Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
2 Posts
Discussion Starter · #1 ·
On my system configuration utility I have 2 different NvCpl's running but both are in different locations. When I try to disable it from startup tab, the one that is located in "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" always starts up, unless I have it in Diagnostic Startup in which case it doesn't even show up on the startup tab. I imagine this may be a virus/malware/wanttoplaywowonmycomputerbutcantbecauseofthisthingmaybe.

Anyway I am new to this so I'll try to give as much information about this as I can. Browsing around this forum shows that a good start is to show your Hijackthis log I guess so hope you guys can help =D.

Logfile of HijackThis v1.99.1
Scan saved at 1:46:54 PM, on 1/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\lol\Desktop\ProcessExplorer\procexp.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\lol\Desktop\SDelete\sdelete.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\lol\Desktop\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167132712002
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
 

·
Registered
Joined
·
2 Posts
Discussion Starter · #2 ·
I should also mention that I am running windows right now under selective startup with everything in the Startup disabled but the NvCpl (which I am unable to disable from starting up).
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top