• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
the big show

Generic Host Process for Win32 Services

11 posts in this topic

Hi,

I continually get the 'Generic Host Process for Win32 Services' error popup when on the Net. It will then freeze my Net connection and I need to reboot. I have recently upgraded to XP SP2.

I 'HAVE' run the WindowsXP-KB894391-x86-ENU.exe Microsoft fix.

 

My HiJack this:

 

Logfile of HijackThis v1.99.1

Scan saved at 4:59:39 PM, on 14/06/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\Program Files\iiNet Web Accelerator\PropelAC.exe

C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Chris\My Documents\Tools\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com.au/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {227A568C-5FCD-317A-7FD3-5A762F4F7026} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\iiNet Web Accelerator\prpl_IePopupBlocker.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\iiNet Web Accelerator\trayctl.exe" /STARTUPLAUNCH

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\iiNet Web Accelerator\pac-addwl.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Refresh Pa≥ with Full Quality - C:\Program Files\iiNet Web Accelerator\pac-page.html

O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\iiNet Web Accelerator\pac-image.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{BF79AC68-F0D3-4775-BFDE-19DE6B79B225}: NameServer = 203.0.178.191

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Intel NCS NetService (NetSvc) - Unknown owner - C:\Program Files\Intel\NCS\Sync\NetSvc.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

 

Regards,

 

The Big Show.

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hi The Big Show,

 

Welcome to SpywareInfo! :wave:

 

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

 

You may have been infected with a generic IRCBot which is causing a buffer overflow and general instability on your system. Please do this next:

  1. Go to Start -> Run and type (or copy and paste):
     
    services.msc
     
    Click "OK".
     
     
  2. Double-click the service "Automatic Updates".
  3. Click on the "Log On" tab, please ensure the option "Local System account" is selected and the option "Allow service to interact with desktop" is unchecked.
  4. Check if this service has been enabled on the listed "Hardware Profile" section. If not, please click the "Enable" button to enable it.
  5. Click on the "General" tab; make sure the "Startup Type" is "Automatic". Then please click the "Start" button under "Service Status" to start the service.
  6. Repeat the above steps with this other service: "Background Intelligent Transfer Service (BITS)".

 

NEXT:

 

Re-register Windows Update components and clear the corrupted Windows Update temp folder:

  1. Click on Start -> Run.
  2. In the open field type (or copy and paste):
     
    REGSVR32 WUAPI.DLL
     
    Press "Enter".
     
     
  3. When you receive the "DllRegisterServer in WUAPI.DLL succeeded" message, click "OK".
  4. Please repeat these steps for each of the following commands, ONE AT A TIME:
     
    REGSVR32 WUAUENG.DLL
    REGSVR32 WUAUENG1.DLL
    REGSVR32 ATL.DLL
    REGSVR32 WUCLTUI.DLL
    REGSVR32 WUPS.DLL
    REGSVR32 WUPS2.DLL
    REGSVR32 WUWEB.DLL

 

NEXT:

 

After the above steps are finished and since the temporary folder of Windows Update may be corrupted, please do this next:

  1. Click Start -> Run and type (or copy and paste):
     
    cmd
     
    Press "Enter".
     
     
  2. Please run the following command in the opened window:
     
    net stop WuAuServ
     
     
  3. Click Start -> Run and type (or copy and paste):
     
    %windir%
     
    Press "Enter".
     
     
  4. In the opened folder, rename the folder SoftwareDistribution to SDold.
  5. Click Start -> Run and type (or copy and paste):
     
    cmd
     
    Press "Enter".
     
     
  6. Please run the following command in the opened window:
     
    net start WuAuServ
     
     
  7. Please check if you receive any error when trying to re-register these components. If not, please try to visit the Windows Update site again.
     
    Windows Update case SRZ060207002222.

 

NEXT:

 

Please patch your Windows XP with the latest updates from Microsoft:

Windows Updates

 

Or open Internet Explorer, then go to the "Tools" menu -> "Windows Update", and follow the online instructions from there.

 

 

NEXT:

 

 

Please download and install a firewall. Some good and FREE versions are Comodo, Outpost, or ZoneAlarm.

 

Note: You must only use 1 (one) firewall at a time because if you have 2 or more firewalls running at the same time, they will conflict with each other and make your security less reliable. Please also remember to turn off Windows Firewall once you have installed a new firewall.

 

 

NEXT:

 

I notice that your system doesn’t have an anti-virus program running. This can be suicidal in today’s digital age. :)

 

So, let’s set you up with a FREE and excellent anti-virus program called Active Virus Shield (Powered by Kaspersky). This is a highly ranked and highly regarded anti-virus program by our experts. It’s ranked #3 in the latest anti-virus test here:

http://www.virus.gr/english/fullxml/defaul...d=85&mnu=85

 

Please download Active Virus Shield (Powered by Kaspersky) and save it to your desktop.

  • Please remember to register for your Activation Code using a legitimate email address.
  • Double-click avs.msi to run the installer, but please uncheck "Install Security Toolbar" during the installation process:
     
     
    ActiveVirusShield.gif
     
     
     
  • Then please update the program and run a scan on "My Computer". Allow it to "Neutralize All" that it finds.
  • When done, launch Active Virus Shield's main window.
     
     
    avshield1.gif
     
     
     
  • Click the "Scan" button on the left, and then click "Detected".
     
     
    avshield2.gif
     
     
     
  • In the ensuing window, click the "Save As" button to save a copy of the log.
  • Copy and paste that log in your next reply.

Note: You must use only 1 (one) AV at a time because if you have 2 or more AVs running at the same time, they will conflict with each other and make your security less reliable.

 

 

NEXT:

 

Please reboot your computer normally into Windows, and then please post the log from the Active Virus Shield scan and a new HijackThis log.

 

How are things running now?

Edited by Sempurna

Share this post


Link to post
Share on other sites

Hi The Big Show,

 

Welcome to SpywareInfo! :wave:

 

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

 

You may have been infected with a generic IRCBot which is causing a buffer overflow and general instability on your system. Please do this next:

  1. Go to Start -> Run and type (or copy and paste):
     
    services.msc
     
    Click "OK".
     
     
  2. Double-click the service "Automatic Updates".
  3. Click on the "Log On" tab, please ensure the option "Local System account" is selected and the option "Allow service to interact with desktop" is unchecked.
  4. Check if this service has been enabled on the listed "Hardware Profile" section. If not, please click the "Enable" button to enable it.
  5. Click on the "General" tab; make sure the "Startup Type" is "Automatic". Then please click the "Start" button under "Service Status" to start the service.
  6. Repeat the above steps with this other service: "Background Intelligent Transfer Service (BITS)".

NEXT:

 

Re-register Windows Update components and clear the corrupted Windows Update temp folder:

  1. Click on Start -> Run.
  2. In the open field type (or copy and paste):
     
    REGSVR32 WUAPI.DLL
     
    Press "Enter".
     
     
  3. When you receive the "DllRegisterServer in WUAPI.DLL succeeded" message, click "OK".
  4. Please repeat these steps for each of the following commands, ONE AT A TIME:
     
    REGSVR32 WUAUENG.DLL
    REGSVR32 WUAUENG1.DLL
    REGSVR32 ATL.DLL
    REGSVR32 WUCLTUI.DLL
    REGSVR32 WUPS.DLL
    REGSVR32 WUPS2.DLL
    REGSVR32 WUWEB.DLL

NEXT:

 

After the above steps are finished and since the temporary folder of Windows Update may be corrupted, please do this next:

  1. Click Start -> Run and type (or copy and paste):
     
    cmd
     
    Press "Enter".
     
     
  2. Please run the following command in the opened window:
     
    net stop WuAuServ
     
     
  3. Click Start -> Run and type (or copy and paste):
     
    %windir%
     
    Press "Enter".
     
     
  4. In the opened folder, rename the folder SoftwareDistribution to SDold.
  5. Click Start -> Run and type (or copy and paste):
     
    cmd
     
    Press "Enter".
     
     
  6. Please run the following command in the opened window:
     
    net start WuAuServ
     
     
  7. Please check if you receive any error when trying to re-register these components. If not, please try to visit the Windows Update site again.
     
    Windows Update case SRZ060207002222.

NEXT:

 

Please patch your Windows XP with the latest updates from Microsoft:

Windows Updates

 

Or open Internet Explorer, then go to the "Tools" menu -> "Windows Update", and follow the online instructions from there.

 

 

NEXT:

 

 

Please download and install a firewall. Some good and FREE versions are Comodo, Outpost, or ZoneAlarm.

 

Note: You must only use 1 (one) firewall at a time because if you have 2 or more firewalls running at the same time, they will conflict with each other and make your security less reliable. Please also remember to turn off Windows Firewall once you have installed a new firewall.

 

 

NEXT:

 

I notice that your system doesn’t have an anti-virus program running. This can be suicidal in today’s digital age. :)

 

So, let’s set you up with a FREE and excellent anti-virus program called Active Virus Shield (Powered by Kaspersky). This is a highly ranked and highly regarded anti-virus program by our experts. It’s ranked #3 in the latest anti-virus test here:

http://www.virus.gr/english/fullxml/defaul...d=85&mnu=85

 

Please download Active Virus Shield (Powered by Kaspersky) and save it to your desktop.

  • Please remember to register for your Activation Code using a legitimate email address.
  • Double-click avs.msi to run the installer, but please uncheck "Install Security Toolbar" during the installation process:
     
     
    ActiveVirusShield.gif
     
     
     
  • Then please update the program and run a scan on "My Computer". Allow it to "Neutralize All" that it finds.
  • When done, launch Active Virus Shield's main window.
     
     
    avshield1.gif
     
     
     
  • Click the "Scan" button on the left, and then click "Detected".
     
     
    avshield2.gif
     
     
     
  • In the ensuing window, click the "Save As" button to save a copy of the log.
  • Copy and paste that log in your next reply.

Note: You must use only 1 (one) AV at a time because if you have 2 or more AVs running at the same time, they will conflict with each other and make your security less reliable.

 

 

NEXT:

 

Please reboot your computer normally into Windows, and then please post the log from the Active Virus Shield scan and a new HijackThis log.

 

How are things running now?

Share this post


Link to post
Share on other sites

Hi The Big Show,

 

Welcome to SpywareInfo! :wave:

 

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

 

You may have been infected with a generic IRCBot which is causing a buffer overflow and general instability on your system. Please do this next:

  1. Go to Start -> Run and type (or copy and paste):
     
    services.msc
     
    Click "OK".
     
     
  2. Double-click the service "Automatic Updates".
  3. Click on the "Log On" tab, please ensure the option "Local System account" is selected and the option "Allow service to interact with desktop" is unchecked.
  4. Check if this service has been enabled on the listed "Hardware Profile" section. If not, please click the "Enable" button to enable it.
  5. Click on the "General" tab; make sure the "Startup Type" is "Automatic". Then please click the "Start" button under "Service Status" to start the service.
  6. Repeat the above steps with this other service: "Background Intelligent Transfer Service (BITS)".

NEXT:

 

Re-register Windows Update components and clear the corrupted Windows Update temp folder:

  1. Click on Start -> Run.
  2. In the open field type (or copy and paste):
     
    REGSVR32 WUAPI.DLL
     
    Press "Enter".
     
     
  3. When you receive the "DllRegisterServer in WUAPI.DLL succeeded" message, click "OK".
  4. Please repeat these steps for each of the following commands, ONE AT A TIME:
     
    REGSVR32 WUAUENG.DLL
    REGSVR32 WUAUENG1.DLL
    REGSVR32 ATL.DLL
    REGSVR32 WUCLTUI.DLL
    REGSVR32 WUPS.DLL
    REGSVR32 WUPS2.DLL
    REGSVR32 WUWEB.DLL

NEXT:

 

After the above steps are finished and since the temporary folder of Windows Update may be corrupted, please do this next:

  1. Click Start -> Run and type (or copy and paste):
     
    cmd
     
    Press "Enter".
     
     
  2. Please run the following command in the opened window:
     
    net stop WuAuServ
     
     
  3. Click Start -> Run and type (or copy and paste):
     
    %windir%
     
    Press "Enter".
     
     
  4. In the opened folder, rename the folder SoftwareDistribution to SDold.
  5. Click Start -> Run and type (or copy and paste):
     
    cmd
     
    Press "Enter".
     
     
  6. Please run the following command in the opened window:
     
    net start WuAuServ
     
     
  7. Please check if you receive any error when trying to re-register these components. If not, please try to visit the Windows Update site again.
     
    Windows Update case SRZ060207002222.

NEXT:

 

Please patch your Windows XP with the latest updates from Microsoft:

Windows Updates

 

Or open Internet Explorer, then go to the "Tools" menu -> "Windows Update", and follow the online instructions from there.

 

 

NEXT:

 

 

Please download and install a firewall. Some good and FREE versions are Comodo, Outpost, or ZoneAlarm.

 

Note: You must only use 1 (one) firewall at a time because if you have 2 or more firewalls running at the same time, they will conflict with each other and make your security less reliable. Please also remember to turn off Windows Firewall once you have installed a new firewall.

 

 

NEXT:

 

I notice that your system doesn’t have an anti-virus program running. This can be suicidal in today’s digital age. :)

 

So, let’s set you up with a FREE and excellent anti-virus program called Active Virus Shield (Powered by Kaspersky). This is a highly ranked and highly regarded anti-virus program by our experts. It’s ranked #3 in the latest anti-virus test here:

http://www.virus.gr/english/fullxml/defaul...d=85&mnu=85

 

Please download Active Virus Shield (Powered by Kaspersky) and save it to your desktop.

[*]Please remember to register for your Activation Code using a legitimate email address.

[*]Double-click avs.msi to run the installer, but please uncheck "Install Security Toolbar" during the installation process:

 

 

ActiveVirusShield.gif

Share this post


Link to post
Share on other sites

Hi and thanks,

 

I have uploaded the avs scan and the hijack this logfile. I have also run a 2nd avs scan that returns no threats.

Questions:

Comodo will continually report on an avp.exe file – It does not advise what to do with this file. The file uses both http80 and ftp21. When I try to upload it to Comodo IE times out. What is this file ?

I have a web accelerator that will not start on Port 8080 as another application is using it. It suggests I should use another port ?

My IE often now times out. I am tempted to remove Comodo ???

 

Please advise.

The Big Show.

 

Logfile of HijackThis v1.99.1

Scan saved at 4:12:26 PM, on 23/06/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\AOL\Active Virus Shield\avp.exe

C:\Program Files\Comodo\Firewall\cmdagent.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe

C:\Program Files\Comodo\Firewall\CPF.exe

C:\Program Files\AOL\Active Virus Shield\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iiNet Web Accelerator\PropelAC.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Chris\My Documents\Tools\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com.au/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {227A568C-5FCD-317A-7FD3-5A762F4F7026} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\iiNet Web Accelerator\prpl_IePopupBlocker.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\iiNet Web Accelerator\trayctl.exe" /STARTUPLAUNCH

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background

O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{BF7

Share this post


Link to post
Share on other sites

Hi The Big Show,

 

Welcome to SpywareInfo! :wave:

 

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

 

You may have been infected with a generic IRCBot which is causing a buffer overflow and general instability on your system. Please do this next:

  1. Go to Start -> Run and type (or copy and paste):
     
    services.msc
     
    Click "OK".
     
     
  2. Double-click the service "Automatic Updates".
  3. Click on the "Log On" tab, please ensure the option "Local System account" is selected and the option "Allow service to interact with desktop" is unchecked.
  4. Check if this service has been enabled on the listed "Hardware Profile" section. If not, please click the "Enable" button to enable it.
  5. Click on the "General" tab; make sure the "Startup Type" is "Automatic". Then please click the "Start" button under "Service Status" to start the service.
  6. Repeat the above steps with this other service: "Background Intelligent Transfer Service (BITS)".

NEXT:

 

Re-register Windows Update components and clear the corrupted Windows Update temp folder:

  1. Click on Start -> Run.
  2. In the open field type (or copy and paste):
     
    REGSVR32 WUAPI.DLL
     
    Press "Enter".
     
     
  3. When you receive the "DllRegisterServer in WUAPI.DLL succeeded" message, click "OK".
  4. Please repeat these steps for each of the following commands, ONE AT A TIME:
     
    REGSVR32 WUAUENG.DLL
    REGSVR32 WUAUENG1.DLL
    REGSVR32 ATL.DLL
    REGSVR32 WUCLTUI.DLL
    REGSVR32 WUPS.DLL
    REGSVR32 WUPS2.DLL
    REGSVR32 WUWEB.DLL

NEXT:

 

After the above steps are finished and since the temporary folder of Windows Update may be corrupted, please do this next:

  1. Click Start -> Run and type (or copy and paste):
     
    cmd
     
    Press "Enter".
     
     
  2. Please run the following command in the opened window:
     
    net stop WuAuServ
     
     
  3. Click Start -> Run and type (or copy and paste):
     
    %windir%
     
    Press "Enter".
     
     
  4. In the opened folder, rename the folder SoftwareDistribution to SDold.
  5. Click Start -> Run and type (or copy and paste):
     
    cmd
     
    Press "Enter".
     
     
  6. Please run the following command in the opened window:
     
    net start WuAuServ
     
     
  7. Please check if you receive any error when trying to re-register these components. If not, please try to visit the Windows Update site again.
     
    Windows Update case SRZ060207002222.

NEXT:

 

Please patch your Windows XP with the latest updates from Microsoft:

Windows Updates

 

Or open Internet Explorer, then go to the "Tools" menu -> "Windows Update", and follow the online instructions from there.

 

 

NEXT:

 

 

Please download and install a firewall. Some good and FREE versions are Comodo, Outpost, or ZoneAlarm.

 

Note: You must only use 1 (one) firewall at a time because if you have 2 or more firewalls running at the same time, they will conflict with each other and make your security less reliable. Please also remember to turn off Windows Firewall once you have installed a new firewall.

 

 

NEXT:

 

I notice that your system doesn’t have an anti-virus program running. This can be suicidal in today’s digital age. :)

 

So, let’s set you up with a FREE and excellent anti-virus program called Active Virus Shield (Powered by Kaspersky). This is a highly ranked and highly regarded anti-virus program by our experts. It’s ranked #3 in the latest anti-virus test here:

http://www.virus.gr/english/fullxml/defaul...d=85&mnu=85

 

Please download Active Virus Shield (Powered by Kaspersky) and save it to your desktop.

[*]Please remember to register for your Activation Code using a legitimate email address.

[*]Double-click avs.msi to run the installer, but please uncheck "Install Security Toolbar" during the installation process:

 

 

ActiveVirusShield.gif

Share this post


Link to post
Share on other sites

Hi The Big Show, :wave:

 

Comodo will continually report on an avp.exe file – It does not advise what to do with this file. The file uses both http80 and ftp21. When I try to upload it to Comodo IE times out. What is this file ?

That is the main executable for Active Virus Shield. Allow it access to the Internet, otherwise it won’t be able to automatically update your virus definitions. :)

 

 

I have a web accelerator that will not start on Port 8080 as another application is using it. It suggests I should use another port ?

My IE often now times out. I am tempted to remove Comodo ???

Configure your web accelerator to use another port. IE is timing out probably because of this issue.

 

I don’t think that Comodo (or any other firewall) would cause your timeouts. If you allow IE unrestricted access to the Internet, it shouldn’t time out. The timeouts are probably due to the configuration of your web accelerator. Remember to configure Comodo to allow your accelerator unrestricted access as well.

 

Your HijackThis log got cut off. Could you please repost it? Thanks. :)

 

Use the t_reply.gif button to reply. That would increase the post length that you can use.

 

Does the win32 services error still occur?

Share this post


Link to post
Share on other sites

Hi,

 

Below is my HJT.

 

I've not seen the 'Generic' error since.

 

Thankyou

The Big Show.

 

Logfile of HijackThis v1.99.1

Scan saved at 4:12:26 PM, on 23/06/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\AOL\Active Virus Shield\avp.exe

C:\Program Files\Comodo\Firewall\cmdagent.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe

C:\Program Files\Comodo\Firewall\CPF.exe

C:\Program Files\AOL\Active Virus Shield\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iiNet Web Accelerator\PropelAC.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Chris\My Documents\Tools\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com.au/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {227A568C-5FCD-317A-7FD3-5A762F4F7026} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\iiNet Web Accelerator\prpl_IePopupBlocker.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\iiNet Web Accelerator\trayctl.exe" /STARTUPLAUNCH

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background

O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{BF79AC68-F0D3-4775-BFDE-19DE6B79B225}: NameServer = 203.0.178.191

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Intel NCS NetService (NetSvc) - Unknown owner - C:\Program Files\Intel\NCS\Sync\NetSvc.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Share this post


Link to post
Share on other sites

Hi,

 

Below is my HJT.

 

I've not seen the 'Generic' error since.

 

Thankyou

The Big Show.

 

Logfile of HijackThis v1.99.1

Scan saved at 4:12:26 PM, on 23/06/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\AOL\Active Virus Shield\avp.exe

C:\Program Files\Comodo\Firewall\cmdagent.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe

C:\Program Files\Comodo\Firewall\CPF.exe

C:\Program Files\AOL\Active Virus Shield\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iiNet Web Accelerator\PropelAC.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Chris\My Documents\Tools\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com.au/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {227A568C-5FCD-317A-7FD3-5A762F4F7026} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\iiNet Web Accelerator\prpl_IePopupBlocker.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\iiNet Web Accelerator\trayctl.exe" /STARTUPLAUNCH

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background

O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{BF79AC68-F0D3-4775-BFDE-19DE6B79B225}: NameServer = 203.0.178.191

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Intel NCS NetService (NetSvc) - Unknown owner - C:\Program Files\Intel\NCS\Sync\NetSvc.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Share this post


Link to post
Share on other sites

Hi The Big Show, :wave:

 

You’re most welcome. I’m glad to hear that the problem has gone away. :)

 

The log appears to be clean. Just a leftover to fix.

 

Please run HijackThis and click "Scan". Place a check (tick) next to the following entries (if present):

 

O2 - BHO: (no name) - {227A568C-5FCD-317A-7FD3-5A762F4F7026} - (no file)

 

 

Close ALL programs and browsers (including this one), leaving ONLY HijackThis open, then click "Fix checked".

 

Then please exit HijackThis.

 

How are things running now? Any persistent problem or suspicious behaviour on your machine that I should know about?

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0