Options

Help removing a virus

Unknown
edited December 2007 in Spyware & Virus Removal
pretty sure this is a virus causing me problems, hijack this log in next post.

Comments

  • McManus59
    edited December 2007
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:14:48 PM, on 12/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ventrilo\Ventrilo.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\TEMP\ms-3.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [CDriver] c:\Backup_Drivers\svchost.exe
    O4 - HKCU\..\Run: [DDriver] c:\Backup_Drivers\svchost.exe
    O4 - HKCU\..\Run: [alpha] c:\Backup_Drivers\svchost.exe
    O4 - HKCU\..\Run: [beta] c:\Backup_Drivers\svchost.exe
    O4 - HKCU\..\Run: [gamma] c:\Backup_Drivers\svchost.exe
    O4 - HKLM\..\Policies\Explorer\Run: [isamonitor.exe] C:\Program Files\iMediaCodec\isamonitor.exe
    O4 - HKLM\..\Policies\Explorer\Run: [pmsngr.exe] C:\Program Files\iMediaCodec\pmsngr.exe
    O4 - HKLM\..\Policies\Explorer\Run: [CDriver] c:\Backup_Drivers\svchost.exe
    O4 - HKLM\..\Policies\Explorer\Run: [DDriver] c:\Backup_Drivers\svchost.exe
    O4 - HKLM\..\Policies\Explorer\Run: [alpha] c:\Backup_Drivers\svchost.exe
    O4 - HKLM\..\Policies\Explorer\Run: [beta] c:\Backup_Drivers\svchost.exe
    O4 - HKLM\..\Policies\Explorer\Run: [gamma] c:\Backup_Drivers\svchost.exe
    O4 - HKUS\S-1-5-18\..\Run: [DriverLoad] (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DriverCheck] (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [SystemDriverLoad] (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [SystemDriver] (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [FDriver] (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [ADriver] (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [CDriver] c:\Backup_Drivers\svchost.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DDriver] c:\Backup_Drivers\svchost.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [alpha] c:\Backup_Drivers\svchost.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [beta] c:\Backup_Drivers\svchost.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [gamma] c:\Backup_Drivers\svchost.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DriverLoad] (User 'Default user')
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {AB294EC6-7ADA-11D4-9D5F-00B0D04BBD07} (msichat50 Client Control) - http://media.rivals.com/msichat.cab
    O23 - Service: MS Software Shadow Download Provider (dnlsvc) - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\dnlsvc.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)

    --
    End of file - 3501 bytes

    Sorry, wrong version in original post
  • VekaVeka Finland
    edited December 2007
    Hi McManus59. Please post a fresh HijackThis log if you still need help. :)
Sign In or Register to comment.