Jump to content


Photo

Generic Host Process for Win32 Services


  • Please log in to reply
10 replies to this topic

#1 the big show

the big show

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 14 June 2007 - 02:01 AM

Hi,
I continually get the 'Generic Host Process for Win32 Services' error popup when on the Net. It will then freeze my Net connection and I need to reboot. I have recently upgraded to XP SP2.
I 'HAVE' run the WindowsXP-KB894391-x86-ENU.exe Microsoft fix.

My HiJack this:

Logfile of HijackThis v1.99.1
Scan saved at 4:59:39 PM, on 14/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\iiNet Web Accelerator\PropelAC.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Chris\My Documents\Tools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com.au/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {227A568C-5FCD-317A-7FD3-5A762F4F7026} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\iiNet Web Accelerator\prpl_IePopupBlocker.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\iiNet Web Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\iiNet Web Accelerator\pac-addwl.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\iiNet Web Accelerator\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\iiNet Web Accelerator\pac-image.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF79AC68-F0D3-4775-BFDE-19DE6B79B225}: NameServer = 203.0.178.191
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Intel NCS NetService (NetSvc) - Unknown owner - C:\Program Files\Intel\NCS\Sync\NetSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Regards,

The Big Show.

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,520 posts

Posted 16 June 2007 - 06:31 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 21 June 2007 - 03:19 AM

Hi The Big Show,

Welcome to SpywareInfo! :wave:

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

You may have been infected with a generic IRCBot which is causing a buffer overflow and general instability on your system. Please do this next:
  • Go to Start -> Run and type (or copy and paste):

    services.msc

    Click "OK".

  • Double-click the service "Automatic Updates".
  • Click on the "Log On" tab, please ensure the option "Local System account" is selected and the option "Allow service to interact with desktop" is unchecked.
  • Check if this service has been enabled on the listed "Hardware Profile" section. If not, please click the "Enable" button to enable it.
  • Click on the "General" tab; make sure the "Startup Type" is "Automatic". Then please click the "Start" button under "Service Status" to start the service.
  • Repeat the above steps with this other service: "Background Intelligent Transfer Service (BITS)".

NEXT:

Re-register Windows Update components and clear the corrupted Windows Update temp folder:
  • Click on Start -> Run.
  • In the open field type (or copy and paste):

    REGSVR32 WUAPI.DLL

    Press "Enter".

  • When you receive the "DllRegisterServer in WUAPI.DLL succeeded" message, click "OK".
  • Please repeat these steps for each of the following commands, ONE AT A TIME:

    REGSVR32 WUAUENG.DLL
    REGSVR32 WUAUENG1.DLL
    REGSVR32 ATL.DLL
    REGSVR32 WUCLTUI.DLL
    REGSVR32 WUPS.DLL
    REGSVR32 WUPS2.DLL
    REGSVR32 WUWEB.DLL

NEXT:

After the above steps are finished and since the temporary folder of Windows Update may be corrupted, please do this next:
  • Click Start -> Run and type (or copy and paste):

    cmd

    Press "Enter".

  • Please run the following command in the opened window:

    net stop WuAuServ

  • Click Start -> Run and type (or copy and paste):

    %windir%

    Press "Enter".

  • In the opened folder, rename the folder SoftwareDistribution to SDold.
  • Click Start -> Run and type (or copy and paste):

    cmd

    Press "Enter".

  • Please run the following command in the opened window:

    net start WuAuServ

  • Please check if you receive any error when trying to re-register these components. If not, please try to visit the Windows Update site again.

    Windows Update case SRZ060207002222.

NEXT:

Please patch your Windows XP with the latest updates from Microsoft:
Windows Updates

Or open Internet Explorer, then go to the "Tools" menu -> "Windows Update", and follow the online instructions from there.


NEXT:


Please download and install a firewall. Some good and FREE versions are Comodo, Outpost, or ZoneAlarm.

Note: You must only use 1 (one) firewall at a time because if you have 2 or more firewalls running at the same time, they will conflict with each other and make your security less reliable. Please also remember to turn off Windows Firewall once you have installed a new firewall.


NEXT:

I notice that your system doesnít have an anti-virus program running. This can be suicidal in todayís digital age. :)

So, letís set you up with a FREE and excellent anti-virus program called Active Virus Shield (Powered by Kaspersky). This is a highly ranked and highly regarded anti-virus program by our experts. Itís ranked #3 in the latest anti-virus test here:
http://www.virus.gr/...l...d=85&mnu=85

Please download Active Virus Shield (Powered by Kaspersky) and save it to your desktop.
  • Please remember to register for your Activation Code using a legitimate email address.
  • Double-click avs.msi to run the installer, but please uncheck "Install Security Toolbar" during the installation process:


    Posted Image


  • Then please update the program and run a scan on "My Computer". Allow it to "Neutralize All" that it finds.
  • When done, launch Active Virus Shield's main window.


    Posted Image


  • Click the "Scan" button on the left, and then click "Detected".


    Posted Image


  • In the ensuing window, click the "Save As" button to save a copy of the log.
  • Copy and paste that log in your next reply.
Note: You must use only 1 (one) AV at a time because if you have 2 or more AVs running at the same time, they will conflict with each other and make your security less reliable.


NEXT:

Please reboot your computer normally into Windows, and then please post the log from the Active Virus Shield scan and a new HijackThis log.

How are things running now?

Edited by Sempurna, 21 June 2007 - 03:27 AM.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#4 the big show

the big show

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 23 June 2007 - 01:15 AM

Hi The Big Show,

Welcome to SpywareInfo! :wave:

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

You may have been infected with a generic IRCBot which is causing a buffer overflow and general instability on your system. Please do this next:

  • Go to Start -> Run and type (or copy and paste):

    services.msc

    Click "OK".

  • Double-click the service "Automatic Updates".
  • Click on the "Log On" tab, please ensure the option "Local System account" is selected and the option "Allow service to interact with desktop" is unchecked.
  • Check if this service has been enabled on the listed "Hardware Profile" section. If not, please click the "Enable" button to enable it.
  • Click on the "General" tab; make sure the "Startup Type" is "Automatic". Then please click the "Start" button under "Service Status" to start the service.
  • Repeat the above steps with this other service: "Background Intelligent Transfer Service (BITS)".
NEXT:

Re-register Windows Update components and clear the corrupted Windows Update temp folder:
  • Click on Start -> Run.
  • In the open field type (or copy and paste):

    REGSVR32 WUAPI.DLL

    Press "Enter".

  • When you receive the "DllRegisterServer in WUAPI.DLL succeeded" message, click "OK".
  • Please repeat these steps for each of the following commands, ONE AT A TIME:

    REGSVR32 WUAUENG.DLL
    REGSVR32 WUAUENG1.DLL
    REGSVR32 ATL.DLL
    REGSVR32 WUCLTUI.DLL
    REGSVR32 WUPS.DLL
    REGSVR32 WUPS2.DLL
    REGSVR32 WUWEB.DLL
NEXT:

After the above steps are finished and since the temporary folder of Windows Update may be corrupted, please do this next:
  • Click Start -> Run and type (or copy and paste):

    cmd

    Press "Enter".

  • Please run the following command in the opened window:

    net stop WuAuServ

  • Click Start -> Run and type (or copy and paste):

    %windir%

    Press "Enter".

  • In the opened folder, rename the folder SoftwareDistribution to SDold.
  • Click Start -> Run and type (or copy and paste):

    cmd

    Press "Enter".

  • Please run the following command in the opened window:

    net start WuAuServ

  • Please check if you receive any error when trying to re-register these components. If not, please try to visit the Windows Update site again.

    Windows Update case SRZ060207002222.
NEXT:

Please patch your Windows XP with the latest updates from Microsoft:
Windows Updates

Or open Internet Explorer, then go to the "Tools" menu -> "Windows Update", and follow the online instructions from there.


NEXT:


Please download and install a firewall. Some good and FREE versions are Comodo, Outpost, or ZoneAlarm.

Note: You must only use 1 (one) firewall at a time because if you have 2 or more firewalls running at the same time, they will conflict with each other and make your security less reliable. Please also remember to turn off Windows Firewall once you have installed a new firewall.


NEXT:

I notice that your system doesnít have an anti-virus program running. This can be suicidal in todayís digital age. :)

So, letís set you up with a FREE and excellent anti-virus program called Active Virus Shield (Powered by Kaspersky). This is a highly ranked and highly regarded anti-virus program by our experts. Itís ranked #3 in the latest anti-virus test here:
http://www.virus.gr/...l...d=85&mnu=85

Please download Active Virus Shield (Powered by Kaspersky) and save it to your desktop.
  • Please remember to register for your Activation Code using a legitimate email address.
  • Double-click avs.msi to run the installer, but please uncheck "Install Security Toolbar" during the installation process:


    Posted Image


  • Then please update the program and run a scan on "My Computer". Allow it to "Neutralize All" that it finds.
  • When done, launch Active Virus Shield's main window.


    Posted Image


  • Click the "Scan" button on the left, and then click "Detected".


    Posted Image


  • In the ensuing window, click the "Save As" button to save a copy of the log.
  • Copy and paste that log in your next reply.
Note: You must use only 1 (one) AV at a time because if you have 2 or more AVs running at the same time, they will conflict with each other and make your security less reliable.


NEXT:

Please reboot your computer normally into Windows, and then please post the log from the Active Virus Shield scan and a new HijackThis log.

How are things running now?



#5 the big show

the big show

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 23 June 2007 - 01:17 AM

[quote name='Sempurna' date='Jun 21 2007, 06:19 PM' post='554013']
Hi The Big Show,

Welcome to SpywareInfo! :wave:

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

You may have been infected with a generic IRCBot which is causing a buffer overflow and general instability on your system. Please do this next:
  • Go to Start -> Run and type (or copy and paste):

    services.msc

    Click "OK".

  • Double-click the service "Automatic Updates".
  • Click on the "Log On" tab, please ensure the option "Local System account" is selected and the option "Allow service to interact with desktop" is unchecked.
  • Check if this service has been enabled on the listed "Hardware Profile" section. If not, please click the "Enable" button to enable it.
  • Click on the "General" tab; make sure the "Startup Type" is "Automatic". Then please click the "Start" button under "Service Status" to start the service.
  • Repeat the above steps with this other service: "Background Intelligent Transfer Service (BITS)".
NEXT:

Re-register Windows Update components and clear the corrupted Windows Update temp folder:
  • Click on Start -> Run.
  • In the open field type (or copy and paste):

    REGSVR32 WUAPI.DLL

    Press "Enter".

  • When you receive the "DllRegisterServer in WUAPI.DLL succeeded" message, click "OK".
  • Please repeat these steps for each of the following commands, ONE AT A TIME:

    REGSVR32 WUAUENG.DLL
    REGSVR32 WUAUENG1.DLL
    REGSVR32 ATL.DLL
    REGSVR32 WUCLTUI.DLL
    REGSVR32 WUPS.DLL
    REGSVR32 WUPS2.DLL
    REGSVR32 WUWEB.DLL
NEXT:

After the above steps are finished and since the temporary folder of Windows Update may be corrupted, please do this next:
  • Click Start -> Run and type (or copy and paste):

    cmd

    Press "Enter".

  • Please run the following command in the opened window:

    net stop WuAuServ

  • Click Start -> Run and type (or copy and paste):

    %windir%

    Press "Enter".

  • In the opened folder, rename the folder SoftwareDistribution to SDold.
  • Click Start -> Run and type (or copy and paste):

    cmd

    Press "Enter".

  • Please run the following command in the opened window:

    net start WuAuServ

  • Please check if you receive any error when trying to re-register these components. If not, please try to visit the Windows Update site again.

    Windows Update case SRZ060207002222.
NEXT:

Please patch your Windows XP with the latest updates from Microsoft:
Windows Updates

Or open Internet Explorer, then go to the "Tools" menu -> "Windows Update", and follow the online instructions from there.


NEXT:


Please download and install a firewall. Some good and FREE versions are Comodo, Outpost, or ZoneAlarm.

Note: You must only use 1 (one) firewall at a time because if you have 2 or more firewalls running at the same time, they will conflict with each other and make your security less reliable. Please also remember to turn off Windows Firewall once you have installed a new firewall.


NEXT:

I notice that your system doesnít have an anti-virus program running. This can be suicidal in todayís digital age. :)

So, letís set you up with a FREE and excellent anti-virus program called Active Virus Shield (Powered by Kaspersky). This is a highly ranked and highly regarded anti-virus program by our experts. Itís ranked #3 in the latest anti-virus test here:
http://www.virus.gr/...l...d=85&mnu=85

Please download Active Virus Shield (Powered by Kaspersky) and save it to your desktop.[list]
[*]Please remember to register for your Activation Code using a legitimate email address.
[*]Double-click avs.msi to run the installer, but please uncheck "Install Security Toolbar" during the installation process:


Posted Image

#6 the big show

the big show

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 23 June 2007 - 01:36 AM

Hi and thanks,

I have uploaded the avs scan and the hijack this logfile. I have also run a 2nd avs scan that returns no threats.
Questions:
Comodo will continually report on an avp.exe file Ė It does not advise what to do with this file. The file uses both http80 and ftp21. When I try to upload it to Comodo IE times out. What is this file ?
I have a web accelerator that will not start on Port 8080 as another application is using it. It suggests I should use another port ?
My IE often now times out. I am tempted to remove Comodo ???

Please advise.
The Big Show.

Logfile of HijackThis v1.99.1
Scan saved at 4:12:26 PM, on 23/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iiNet Web Accelerator\PropelAC.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Chris\My Documents\Tools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com.au/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {227A568C-5FCD-317A-7FD3-5A762F4F7026} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\iiNet Web Accelerator\prpl_IePopupBlocker.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\iiNet Web Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF7

#7 the big show

the big show

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 23 June 2007 - 01:38 AM

[quote name='the big show' date='Jun 23 2007, 04:17 PM' post='554595']
[quote name='Sempurna' date='Jun 21 2007, 06:19 PM' post='554013']
Hi The Big Show,

Welcome to SpywareInfo! :wave:

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

You may have been infected with a generic IRCBot which is causing a buffer overflow and general instability on your system. Please do this next:
  • Go to Start -> Run and type (or copy and paste):

    services.msc

    Click "OK".

  • Double-click the service "Automatic Updates".
  • Click on the "Log On" tab, please ensure the option "Local System account" is selected and the option "Allow service to interact with desktop" is unchecked.
  • Check if this service has been enabled on the listed "Hardware Profile" section. If not, please click the "Enable" button to enable it.
  • Click on the "General" tab; make sure the "Startup Type" is "Automatic". Then please click the "Start" button under "Service Status" to start the service.
  • Repeat the above steps with this other service: "Background Intelligent Transfer Service (BITS)".
NEXT:

Re-register Windows Update components and clear the corrupted Windows Update temp folder:
  • Click on Start -> Run.
  • In the open field type (or copy and paste):

    REGSVR32 WUAPI.DLL

    Press "Enter".

  • When you receive the "DllRegisterServer in WUAPI.DLL succeeded" message, click "OK".
  • Please repeat these steps for each of the following commands, ONE AT A TIME:

    REGSVR32 WUAUENG.DLL
    REGSVR32 WUAUENG1.DLL
    REGSVR32 ATL.DLL
    REGSVR32 WUCLTUI.DLL
    REGSVR32 WUPS.DLL
    REGSVR32 WUPS2.DLL
    REGSVR32 WUWEB.DLL
NEXT:

After the above steps are finished and since the temporary folder of Windows Update may be corrupted, please do this next:
  • Click Start -> Run and type (or copy and paste):

    cmd

    Press "Enter".

  • Please run the following command in the opened window:

    net stop WuAuServ

  • Click Start -> Run and type (or copy and paste):

    %windir%

    Press "Enter".

  • In the opened folder, rename the folder SoftwareDistribution to SDold.
  • Click Start -> Run and type (or copy and paste):

    cmd

    Press "Enter".

  • Please run the following command in the opened window:

    net start WuAuServ

  • Please check if you receive any error when trying to re-register these components. If not, please try to visit the Windows Update site again.

    Windows Update case SRZ060207002222.
NEXT:

Please patch your Windows XP with the latest updates from Microsoft:
Windows Updates

Or open Internet Explorer, then go to the "Tools" menu -> "Windows Update", and follow the online instructions from there.


NEXT:


Please download and install a firewall. Some good and FREE versions are Comodo, Outpost, or ZoneAlarm.

Note: You must only use 1 (one) firewall at a time because if you have 2 or more firewalls running at the same time, they will conflict with each other and make your security less reliable. Please also remember to turn off Windows Firewall once you have installed a new firewall.


NEXT:

I notice that your system doesnít have an anti-virus program running. This can be suicidal in todayís digital age. :)

So, letís set you up with a FREE and excellent anti-virus program called Active Virus Shield (Powered by Kaspersky). This is a highly ranked and highly regarded anti-virus program by our experts. Itís ranked #3 in the latest anti-virus test here:
http://www.virus.gr/...l...d=85&mnu=85

Please download Active Virus Shield (Powered by Kaspersky) and save it to your desktop.[list]
[*]Please remember to register for your Activation Code using a legitimate email address.
[*]Double-click avs.msi to run the installer, but please uncheck "Install Security Toolbar" during the installation process:


Posted Image
[/quote]

#8 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 23 June 2007 - 11:54 AM

Hi The Big Show, :wave:

Comodo will continually report on an avp.exe file Ė It does not advise what to do with this file. The file uses both http80 and ftp21. When I try to upload it to Comodo IE times out. What is this file ?

That is the main executable for Active Virus Shield. Allow it access to the Internet, otherwise it wonít be able to automatically update your virus definitions. :)


I have a web accelerator that will not start on Port 8080 as another application is using it. It suggests I should use another port ?
My IE often now times out. I am tempted to remove Comodo ???

Configure your web accelerator to use another port. IE is timing out probably because of this issue.

I donít think that Comodo (or any other firewall) would cause your timeouts. If you allow IE unrestricted access to the Internet, it shouldnít time out. The timeouts are probably due to the configuration of your web accelerator. Remember to configure Comodo to allow your accelerator unrestricted access as well.

Your HijackThis log got cut off. Could you please repost it? Thanks. :)

Use the Posted Image button to reply. That would increase the post length that you can use.

Does the win32 services error still occur?
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#9 the big show

the big show

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 30 June 2007 - 05:58 PM

Hi,

Below is my HJT.

I've not seen the 'Generic' error since.

Thankyou
The Big Show.

Logfile of HijackThis v1.99.1
Scan saved at 4:12:26 PM, on 23/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iiNet Web Accelerator\PropelAC.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Chris\My Documents\Tools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com.au/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {227A568C-5FCD-317A-7FD3-5A762F4F7026} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\iiNet Web Accelerator\prpl_IePopupBlocker.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\iiNet Web Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF79AC68-F0D3-4775-BFDE-19DE6B79B225}: NameServer = 203.0.178.191
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Intel NCS NetService (NetSvc) - Unknown owner - C:\Program Files\Intel\NCS\Sync\NetSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

#10 the big show

the big show

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 30 June 2007 - 06:05 PM

Hi,

Below is my HJT.

I've not seen the 'Generic' error since.

Thankyou
The Big Show.

Logfile of HijackThis v1.99.1
Scan saved at 4:12:26 PM, on 23/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iiNet Web Accelerator\PropelAC.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Chris\My Documents\Tools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com.au/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {227A568C-5FCD-317A-7FD3-5A762F4F7026} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\iiNet Web Accelerator\prpl_IePopupBlocker.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\iiNet Web Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF79AC68-F0D3-4775-BFDE-19DE6B79B225}: NameServer = 203.0.178.191
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Intel NCS NetService (NetSvc) - Unknown owner - C:\Program Files\Intel\NCS\Sync\NetSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

#11 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 01 July 2007 - 02:33 PM

Hi The Big Show, :wave:

Youíre most welcome. Iím glad to hear that the problem has gone away. :)

The log appears to be clean. Just a leftover to fix.

Please run HijackThis and click "Scan". Place a check (tick) next to the following entries (if present):

O2 - BHO: (no name) - {227A568C-5FCD-317A-7FD3-5A762F4F7026} - (no file)


Close ALL programs and browsers (including this one), leaving ONLY HijackThis open, then click "Fix checked".

Then please exit HijackThis.

How are things running now? Any persistent problem or suspicious behaviour on your machine that I should know about?
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button