NvCplDaemon - deeply embedded HELP!

Hi,

My system is deeply compromised with something. There is some sort of autorun going that changes registry settings as soon as I make a change. There are programs installed (valid windows programs) that I did not put there, there are programs allowed internet access that I did not authorize. I think these valid Windows programs are the reason the spybots don't find anything.

Before I learned of you folks here (thanks to one of your users), I installed some programs on my own to try and isolate the problem. One of these, "Security Task Manager" at least blocked the application, as on start-up the following warning appears:

"Program "NvCplDaemon" want to start automatically when Windows starts. Do you want to allow this?

Program: NcCpl Daemon
File: RUNDLL32.EXE C:\windows\System32\NvCpl.dll, NvStartup
Registry Key: Software\Windows\Current Version\Run"

Searches show alias' as BackdoorASB and Dloader-YI.

a-squared picked it up until I had the option of denying startup through Security Task Manager.

Further, the registry changes are located in Temporary Internet Files, content IE5. I delete these often and they are quickly reinstated through automatic Registry entries. There are DAT files I cannot delete.

I have gone through your entire list of cleaning Malware, per your instructions. Other than a few cookies, nothing was detected. BitDefender came up emptyhanded, Panda Active found a couple of cookies.

I have since denied internet access to unknown programs and I really don't know if this is significant, but the Application Layer Gateway Service was always connected and showed it as "listening". I have denied access to this program with no ill effect at this point. I also disabled prefetch in the Registry with no effect.

Logs attached. I included the Panda log since it was the only application that showed anything at all.

Your advice is most appreciated. Thanks.

 

Wanted to add that my OS is Windows XP. I do not utilize remote access of any kind.

Thanks.

 

Ok, I've finally found that NvCplDameon is part of a valid operating system. Jeesh.

I'm still stuck though. Something/someone is accessing my system. Any help is most appreciated.

 

gosh, I'm ashamed to bring this thread back up, but I wanted to thank chaslang for an opinion, and I'm glad you didn't see any problems.

Anyhoo, the reason I thought there was something is the strange happenings since I saw a Trojan alert in Mcafee a couple of months ago. Files just pop up on my desktop between start-ups that hadn't been there before (files I hadn't even used in a while, like "images". I'll just be whizzing along on the internet and a window will open announcing new hardware found (just recently a driver program). These things did not happen prior to the Trojan notice. (It was Dloader something). And then there are numerous notices of registry changes (now I'm thinking that's just normal process? That's something I've never monitored before.) I still have a bit of suspicion, perhaps I was hijacked in the past and not now? I dunno.

But thanks much for taking a look at my HJT report.