Question about identifying what you've picked up, when you suspect you've picked up a virus/worm etc. When looking for solutions on the web, it seems as though most of the removal tools out there are for specific infections.
For instance: I went to the site ET listed for his "list of freeware" thread, and it seems that there are lots of programs to use, but most seem to be written to deal with a specific virus'/strains etc. My wife's computer started having trouble last week, saying she needed to run checkdisk most times after logging on, rebooting on it's own, and tons and tons of DLL file corruptions. As the week wore on (and we looked for removal tools to fix the issue), the virus continued to eat up programs and files, working it's way through her whole computer.
We regularly use AVG and SUPERantispyware (as well as adaware SE), but they are not finding anything but occasional tracking cookies. I even went to a site I found to check out the running processes from the task manager, but everything checked out legit.
We're looking to buy Norton next week, but I've been trying to stay off the net until then. Is this a good plan, or would my money be better spent on a different software package? the local computer shop is gonna charge me a boatload to check out her system, and fix whatever needs fixing; so I have to be smart about how I deal with this.
Any help, advice or insight would be greatly appreciated.
thanks,
Tim
Virus help?
Moderator: ElTaco
Virus help?
Winston Wolf:
If I'm curt with you it's because time is a factor. I think fast, I talk fast and I need you guys to act fast if you wanna get out of this. So, pretty please... with sugar on top. Clean the fucking car!
If I'm curt with you it's because time is a factor. I think fast, I talk fast and I need you guys to act fast if you wanna get out of this. So, pretty please... with sugar on top. Clean the fucking car!
-
Mister Bushice
- Drinking all the beer Luther left behind
- Posts: 9490
- Joined: Fri Jan 14, 2005 2:39 pm
How old is the box?
If its XP, turn off the auto reboot function so you can see if it'll give you an error reason for the auto reboot.
To do that
Right click on My Computer
Select "Properties"
Select the Advanced Tab->Startup & Recovery section
Select the Settings button
uncheck "Automatically restart" Apply".
Then restart, and see what error comes up.
Norton won't solve your problem, it's just another anti virus program, although I do think they will allow a free system check on their website. Antivirus programs don't work if someone clicks on the wrong thing on the internet, or in an email attachment.
if you can, write down What dlls are showing up as bad.
This place might have some of the corrupted ones, if you don't have original system disks.
http://www.dll-files.com/
And here are some instructions for how to repair from the windows xp original cd. EM will be along shortly to remind to restore to a previous day.
If its XP, turn off the auto reboot function so you can see if it'll give you an error reason for the auto reboot.
To do that
Right click on My Computer
Select "Properties"
Select the Advanced Tab->Startup & Recovery section
Select the Settings button
uncheck "Automatically restart" Apply".
Then restart, and see what error comes up.
Norton won't solve your problem, it's just another anti virus program, although I do think they will allow a free system check on their website. Antivirus programs don't work if someone clicks on the wrong thing on the internet, or in an email attachment.
if you can, write down What dlls are showing up as bad.
This place might have some of the corrupted ones, if you don't have original system disks.
http://www.dll-files.com/
And here are some instructions for how to repair from the windows xp original cd. EM will be along shortly to remind to restore to a previous day.
1/ Place your Windows XP CD into your CD-ROM and Reboot your PC
2/ XP's setup program will automatically start and files will be loaded to memory
3/When you reach the Welcome to Setup screen choose the Repair option by pressing R
4/ This will start the Recovery console and the list of Windows installations will appear
5/ As you only have one installation on your PC you need to press the number which is relevant to your installations location. This, obviously will typically be 1
6/ Type in your Administrator password. If you are using Windows XP Home edition the administrator password is blank by default so simply press Enter
7/Now type bootcfg /list
8/ A list will now appear of all the entries in your boot.ini file
9/ Next type bootcfg /rebuild
10/ Your boot.ini file should now be repaired
11/ Finally remove your XP CD from the CD-ROM and then type Exit
12/ Reboot your machine to see if the the problem has been cured
If this were a dictatorship, it'd be a heck of a lot easier, just so long as I'm the dictator." —GWB Washington, D.C., Dec. 19, 2000
Martyred wrote: Hang in there, Whitey. Smart people are on their way with dictionaries.
War Wagon wrote:being as how I've got "stupid" draped all over, I'm not really sure.
We tried to restore her computer to several points.....the virus kept going like I had fed it a can of spinach....
I've had her make several restore points over the last about 6 months, or so, but that didn't work.
Finally, last ditch effort: We tried using the recovery CD that came with her computer, to try to reset it to factory defaults....(after backing up E-mails, pictures, etc to my computer on the network; so I could burn them off), but the recovery CD seems to have a scratch/hairline crack, which prevents the computer from reading all recovery files. FUCK me some more MURPHY?
THEN!!! my computer started acting up. I freakin' burned her shit off, wrote "INFECTED" accross thje CD, and deleted the shit from my computer. (I haven't had any more trouble BTW, but that's why I was asking about the virus indentification method).
Thanks for the reply.
I've had her make several restore points over the last about 6 months, or so, but that didn't work.
Finally, last ditch effort: We tried using the recovery CD that came with her computer, to try to reset it to factory defaults....(after backing up E-mails, pictures, etc to my computer on the network; so I could burn them off), but the recovery CD seems to have a scratch/hairline crack, which prevents the computer from reading all recovery files. FUCK me some more MURPHY?
THEN!!! my computer started acting up. I freakin' burned her shit off, wrote "INFECTED" accross thje CD, and deleted the shit from my computer. (I haven't had any more trouble BTW, but that's why I was asking about the virus indentification method).
Thanks for the reply.
Winston Wolf:
If I'm curt with you it's because time is a factor. I think fast, I talk fast and I need you guys to act fast if you wanna get out of this. So, pretty please... with sugar on top. Clean the fucking car!
If I'm curt with you it's because time is a factor. I think fast, I talk fast and I need you guys to act fast if you wanna get out of this. So, pretty please... with sugar on top. Clean the fucking car!
-
Mister Bushice
- Drinking all the beer Luther left behind
- Posts: 9490
- Joined: Fri Jan 14, 2005 2:39 pm
I've hadgood luck tracking down the occasional virus by googling the exact problem, like "auto reboots", or "xxx.dll corrupt" message.Tiny wrote:that's why I was asking about the virus indentification method).
Thanks for the reply.
There are so many viruses out there, that sometimes you can only search by symptoms. Some of them dupe the names of real files to hide in.
If her puter aint't that old, maybe get a replacement for the damaged system disks? probably cheaper than a tech visit these days.
Then you can wipe it and start fresh.
Not ultimately up to speed on Hijack this.....but here's the log file from the scan.....See what happens....
Logfile of HijackThis v1.99.1
Scan saved at 3:33:07 PM, on 1/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\User\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com
O1 - Hosts: 205.238.40.1 winmx.com
O1 - Hosts: 205.238.40.1 http://www.winmx.com
O1 - Hosts: 205.238.40.1 err.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3311.z1301.winmx.com
O1 - Hosts: 82.195.155.6 c3312.z1301.winmx.com
O1 - Hosts: 82.195.155.7 c3313.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3314.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3315.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3316.z1301.winmx.com
O1 - Hosts: 82.195.155.6 c3317.z1301.winmx.com
O1 - Hosts: 82.195.155.7 c3318.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3319.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3311.z1302.winmx.com
O1 - Hosts: 82.195.155.6 c3312.z1302.winmx.com
O1 - Hosts: 82.195.155.7 c3313.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3314.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3315.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3316.z1302.winmx.com
O1 - Hosts: 82.195.155.6 c3317.z1302.winmx.com
O1 - Hosts: 82.195.155.7 c3318.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3319.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3311.z1303.winmx.com
O1 - Hosts: 82.195.155.6 c3312.z1303.winmx.com
O1 - Hosts: 82.195.155.7 c3313.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3314.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3315.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3316.z1303.winmx.com
O1 - Hosts: 82.195.155.6 c3317.z1303.winmx.com
O1 - Hosts: 82.195.155.7 c3318.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3319.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3311.z1304.winmx.com
O1 - Hosts: 82.195.155.6 c3312.z1304.winmx.com
O1 - Hosts: 82.195.155.7 c3313.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3314.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3315.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3316.z1304.winmx.com
O1 - Hosts: 82.195.155.6 c3317.z1304.winmx.com
O1 - Hosts: 82.195.155.7 c3318.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3319.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1305.winmx.com
O1 - Hosts: 205.238.40.2 c3311.z1305.winmx.com
O1 - Hosts: 82.195.155.6 c3312.z1305.winmx.com
O1 - Hosts: 82.195.155.7 c3313.z1305.winmx.com
O1 - Hosts: 209.67.209.50 c3314.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3315.z1305.winmx.com
O1 - Hosts: 205.238.40.2 c3316.z1305.winmx.com
O1 - Hosts: 82.195.155.6 c3317.z1305.winmx.com
O1 - Hosts: 82.195.155.7 c3318.z1305.winmx.com
O1 - Hosts: 209.67.209.50 c3319.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3311.z1306.winmx.com
O1 - Hosts: 82.195.155.6 c3312.z1306.winmx.com
O1 - Hosts: 82.195.155.7 c3313.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3314.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3315.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3316.z1306.winmx.com
O1 - Hosts: 82.195.155.6 c3317.z1306.winmx.com
O1 - Hosts: 82.195.155.7 c3318.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3521.z1301.winmx.com
O1 - Hosts: 82.195.155.6 c3522.z1301.winmx.com
O1 - Hosts: 82.195.155.7 c3523.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3524.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3525.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3526.z1301.winmx.com
O1 - Hosts: 82.195.155.6 c3527.z1301.winmx.com
O1 - Hosts: 82.195.155.7 c3528.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3529.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3521.z1302.winmx.com
O1 - Hosts: 82.195.155.6 c3522.z1302.winmx.com
O1 - Hosts: 82.195.155.7 c3523.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3524.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3525.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3526.z1302.winmx.com
O1 - Hosts: 82.195.155.6 c3527.z1302.winmx.com
O1 - Hosts: 82.195.155.7 c3528.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3529.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3521.z1303.winmx.com
O1 - Hosts: 82.195.155.6 c3522.z1303.winmx.com
O1 - Hosts: 82.195.155.7 c3523.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3524.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3525.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3526.z1303.winmx.com
O1 - Hosts: 82.195.155.6 c3527.z1303.winmx.com
O1 - Hosts: 82.195.155.7 c3528.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3529.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3521.z1304.winmx.com
O1 - Hosts: 82.195.155.6 c3522.z1304.winmx.com
O1 - Hosts: 82.195.155.7 c3523.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3524.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3525.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3526.z1304.winmx.com
O1 - Hosts: 82.195.155.6 c3527.z1304.winmx.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3854369000
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
I don't know what is up with all that WinMX crap, I don't even show a WinMX in my program files....This is rather new too, as I scanned it earlier this week, and that stuff wasn't there then.
Ideas?
Logfile of HijackThis v1.99.1
Scan saved at 3:33:07 PM, on 1/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\User\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com
O1 - Hosts: 205.238.40.1 winmx.com
O1 - Hosts: 205.238.40.1 http://www.winmx.com
O1 - Hosts: 205.238.40.1 err.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3311.z1301.winmx.com
O1 - Hosts: 82.195.155.6 c3312.z1301.winmx.com
O1 - Hosts: 82.195.155.7 c3313.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3314.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3315.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3316.z1301.winmx.com
O1 - Hosts: 82.195.155.6 c3317.z1301.winmx.com
O1 - Hosts: 82.195.155.7 c3318.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3319.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3311.z1302.winmx.com
O1 - Hosts: 82.195.155.6 c3312.z1302.winmx.com
O1 - Hosts: 82.195.155.7 c3313.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3314.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3315.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3316.z1302.winmx.com
O1 - Hosts: 82.195.155.6 c3317.z1302.winmx.com
O1 - Hosts: 82.195.155.7 c3318.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3319.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3311.z1303.winmx.com
O1 - Hosts: 82.195.155.6 c3312.z1303.winmx.com
O1 - Hosts: 82.195.155.7 c3313.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3314.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3315.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3316.z1303.winmx.com
O1 - Hosts: 82.195.155.6 c3317.z1303.winmx.com
O1 - Hosts: 82.195.155.7 c3318.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3319.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3311.z1304.winmx.com
O1 - Hosts: 82.195.155.6 c3312.z1304.winmx.com
O1 - Hosts: 82.195.155.7 c3313.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3314.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3315.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3316.z1304.winmx.com
O1 - Hosts: 82.195.155.6 c3317.z1304.winmx.com
O1 - Hosts: 82.195.155.7 c3318.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3319.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1305.winmx.com
O1 - Hosts: 205.238.40.2 c3311.z1305.winmx.com
O1 - Hosts: 82.195.155.6 c3312.z1305.winmx.com
O1 - Hosts: 82.195.155.7 c3313.z1305.winmx.com
O1 - Hosts: 209.67.209.50 c3314.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3315.z1305.winmx.com
O1 - Hosts: 205.238.40.2 c3316.z1305.winmx.com
O1 - Hosts: 82.195.155.6 c3317.z1305.winmx.com
O1 - Hosts: 82.195.155.7 c3318.z1305.winmx.com
O1 - Hosts: 209.67.209.50 c3319.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3311.z1306.winmx.com
O1 - Hosts: 82.195.155.6 c3312.z1306.winmx.com
O1 - Hosts: 82.195.155.7 c3313.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3314.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3315.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3316.z1306.winmx.com
O1 - Hosts: 82.195.155.6 c3317.z1306.winmx.com
O1 - Hosts: 82.195.155.7 c3318.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3521.z1301.winmx.com
O1 - Hosts: 82.195.155.6 c3522.z1301.winmx.com
O1 - Hosts: 82.195.155.7 c3523.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3524.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3525.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3526.z1301.winmx.com
O1 - Hosts: 82.195.155.6 c3527.z1301.winmx.com
O1 - Hosts: 82.195.155.7 c3528.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3529.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3521.z1302.winmx.com
O1 - Hosts: 82.195.155.6 c3522.z1302.winmx.com
O1 - Hosts: 82.195.155.7 c3523.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3524.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3525.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3526.z1302.winmx.com
O1 - Hosts: 82.195.155.6 c3527.z1302.winmx.com
O1 - Hosts: 82.195.155.7 c3528.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3529.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3521.z1303.winmx.com
O1 - Hosts: 82.195.155.6 c3522.z1303.winmx.com
O1 - Hosts: 82.195.155.7 c3523.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3524.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3525.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3526.z1303.winmx.com
O1 - Hosts: 82.195.155.6 c3527.z1303.winmx.com
O1 - Hosts: 82.195.155.7 c3528.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3529.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3521.z1304.winmx.com
O1 - Hosts: 82.195.155.6 c3522.z1304.winmx.com
O1 - Hosts: 82.195.155.7 c3523.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3524.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3525.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3526.z1304.winmx.com
O1 - Hosts: 82.195.155.6 c3527.z1304.winmx.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3854369000
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
I don't know what is up with all that WinMX crap, I don't even show a WinMX in my program files....This is rather new too, as I scanned it earlier this week, and that stuff wasn't there then.
Ideas?
Winston Wolf:
If I'm curt with you it's because time is a factor. I think fast, I talk fast and I need you guys to act fast if you wanna get out of this. So, pretty please... with sugar on top. Clean the fucking car!
If I'm curt with you it's because time is a factor. I think fast, I talk fast and I need you guys to act fast if you wanna get out of this. So, pretty please... with sugar on top. Clean the fucking car!
BTW:
This is the log file from my computer, as her computer is already in the shop. When we tried to format her's, and start all over (reload it with a new version of Windows), it gave an us error message stating that the hard drive might be bad, and the load could not be completed. At that point, I gave up, and took it to the Computer repair shop.
Funny, my computer didn't really start having troubles again, until I posted on here the other day, that it seemed to be running OK for now....Figures.
This is the log file from my computer, as her computer is already in the shop. When we tried to format her's, and start all over (reload it with a new version of Windows), it gave an us error message stating that the hard drive might be bad, and the load could not be completed. At that point, I gave up, and took it to the Computer repair shop.
Funny, my computer didn't really start having troubles again, until I posted on here the other day, that it seemed to be running OK for now....Figures.
Winston Wolf:
If I'm curt with you it's because time is a factor. I think fast, I talk fast and I need you guys to act fast if you wanna get out of this. So, pretty please... with sugar on top. Clean the fucking car!
If I'm curt with you it's because time is a factor. I think fast, I talk fast and I need you guys to act fast if you wanna get out of this. So, pretty please... with sugar on top. Clean the fucking car!
WinMX was a peer to peer file sharing utility that shutdown in 2005.
Subsequent to the shutdown another group enabled the continuation of sharing files and such, but putting those entries into the "hosts" file.
Basically, the software was configured to communicate with "c3310.z1301.winmx.com" for instance, when the whole thing shutdown and "c3310.z1301.winmx.com" no longer existed the host file would "trick" your pc and associated any request to "c3310.z1301.winmx.com" with ..... 205.238.40.1
I'm not even sure that works anymore, I don't know.
That's it's on your machine suggests somebody used WinMX in the past on it and while the software might be un-installed and no longer detectable, the UN-INSTALL does not remove the host file entries, because ..... they were never really a part of the software to begin with (when WinMX was legitimate).
Aside from that I don't really see anything that sticks out in the log.
Subsequent to the shutdown another group enabled the continuation of sharing files and such, but putting those entries into the "hosts" file.
Basically, the software was configured to communicate with "c3310.z1301.winmx.com" for instance, when the whole thing shutdown and "c3310.z1301.winmx.com" no longer existed the host file would "trick" your pc and associated any request to "c3310.z1301.winmx.com" with ..... 205.238.40.1
I'm not even sure that works anymore, I don't know.
That's it's on your machine suggests somebody used WinMX in the past on it and while the software might be un-installed and no longer detectable, the UN-INSTALL does not remove the host file entries, because ..... they were never really a part of the software to begin with (when WinMX was legitimate).
Aside from that I don't really see anything that sticks out in the log.
With all the horseshit around here, you'd think there'd be a pony somewhere.
Well, A quick google search this morning, lead me to this site:
KRC AntiSpyware removal tutorial
After following the steps listed (and taking about 4 hours to complete), this is the hijack this log file that I have now:
Logfile of HijackThis v1.99.1
Scan saved at 11:51:23 PM, on 1/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\User\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3854369000
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
That's after following all instructions at the link, and cleaning up the hard drive of major proportions. I think it said I cleaned up somewhere around 1.5 - 2 gigs of hard drive space, just cleaning house.
KRC AntiSpyware removal tutorial
After following the steps listed (and taking about 4 hours to complete), this is the hijack this log file that I have now:
Logfile of HijackThis v1.99.1
Scan saved at 11:51:23 PM, on 1/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\User\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3854369000
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
That's after following all instructions at the link, and cleaning up the hard drive of major proportions. I think it said I cleaned up somewhere around 1.5 - 2 gigs of hard drive space, just cleaning house.
Winston Wolf:
If I'm curt with you it's because time is a factor. I think fast, I talk fast and I need you guys to act fast if you wanna get out of this. So, pretty please... with sugar on top. Clean the fucking car!
If I'm curt with you it's because time is a factor. I think fast, I talk fast and I need you guys to act fast if you wanna get out of this. So, pretty please... with sugar on top. Clean the fucking car!