Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

NvCpl.dll - Can't get rid of it [CLOSED]

Started by Tomsk , Aug 06 2005 12:49 PM

  • This topic is locked This topic is locked

#1
Tomsk
Posted 06 August 2005 - 12:49 PM

Tomsk

    Member

  • Member
  • PipPip
  • 10 posts
Hi guys. Great site. Had a look through to see what you had recomended to other people with this prob. I have tried deleting the nvcpl.dll, but it just comes back again. I have run about 5 different virus/spyware checkers, but nothing seems to pick it up. I get a little warning when I turn my comp on since I deleted the file directly myself. My comp takes about 3 mins to shut down now, and has randomly restarted itself for no reason. Also, when I use chat rooms, the Java doesn't work properly so I can't scroll down, although I don't know if this is related. Any ideas would be greatly appreciated.

Cheers.

logfile of HijackThis v1.99.1
Scan saved at 19:42:01, on 06/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Thomson\SpeedTouch USB\stdialup.exe
C:\Documents and Settings\User\Desktop\PC Tools\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SATARaid.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1117543891182
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

Advertisements

#2
Justin
Posted 06 August 2005 - 03:10 PM

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello, welcome to the GeekstoGo Forums!

My name is Justin, and I will be helping you clean up your system. Lets get started!

I need you to download MWav to a convenient location.

This scan might take around 3+ hours to finish when set to scan everything.
I need you to run MWav by double-clicking on mwav.exe.
Put a check next to the below items before scanning:
  • Memory
  • Startup Folders
  • Drive - All Local Drives
  • Folder - then click "browse" to change the directory to C: (default is C:\Windows)
  • Registry
  • System Folders
  • Services
  • Include Sub-Directory
  • Scan All Files
Please make sure ALL of these are checked, then press the Scan button. This typically will take hours to complete.

**NOTE*** Sometimes MWav will pause and it appears to be finished, but it isn't done. Just let it run until it says it's complete.

On the bottom portion of the window, you will see the lower panel where MWav is listing "infected items". When it's done scanning, please highlight everything in that lower panel and copy them by holding CTRL + C then paste it here. The whole log will be extremely BIG so there is no way to post the log. I just need the infected items list.
  • 0

#3
Tomsk
Posted 11 August 2005 - 01:30 AM

Tomsk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thanks for the quick response. My comp is restarting itself more regularly than before now. This is the log I ended up with:

File C:\Documents and Settings\User\Desktop\Programs\Stuff\setup cd burner.exe tagged as "not-a-virus:AdWare.SaveNow.z". Action Taken: No Action Taken.
Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "iSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{99180163-DA16-101A-935C-444553540000}" refers to invalid object "recncl.dll". Action Taken: No Action Taken.
File C:\Documents and Settings\User\Desktop\Programs\Stuff\setup cd burner.exe tagged as "not-a-virus:AdWare.SaveNow.z". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{AC792CC4-A916-4480-8E0F-DDE5128E0F2B}\RP52\A0008515.exe infected by "Trojan-Downloader.NSIS.Agent.b" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{AC792CC4-A916-4480-8E0F-DDE5128E0F2B}\RP52\A0008591.exe infected by "Trojan-Downloader.NSIS.Agent.b" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{AC792CC4-A916-4480-8E0F-DDE5128E0F2B}\RP57\A0009882.dll tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{AC792CC4-A916-4480-8E0F-DDE5128E0F2B}\RP82\A0023602.exe infected by "Trojan-Dropper.Win32.Delf.fl" Virus! Action Taken: No Action Taken.
File D:\WINDOWS\Desktop\Stuff\setup cd burner.exe tagged as "not-a-virus:AdWare.SaveNow.z". Action Taken: No Action Taken.
File D:\WINDOWS\Desktop\New Folder (2)\Output\Winamp505pro+keygen.exe infected by "Trojan-Dropper.Win32.Delf.fl" Virus! Action Taken: No Action Taken.
File D:\WINDOWS\Temporary Internet Files\Content.IE5\1XSQH49Z\download3[1].ani infected by "Exploit.Win32.IMG-ANI.c" Virus! Action Taken: No Action Taken.
File D:\WINDOWS\Temporary Internet Files\Content.IE5\O3ZJY4PL\eifr[1].php infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
File D:\WINDOWS\Temporary Internet Files\Content.IE5\Y5P63Q5O\doit[1].exe infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
File D:\WINDOWS\Temporary Internet Files\Content.IE5\H7BFPPSE\archive[1].jar infected by "Trojan.Java.ClassLoader.z" Virus! Action Taken: No Action Taken.
File D:\WINDOWS\Temporary Internet Files\Content.IE5\H7BFPPSE\msits[1].htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
File D:\WINDOWS\Temporary Internet Files\Content.IE5\H7BFPPSE\mycashpay[1].htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
File D:\System Volume Information\_restore{AC792CC4-A916-4480-8E0F-DDE5128E0F2B}\RP88\A0025436.exe infected by "Trojan.Win32.Dialer.gp" Virus! Action Taken: No Action Taken.
File D:\System Volume Information\_restore{AC792CC4-A916-4480-8E0F-DDE5128E0F2B}\RP88\A0025437.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File D:\System Volume Information\_restore{AC792CC4-A916-4480-8E0F-DDE5128E0F2B}\RP89\A0025570.exe infected by "Trojan.Win32.StartPage.rr" Virus! Action Taken: No Action Taken.
  • 0

#4
Justin
Posted 11 August 2005 - 02:45 AM

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello!

Sorry for all of the scans, but this will be the easiest way to figure out what the problem is. :tazz:

Please update, configure, and run Ad-aware and Spybot S&D as below:
Make sure you're using the latest version of Ad-aware(Ad-aware SE 1.06) If you're using an older version, download Ad-aware SE Personal 1.06 and install it.

Before scanning with Ad-aware SE Free:
Run a FULL adaware scan using the following configuration below
  • Update
    • Select Check for updates.
    • Then Connect and download SE1R28 16.02.2005 .
  • Click Start
  • Select Perform Full System Scan and hit Next to let Ad-Aware scan your drives.
  • It will list malware files and registry keys. Click Next.
  • Under the Critical Objects tab, rightclick in the list, choose Select All, then Next.
  • It will ask for verification of checked items-. Choose OK.
  • Close Ad-Aware, Shut down and reboot your system.
Scanning in Spybot Search and Destroy:

1. Download and Install Spybot S&D, accepting the Default Settings
(Please ensure you have version 1.3 final.)
Home - The home of Spybot-S&D!: http://www.safer-networking.org/
Here is a nice Tutorial http://www.safer-net...p?page=tutorial

2. Go to Start > Programs >Spybot Search & Destroy and choose 'Spybot S&D'

3. Close ALL windows except Spybot S&D

4. Click the button 'Search for Updates' and download and install the Updates.

5. Next click the button 'Check for Problems'

6. When Spybot is complete, it will be showing 'RED' (RED) entries BLACK entries and GREEN (GREEN) entries in the window

7. Make sure there is a check mark beside the RED (RED) entries ONLY.

8. Choose Fix Selected Problems and allow Spybot to fix the RED (RED) entries.

9. REBOOT

Also, run at least 2 of these online virus scans:

Housecall<<<Put on 'Autoclean' and delete what it can't clean.
Panda ActiveScan<<<Accept default settings, save and post the log
RAV online scan<<<Add a check by 'Autoclean', leave everything else as is.
eTrust Antivirus Web Scan<<<'Cure' whatever is found, then delete if unsuccessful
Bitdefender ScanOnline<<<Place a check by everything under 'Scan Options'.
Command on Demand

Also run an online trojan scan here: http://www.trojanscan.com/
Reboot when finished.

Re-run HijackThis and post the new log.
  • 0

#5
Tomsk
Posted 12 August 2005 - 12:14 PM

Tomsk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thanks again for your quick reply.

Have run all of the programs/online scans that you posted. Here is an updated HJ log:

Logfile of HijackThis v1.99.1
Scan saved at 19:12:55, on 12/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\Program Files\a2\a2guard.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
c:\program files\softwin\bitdefender8\bdmcon.exe
C:\Documents and Settings\User\Desktop\PC Tools\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SATARaid.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1117543891182
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6CFD76A5-683C-4C84-AC06-F738CFB6EBDA}: NameServer = 194.168.4.100 194.168.8.100
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
  • 0

#6
Justin
Posted 12 August 2005 - 12:30 PM

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello!

PandaScan should have given you a document of what it found and if it was fixed or not. Could you please post that for me?

Thanks! :tazz:
  • 0

#7
Tomsk
Posted 19 August 2005 - 08:23 AM

Tomsk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi. Pandascan won't run on my comp now. I have reports from the other scans that I did tho. This is the RavScan one:

C:\Documents and Settings\User\Desktop\Program Files\WinRAR\Uninstall.exe - Backdoor:Win32/Poebot.E -> Suspicious
C:\Documents and Settings\User\Desktop\Programs\Reason\wrar342.exe->(RARSfx)->Uninstall.exe - Backdoor:Win32/Poebot.E -> Suspicious
C:\Documents and Settings\User\Desktop\Programs\Stuff\wrar341.exe->(RARSfx)->Uninstall.exe - Backdoor:Win32/Poebot.E -> Suspicious
D:\WINDOWS\Desktop\Stuff\wrar341.exe->(RARSfx)->Uninstall.exe - Backdoor:Win32/Poebot.E -> Suspicious
D:\WINDOWS\Desktop\Reason\wrar342.exe->(RARSfx)->Uninstall.exe - Backdoor:Win32/Poebot.E -> Suspicious
D:\WINDOWS\Temporary Internet Files\Content.IE5\H7BFPPSE\archive[1].jar->Beyond.class - TrojanDownloader:Java/OpenConnection.F -> Infected
D:\Program Files\WinRAR\Uninstall.exe - Backdoor:Win32/Poebot.E -> Suspicious

Directories: 7670
Archives: 7953
Size(Kb): 1870830
Infected files: 1

Found
============================
Viruses found: 1
Suspicious files: 6
Disinfected files: 0
Mail files: 1341
  • 0

#8
Justin
Posted 19 August 2005 - 02:06 PM

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Please follow the instructions provided, you may want to print out these instructions and use them as a reference.

Please download ewido security suite it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido security suite.
  • 0

#9
Tomsk
Posted 23 August 2005 - 08:00 AM

Tomsk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here is the report from the scan -

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 15:00:48, 23/08/2005
+ Report-Checksum: 789D8DEC

+ Scan result:

C:\Documents and Settings\User\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\User\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\User\Cookies\[email protected][1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\User\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\User\Cookies\[email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@bluestreak[2].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\User\Cookies\[email protected][2].txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\User\Cookies\[email protected][2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\User\Cookies\[email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@paycounter[1].txt -> Spyware.Cookie.Paycounter : Cleaned with backup
C:\Documents and Settings\User\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\User\Cookies\[email protected][2].txt -> Spyware.Cookie.Onestat : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@xxxcounter[1].txt -> Spyware.Cookie.Xxxcounter : Cleaned with backup
D:\System Volume Information\_restore{AC792CC4-A916-4480-8E0F-DDE5128E0F2B}\RP88\A0025436.exe -> Dialer.Generic : Cleaned with backup
D:\System Volume Information\_restore{AC792CC4-A916-4480-8E0F-DDE5128E0F2B}\RP88\A0025438.exe -> Spyware.NewDotNet : Cleaned with backup
  • 0

#10
Justin
Posted 23 August 2005 - 01:51 PM

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
How is the computer running now?
  • 0

Advertisements

#11
Tomsk
Posted 24 August 2005 - 04:03 AM

Tomsk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Cheers for all the help dude - the main point is that it hasn't randomly restarted again (which was the big prob). It is still a lot slower starting up and powering down than it used to be (although that could well be down to other stuff), and I still get the 'nvcpl.dll missing' at startup after I tried to delete it. Any ideas of how to get rid of that at the startup ?
  • 0

#12
Justin
Posted 24 August 2005 - 09:30 AM

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello!

Can you paste me a copy of the exact error message?
  • 0

#13
Tomsk
Posted 24 August 2005 - 01:01 PM

Tomsk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
This is the error I get every time I boot up. I've read it may be something harmfull, but I'm not sure -

Attached Thumbnails

  • rundl_error.JPG

  • 0

#14
Justin
Posted 24 August 2005 - 08:37 PM

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Good news!

NvCpl.dll is part of a nvidia graphics card

Nvidia Control Panel Display Properties Extensions applet. When it is running this startup and background task displays the additional Nvidia-specific tabs when you go into “Display Properties” . Through these tabs you can configure the advanced features of your Nvidia or Nvidia-based graphics cards, something you cannot do through Windows’ standard display configuration tabs.


Are you using a nvidia card in your computer stuff?
  • 0

#15
Tomsk
Posted 25 August 2005 - 04:01 AM

Tomsk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Have updated the NVidida display driver, and everything works now as it did before !! One of those programs must have got rid of whatever was shutting my comp down. Cheers for all the help dude. Much appreciated.

:tazz: :)

Edited by Tomsk, 25 August 2005 - 04:26 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP