Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Few Problems


  • Please log in to reply
6 replies to this topic

#1 Daneziperski

Daneziperski

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 16 February 2008 - 02:33 AM

Hello again,
Recently on startup when I log into windows, my screen flashes like a fuzzy tv channel. Sometimes my monitor will blink, and I won't have a mouse. Other times, it will be fuzzy for a moment, then the monitor will say no signal and turn off. The only way to fix it is restarting where sometimes it will be fuzzy; however, after a few blinks or "lag outs" on my monitor windows will load normally. I switched and tryed starting up with my brothers monitor and the same thing happened, so it not the monitor. Here is my HJTL. Thanks.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:23:56 AM, on 2/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System\Ma72Pan.Exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Documents and Settings\Dane\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Ma72Pan] Ma72Pan.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185499632281
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F480174-D9CA-4B13-ACE1-FF0C77848410}: NameServer = 64.33.128.10,209.143.0.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{2F480174-D9CA-4B13-ACE1-FF0C77848410}: NameServer = 64.33.128.10,209.143.0.10
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5082 bytes

BC AdBot (Login to Remove)

 


m

#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 16 February 2008 - 02:43 PM

Hi Daneziperski and Welcome to the Bleeping Computer! :thumbsup:

Please go to Upload Malware and upload the file indicated below.

C:\WINDOWS\System\Ma72Pan.Exe<-- In the System folder,NOT the System32 folder.


Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

#3 Daneziperski

Daneziperski
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 16 February 2008 - 04:45 PM

That M file is a file for my sound card, I'm wondering why your asking me to get rid of it? Thanks.
Any idea on what the fuzzy t/v channel like problem is after I log into Windows is? Today it happened, like this -- Logged in.. few seconds later -- went fuzzy for like 5 seconds --- I didn't have a mouse and my applications were not loading (messenger ect) I couldn't ctrl alt delete either. Then the screen blinked (went black) and it said no signal. So I restarted -- on the 2nd try, it still went fuzzy (in allot of different colors like a t/v channel that doesn't work -- and this time it didn't blink, and after about 5-10 seconds of having no mouse and my applications at the bottom right not loading -- it kind of "jump started" -- I got my mouse back and everything works fine. This has happened for the last week after every time I log into windows.

I ran combo fix, here's the log --
ComboFix 08-02-17.2 - Dane 2008-02-16 15:34:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1558 [GMT -6:00]
Running from: C:\Documents and Settings\Dane\Desktop\ComboFix(2).exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://au.download.windowsupdate
.
((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))
.

2008-02-16 15:33 . 2008-02-17 15:38 <DIR> d-------- C:\QooBox
2008-02-16 15:33 . 2000-08-31 08:00 212,480 --a------ C:\WINDOWS\system32\swxcacls.exe
2008-02-16 15:33 . 2000-08-31 08:00 161,792 --a------ C:\WINDOWS\system32\swreg.exe
2008-02-16 15:33 . 2000-08-31 08:00 136,704 --a------ C:\WINDOWS\system32\swsc.exe
2008-02-16 15:33 . 2000-08-31 08:00 98,816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-16 15:33 . 2000-08-31 08:00 80,412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-16 15:33 . 2000-08-31 08:00 73,728 --a------ C:\WINDOWS\system32\fdsv.exe
2008-02-16 15:33 . 2000-08-31 08:00 68,096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-16 15:33 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-02-16 15:33 . 2000-08-31 08:00 49,152 --a------ C:\WINDOWS\system32\VFind.exe
2008-02-16 15:32 . 2004-08-04 01:56 388,608 --a------ C:\WINDOWS\system32\kmd.exe
2008-02-11 21:17 . 2008-02-15 21:46 <DIR> d-------- C:\Fraps
2008-02-11 21:17 . 2008-02-15 22:54 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-11 20:54 . 2008-02-11 21:04 <DIR> d-------- C:\Documents and Settings\Dane\Application Data\DNA
2008-02-10 19:22 . 2008-02-10 19:29 139,264 --a------ C:\WINDOWS\War3Unin.exe
2008-02-10 19:22 . 2008-02-10 21:06 76,008 --a------ C:\WINDOWS\War3Unin.dat
2008-02-10 19:22 . 2008-02-10 19:29 2,829 --a------ C:\WINDOWS\War3Unin.pif
2008-02-10 19:10 . 2,145,898,496 C:\hiberfil.sys
2008-02-10 19:08 . 2008-02-10 19:08 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-02-09 21:49 . 2008-02-09 22:18 126,785 --a------ C:\WINDOWS\system32\nvapps.xml

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-16 21:28 --------- d-----w C:\Program Files\Mozilla Firefox
2008-02-16 21:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-16 20:42 3,218,079,744 --sha-w C:\pagefile.sys
2008-02-16 07:39 --------- d-----w C:\Program Files\Trillian
2008-02-16 06:51 --------- d-----w C:\Program Files\Warcraft III
2008-02-16 06:05 --------- d-----w C:\Documents and Settings\Dane\Application Data\Lavasoft
2008-02-13 05:28 --------- d-----w C:\Program Files\Internet Explorer
2008-02-13 02:31 --------- d-----w C:\Program Files\Yahoo!
2008-02-13 02:27 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-13 02:27 --------- d-----w C:\Program Files\Ahead
2008-02-13 02:12 --------- d-----w C:\Program Files\DivX
2008-02-12 03:30 --------- d-----w C:\Documents and Settings\Dane\Application Data\AVG7
2008-02-12 03:26 --------- d-----w C:\Documents and Settings\Dane\Application Data\BitTorrent
2008-02-12 03:25 --------- d-----w C:\Program Files\Grisoft
2008-02-10 04:24 --------- d-----w C:\Program Files\iTunes
2008-02-04 23:09 18,214,008 -c--a-w C:\WINDOWS\system32\MRT.exe
2008-01-28 04:11 --------- d-----w C:\Program Files\World of Warcraft
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-20 21:47 26,952 -c--a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
2007-12-20 21:47 10,760 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-08 05:21 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
2007-12-06 11:00 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
2007-12-06 11:00 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
2007-12-06 04:59 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
2007-12-05 08:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\oleaut32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 11:32 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ma72Pan"="Ma72Pan.Exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-20 15:47 579072]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 01:56 158208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-23 18:24 219136]

C:\Documents and Settings\Dane\Start Menu\Programs\Startup\
Trillian.lnk - C:\Program Files\Trillian\trillian.exe [2007-12-11 1873280]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 01:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-06-14 16:24 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 10:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a--c--- 2006-07-29 18:34 5354792 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MULTIMEDIA KEYBOARD]
--a------ 2003-09-30 06:09 425984 C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
--a------ 2007-07-03 11:32 81920 C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
C:\Program Files\Octoshape Streaming Services\Dane\OctoshapeClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-08-03 21:27 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
--a--c--- 2007-04-18 09:07 4697752 C:\Program Files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2005-01-12 02:01 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-03-29 10:36]
R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2001-12-20 09:02]
R2 nhksrv;Netropa NHK Server;C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 06:41]
R3 EsiDS3D;Service for Sensaura WDM 3D Audio Driver;C:\WINDOWS\system32\drivers\EsiDS3D.sys [2003-09-23 18:27]
R3 Ma72_01;Service for new Maya 7.1-1;C:\WINDOWS\system32\drivers\Ma72wdm.sys [2004-08-11 20:34]
R3 Ma72_AA;Service for new Maya 7.1 Audio Driver (EWDM);C:\WINDOWS\system32\drivers\Ma72.sys [2004-08-12 20:42]
R3 Ma72_AB;Service for new MIDITRAK;C:\WINDOWS\system32\drivers\mBridge.sys [2003-07-10 21:48]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 15:38:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************


Here is HJTL-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:44, on 2008-02-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System\Ma72Pan.Exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Dane\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Ma72Pan] Ma72Pan.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185499632281
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F480174-D9CA-4B13-ACE1-FF0C77848410}: NameServer = 64.33.128.10,209.143.0.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{2F480174-D9CA-4B13-ACE1-FF0C77848410}: NameServer = 64.33.128.10,209.143.0.10
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5223 bytes

#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 16 February 2008 - 07:39 PM

nVidia has been getting alot of bad feedback on several chipsets producing an array of errors and issues.

If I were you,Id check thier site and see if there are any updates or patches that apply to your chipset.

Im not even sure this has anything to do with your problem but Im sure its not malware related.

Try the XP forum and look at some of the other sections,you may find something specific to your setup.

#5 Daneziperski

Daneziperski
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 16 February 2008 - 08:04 PM

nVidia has been getting alot of bad feedback on several chipsets producing an array of errors and issues.

If I were you,Id check thier site and see if there are any updates or patches that apply to your chipset.

Im not even sure this has anything to do with your problem but Im sure its not malware related.

Try the XP forum and look at some of the other sections,you may find something specific to your setup.



so according to both logs, i'm malware free?

#6 Daneziperski

Daneziperski
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 17 February 2008 - 01:55 PM

O17 - HKLM\System\CCS\Services\Tcpip\..\{2F480174-D9CA-4B13-ACE1-FF0C77848410}: NameServer = 64.33.128.10,209.143.0.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{2F480174-D9CA-4B13-ACE1-FF0C77848410}: NameServer = 64.33.128.10,209.143.0.10

What is this btw?

(I also downloaded the newest version for my chipset, reseeded my video card, blew out all the dust -- and still no luck --- still get the same problem after logging into windows. Couldn't find anything in the XP forum either, the next step I guess is bring it to Best Buy. =/

Edited by Daneziperski, 17 February 2008 - 01:55 PM.


#7 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 18 February 2008 - 10:58 AM

Heh,interesting point..all the while I assumed this is something you set up with your DNS settings.

The IPs dont look alarming either.

64.33.128.10

Network Whois record

Queried whois.arin.net with "64.33.128.10"...

OrgName: Airstream Communications, LLC
OrgID: ACL-82
Address: 800 Wisconsin Street
Address: Building D02 Suite 301
City: Eau Claire
StateProv: WI
PostalCode: 54703
Country: US

NetRange: 64.33.128.0 - 64.33.207.255
CIDR: 64.33.128.0/18, 64.33.192.0/20
NetName: AS-BLK-1
NetHandle: NET-64-33-128-0-1
Parent: NET-64-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.AIRSTREAMCOMM.NET
NameServer: NS.NETWORK1.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2000-02-02
Updated: 2003-04-15

OrgAbuseHandle: ABUSE623-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-419-739-9240
OrgAbuseEmail: abuse@airstreamcomm.net

OrgNOCHandle: FNGNC-ARIN
OrgNOCName: First Network Group Network Center
OrgNOCPhone: +1-419-739-9240
OrgNOCEmail: net-admin@network1.net

OrgTechHandle: FNGNC-ARIN
OrgTechName: First Network Group Network Center
OrgTechPhone: +1-419-739-9240
OrgTechEmail: net-admin@network1.net



209.143.0.10

Network Whois record

Queried whois.arin.net with "!NET-209-143-0-0-2"...

CustName: Com Net, Inc
Address: P.O. Box 2038
City: Wapakoneta
StateProv: OH
PostalCode: 45895
Country: US
RegDate: 2007-03-07
Updated: 2007-03-07

NetRange: 209.143.0.0 - 209.143.0.255
CIDR: 209.143.0.0/24
NetName: BNET-MAIN-209-143-0-0-24
NetHandle: NET-209-143-0-0-2
Parent: NET-209-143-0-0-1
NetType: Reassigned
Comment:
RegDate: 2007-03-07
Updated: 2007-03-07

RAbuseHandle: NAD53-ARIN
RAbuseName: Network Abuse Department
RAbusePhone: +1-419-739-3165
RAbuseEmail: abuse@bright.net

RNOCHandle: NOC2367-ARIN
RNOCName: Network Operations Center
RNOCPhone: +1-419-739-3165
RNOCEmail: noc@bright.net

RTechHandle: NETWO1488-ARIN
RTechName: Network Administration
RTechPhone: +1-419-739-3165
RTechEmail: net-admin@bright.net

OrgTechHandle: NOC2367-ARIN
OrgTechName: Network Operations Center
OrgTechPhone: +1-419-739-3165
OrgTechEmail: noc@bright.net



So you will have to tell me if those look correct?


Download and run this tool please,it should tell us if anything fishy is up
http://www.gmer.net/gmer.zip

Unzip and run,wait for it to load up which takes a few minutes,you will see the scan working in the lower part of the window.

Click Scan and wait for a while,when its completed,click Save and save it somewhere safe,if its not huge,post the results,if its way too big try to attach it to the next post.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users