80000000000000/Keywords
TimeCreated SystemTime= "2007-11-24T17:55:48.000Z"
EventRecordID17504

 

next

Log Name: Application
Source: SecurityCenter
Date: 23/11/2007 16:38:50
Event ID: 1
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Terry-PC
Description:
The Windows Security Center Service has started.
Event Xml:
Event xmlns= "http://schemas.microsoft.com/win/2004/08/events/event "
Provider Name= "SecurityCenter "
EventID 1
Level 4
Task 0
Keywords 0x80000000000000
TimeCreated SystemTime= "2007-11-23T16:38:50.000Z "
EventRecordID 16698
Application
Terry-PC

 

That's odd ......... both show the service as started. Nothing else in any of the event logs?

I'm running ComboFix on my test machine right now to see if it affects the security center. If it does, I will compare the before and after registry hives to determine what caused it. It may be quite a while before I get back to you. Meantime, maybe you could zip up portions of the qoobox folder and upload for me? I won't need the hive backups at this time (make sure you don't remove those! ).

 

Hi Dave

under windows logs

Application there are loads of Security Center entries do you want all of them?

as I am not sure what to look for and where

 

Hi dave no problem I will await your next post

again thanks for the help Terry

 

We're looking for errors or entries following the 'started' entries that say the service was stopped. You can, if you want, right click an event area such as Application and select Save Events As, then name it Application and place it where you can find it. Send me the saved events or upload to my submission channel. I will look through them to see if there's anything helpful.

 

Hi Dave


have sent you Application zip file limit on site is 3mb upload and security zip

I have also uploaded the qoobox file with the Hiv removed

Terry