How do I remove servicehost.defaultGrp?

Meldi
Meldi used Ask the Experts™
on
A box appears as I am logging off that gives the choices  "cancel" or "end now."  I finally learned to click "end now."  However, this annoying problem began when I installed AOL 10.0.
servicehost.defaultGrp seems to interfere with my AOL connectivity.  
 
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2013

Commented:
Meldi--Do you use AdAware?  It may be necessary to uninstall it.  It is an outdate antimalware program, anyway.
And do you use AIM?  You may have to uninstall that too.

Author

Commented:
jcimarron:

Thanks for your suggestions.  My response and action steps:    

I use Ad-Aware, Spyware Terminator, Symantec AntiVirus, Registry Mechanic, and Malwarebytes' Anti-Malware, and run them all frequently.  Each time I run MBAM, it identifies the following infection:  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntivirusDisableNotify (Disabled.SecurityCenter) -> Bad:(1) Good: (0) -> Quarantined and deleted successfully.  

After restarting, as directed by MBAM, AOL connectivity is working.  However, after a shut down, the next time I turn on the computer, AOL connectivity is again no longer working, and I have to go through the whole process again.    

I have never used AIM.  I inactivated AIM as much as the settings allowed when I first installed the latest AOL edition.  Per your suggestion, I tried to uninstall it AIM, but could not find it in the ADD/REMOVE Programs list.

Thanks for your response.   Meldi
Top Expert 2013

Commented:
Meldi--I wonder if you have two separate problems.
1)  Problems caused by the installation of AOL 10.  You say the error message started only when you installed AOL.  What did you use for an ISP before AOL 10?  Can you revert to that ISP?
2)  Problems caused by malware.  MBAM is well regarded, but the fact that it continues to find and quarantine a Registry entry suggests it is not getting rid of the malware that is causing the problem.
Run SuperAntiSpyware http://www.superantispyware.com/
and delete whatever it defines as malware.
Then run HiJackThis. http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html
 If you need help in interpreting the log post it here or run the auto-analysis offered here.  http://www.hijackthis.de/
P.S.  Did you uninstall Adaware?
Acronis in Gartner 2019 MQ for datacenter backup

It is an honor to be featured in Gartner 2019 Magic Quadrant for Datacenter Backup and Recovery Solutions. Gartner’s MQ sets a high standard and earning a place on their grid is a great affirmation that Acronis is delivering on our mission to protect all data, apps, and systems.

Author

Commented:
I uninstalled Ad-Aware and ran SuperAntiSpyware.
I ran HijackThis and obtained the attach log file. I have no idea what to do with it.


hijackthis.log
Top Expert 2013
Commented:
Meldi--I am no expert on HiJackThis logs, but yours looks pretty good.
One item you should probably remove (mainly to see if that solves your problem) is
O4 - Startup: powerreg schedulerv2.exe
ViewpointService.exe
Another one  would be
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)  (it seems to be an orphan ActiveX file)
And then consider these two items --
O16 - DPF: GenealogyBrowser.Cab - http://209.90.101.200/cabs/zinst.cab  There is no need to remove if you know that GenealogyBrowser is a legitimate program.  
C:\Program Files\Viewpoint\Common\ViewpointService.exe  It is a "service" from AOL.  It is not too well regarded.  
The way to remove any or all items is to run HJT again, check the items you want to be rid of in the HJT list and then "Fix" at the bottom left of the HJT screen.

Author

Commented:

O. K.  This sounds good.  I'll try it all and let you know.  Thanks!
Top Expert 2013

Commented:
Meldi--There is a typo in my post above
"O4 - Startup: powerreg schedulerv2.exe
ViewpointService.exe"
should read "O4 - Startup: powerreg schedulerv2.exe"  (Delete ViewpointService.exe--which is covered a few lines later.)

Author

Commented:
jclmarron,

It worked!  I performed a restart, a shut down, and a log off several times after following your sugestions for the HiJackThis log file.  Response is good and servicehost.defaultGrp is GONE!  AOL connectivity is connecting.

I don't know which of the four items in the HiJackThis log was the problem, or if was all of them, but I couldn't be more pleased with the results.  Thank you so much!!!

Meldi
 
Top Expert 2013

Commented:
Meldi--You are most welcome.  

Author

Commented:
I am writing to correct my last post.  I was wrong -  servicehost.defaultGrp is not gone.

Whenever servicehost.defaultGrp displays at log off, AOL fails to launch at the next sign in.  I run MBAM and it displays -  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntivirusDisableNotify (Disabled.SecurityCenter) -> Bad:(1) Good: (0) -> Quarantined and deleted successfully.

I restart and AOL will then launch at that time.  However, at the next log off, the cycle repeats.  I am going to send this information to AOL.  Maybe they will have answers.

I was finally able to remove AIM.  Thanks again.  Meldi  

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial