Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Excessive NVLSP.dll processes running and WEIRD message from webpages, "I am alive!"


  • This topic is locked This topic is locked
2 replies to this topic

#1 somerandomguy

somerandomguy

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 25 October 2009 - 07:18 AM

Hi, I'm new to this forum, and I appreciate any help anyone might have. I had a virus of some sort, and when I went to webpages like Google, the page would only display "I am alive!" Nothing else, just te message. It only did it sometimes, and when I used our laptop, the page would display fine, so I knew the problem was on my end. Anyone else see this?

I ran Kaspersky scan, and I had a trojan on my computer, Kaspersky identified it as "Trojan-Downloader.JS.Gumblar.a" and it was located in my Call Of Duty punkbuster folder for htm. It's deleted, but MalwareBytes also found "Torjan.BHO" about the same time. Both programs say I'm clean, now, but when I run the HijackThis log, it shows a ton of NVLSP.dll processes running that weren't running a few days ago. Any help?

Here's my Hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:08:19 AM, on 10/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
F:WINDOWSSystem32smss.exe
F:WINDOWSsystem32winlogon.exe
F:WINDOWSsystem32services.exe
F:WINDOWSsystem32lsass.exe
F:WINDOWSsystem32nvsvc32.exe
F:WINDOWSsystem32svchost.exe
F:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe
F:WINDOWSsystem32svchost.exe
F:WINDOWSsystem32spoolsv.exe
F:WINDOWSExplorer.EXE
F:Program FilesKaspersky LabKaspersky Anti-Virus 2009avp.exe
F:WINDOWSsystem32RUNDLL32.EXE
F:WINDOWSRTHDCPL.EXE
F:WINDOWSsystem32ctfmon.exe
F:Program FilesKaspersky LabKaspersky Anti-Virus 2009avp.exe
F:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcAppFlt.exe
F:WINDOWSsystem32PnkBstrA.exe
F:WINDOWSsystem32tcpsvcs.exe
F:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcIp.exe
F:WINDOWSsystem32PnkBstrB.exe
F:Program FilesCOMODOCOMODO Internet Securitycfp.exe
F:Program FilesTrend MicroHijackThisHijackThis.exe
F:Program FilesOperaopera.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - F:Program FilesKaspersky LabKaspersky Anti-Virus 2009ievkbd.dll
O4 - HKLM..Run: [AVP] "F:Program FilesKaspersky LabKaspersky Anti-Virus 2009avp.exe"
O4 - HKLM..Run: [MSPY2002] F:WINDOWSsystem32IMEPINTLGNTImScInst.exe /SYNC
O4 - HKLM..Run: [nwiz] F:Program FilesNVIDIA CorporationnViewnwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE F:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE F:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "F:Program FilesAdobeReader 9.0ReaderReader_sl.exe"
O4 - HKLM..Run: [COMODO Internet Security] "F:Program FilesCOMODOCOMODO Internet Securitycfp.exe" -h
O4 - HKLM..Run: [Malwarebytes Anti-Malware (reboot)] "F:Program FilesMalwarebytes' Anti-Malwarembam.exe" /runcleanupscript
O4 - HKLM..Run: [DWQueuedReporting] "F:PROGRA~1COMMON~1MICROS~1DWdwtrig20.exe" -t
O4 - HKCU..Run: [ctfmon.exe] F:WINDOWSsystem32ctfmon.exe
O10 - Unknown file in Winsock LSP: f:program filesnvidia corporationnetworkaccessmanagerbin32nvlsp.dll
O10 - Unknown file in Winsock LSP: f:program filesnvidia corporationnetworkaccessmanagerbin32nvlsp.dll
O10 - Unknown file in Winsock LSP: f:program filesnvidia corporationnetworkaccessmanagerbin32nvlsp.dll
O10 - Unknown file in Winsock LSP: f:program filesnvidia corporationnetworkaccessmanagerbin32nvlsp.dll
O10 - Unknown file in Winsock LSP: f:program filesnvidia corporationnetworkaccessmanagerbin32nvlsp.dll
O10 - Unknown file in Winsock LSP: f:program filesnvidia corporationnetworkaccessmanagerbin32nvlsp.dll
O10 - Unknown file in Winsock LSP: f:program filesnvidia corporationnetworkaccessmanagerbin32nvlsp.dll
O10 - Unknown file in Winsock LSP: f:program filesnvidia corporationnetworkaccessmanagerbin32nvlsp.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1255396351921
O20 - AppInit_DLLs: F:PROGRA~1KASPER~1KASPER~1mzvkbd.dll F:WINDOWSsystem32guard32.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - F:Program FilesKaspersky LabKaspersky Anti-Virus 2009avp.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - F:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - F:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcAppFlt.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - F:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - F:WINDOWSsystem32nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - F:WINDOWSsystem32PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - F:WINDOWSsystem32PnkBstrB.exe

Actually, just tried to go to Google, and the webpage came up with "I am alive!" and nothing more. I clearly still have the problem, but Kaspersky 2009, Spybot, and Malwarebytes all say I am clean. Any ideas?

Merged posts. ~ OB

Edited by Orange Blossom, 25 October 2009 - 10:03 AM.


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:25 PM

Posted 01 November 2009 - 03:10 PM

Hello,

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:25 PM

Posted 05 November 2009 - 07:47 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users