Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

help i have trojan horse collected.5.L [RESOLVED]


  • This topic is locked This topic is locked

#76
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,942 posts
Click Start > Run > copy&paste regedit.exe /e C:\msdirectx.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msdirectx" > OK

If the key exists this will create the file C:\msdirectx.txt
Post the content of that file.

Regards,
  • 0

Advertisements


#77
duglartis

duglartis

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 159 posts
hello again nothing happened no txt was created
thanks
  • 0

#78
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,942 posts
  • Download the Registry Search Tool.
  • Unzip the contents of RegSrch.zip to a convenient location.
  • Double-click on RegSrch.vbs.
  • If you have an anti-virus installed it might prompt you about a running script. Please ignore this warning and allow the script to run.
  • In the "Enter search string (case insensitive) and click OK..." box paste this string:
    • msdirectx
  • Click "OK" to search the registry for that string.
  • Wait for a few minutes while it completes the search.
  • Click "OK" to open the results in WordPad.
  • Copy and paste the entire results into your next post.
Regards,
  • 0

#79
duglartis

duglartis

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 159 posts
hi there this is the log file as requested
thanks for your help
REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "msdirectx" 25/07/2005 17:34:24

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_USERS\S-1-5-21-2000478354-1677128483-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"a"="regedit.exe /e C:\\msdirectx.txt \"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\msdirectx\"\\1"

[HKEY_USERS\S-1-5-21-2000478354-1677128483-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"b"="regedit.exe /e C:\\msdirectx.txt \"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\msdirectx\\1"

[HKEY_USERS\S-1-5-21-2000478354-1677128483-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"c"="regedit.exe /e C:\\msdirectx.txt \"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\msdirectx\" > OK\\1"
  • 0

#80
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,942 posts
Good. It looks like we are getting somewhere.

Now repeat the search, but this time have it look for mssvces

Regards,
  • 0

#81
duglartis

duglartis

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 159 posts
hello again now cant get regsrch.vb to work it comes up with a dialog box titled" this file does not have a file associated with it ....
i have redownloaded it but it still did not work
the computer re booted when i first started it today and carried out a stack dump
i dont know if this is relevant
help
  • 0

#82
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,942 posts
It seems as if everytime you run something (executable) the fileassociation changes.

Can you open a Command Prompt and type this command:
assoc .vbs

Maybe if we find out what it is associated with that will tell us something.

Regards,
  • 0

#83
duglartis

duglartis

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 159 posts
HELP it has finally happened the computer has crashed big time as it wont boot up at all now comes up with the error" windows could not start because the following file is missing or corupted
<windows root>\system32\ntoskrnl.exe
please reinstall a copy of the above file
regards
  • 0

#84
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,942 posts
Sorry to hear about the extra problems. :tazz:

I am in doubt what to advise you here.

A repair install might help: http://www.geekstogo...ws_XP-t138.html

but I can't promise you that. It will not destroy any virus or rootkit that is on your computer. Only a complete reformat will.

I'll leave the decision up to you, as it should be.

Regards,
  • 0

#85
duglartis

duglartis

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 159 posts
hi again back up and running i didnt reformat at this stage ran the assoc.vbs in command pronpt as asked and got =ubsfile
here is the log file after getting it running again
Logfile of HijackThis v1.99.1
Scan saved at 11:21:57 a.m., on 31/07/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\documents and settings\dug and tania\my documents\downloads\regprot.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\dllhost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avgemc.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\SYSTEM32\cmd.exe
C:\Documents and Settings\Dug And Tania\My Documents\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://netaccess.co.nz/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [RegProt] c:\documents and settings\dug and tania\my documents\downloads\regprot.exe /start
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Linked ima&ges - C:\Program Files\IEimage\IEimage.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: http://www.giftedonl...edusearch.co.nz
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1098860877234
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{62AC063D-A459-4836-B78F-3EDA6D280C19}: NameServer = 202.37.101.1 202.37.101.2
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\prime95.exe (file missing)

cheers
  • 0

Advertisements


#86
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,942 posts
Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\prime95.exe (file missing)

In the command prompt type:
ASSOC .vbs=vbsfile
and hit ENTER (this should be confirmed in the command prompt)

Double-click on RegSrch.vbs.
In the "Enter search string (case insensitive) and click OK..." box paste this string:
mssvces
Click "OK" to search the registry for that string.
Wait for a few minutes while it completes the search.
Click "OK" to open the results in WordPad.
Copy and paste the entire results into your next post.

Regards,
  • 0

#87
duglartis

duglartis

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 159 posts
hello
confirmed the vbs in the prompt
no results for the regsrch when looking for "mssvces"
fixed the hijack this log have new log file attached
ogfile of HijackThis v1.99.1
Scan saved at 9:49:45 p.m., on 31/07/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\documents and settings\dug and tania\my documents\downloads\regprot.exe
C:\WINDOWS\System32\mwupdate32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dug And Tania\My Documents\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://netaccess.co.nz/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [RegProt] c:\documents and settings\dug and tania\my documents\downloads\regprot.exe /start
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [microsft windows updates] mwupdate32.exe
O4 - HKLM\..\RunServices: [microsft windows updates] mwupdate32.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Linked ima&ges - C:\Program Files\IEimage\IEimage.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O15 - Trusted Zone: http://www.giftedonl...edusearch.co.nz
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1098860877234
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{62AC063D-A459-4836-B78F-3EDA6D280C19}: NameServer = 202.37.101.1 202.37.101.2
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

cheers
  • 0

#88
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,942 posts
How did these slip past Regprot? :tazz:

O4 - HKLM\..\Run: [microsft windows updates] mwupdate32.exe
O4 - HKLM\..\RunServices: [microsft windows updates] mwupdate32.exe

Fix them and delete:
C:\WINDOWS\System32\mwupdate32.exe
in safe mode.

Regards,
  • 0

#89
duglartis

duglartis

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 159 posts
they slipped past regprot because i didnt know any better whoops
here is the log file

Logfile of HijackThis v1.99.1
Scan saved at 9:14:45 p.m., on 1/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\documents and settings\dug and tania\my documents\downloads\regprot.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dug And Tania\My Documents\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://netaccess.co.nz/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [RegProt] c:\documents and settings\dug and tania\my documents\downloads\regprot.exe /start
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Linked ima&ges - C:\Program Files\IEimage\IEimage.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O15 - Trusted Zone: http://www.giftedonl...edusearch.co.nz
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1098860877234
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{62AC063D-A459-4836-B78F-3EDA6D280C19}: NameServer = 202.37.101.1 202.37.101.2
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

thanks for your help
whats next?
  • 0

#90
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,942 posts
The next step will take a lot of reading on your part.

Download and install ProcessGuard:
http://www.diamondcs...u/processguard/
Set it up as described here:
http://www.commontol...secure_pg3.html
Take it step by step and take the time to do it right.

Regards,
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP