Jump to content

Zonda haveing problems? Nahh.... [HJT Log INCLUDED]


zonda

Recommended Posts

Bleh. This is aggravating me like you wouldn't believe. The other day I get on my computer only to find that McAfee had found and cleaned a couple infected files. What it had found was "w32\Gael worm". I wasn't too concerned at that point, it didn't really cause much chaos at all... anyway, I scanned the whole computer, and turned up nothing. I started playing a few games only to see a pop up saying that McAfee found some more of this "gael worm" junk.

 

 

 

Anyway, I powered down, restarted in safe mode, scanned both HD's with McAfee, adaware, and the like. I uninstalled the exe files it had infected (Battlefield 2, which I don't play anyway) and pretty much cleaned out my HD as much as possible... did scandisk, disk cleanup, and defragmented... which would have no affect towards a virus or worm... but I thought it could use it.

 

 

 

I havn't gotten any messages that I am still infected over the last day but I am getting slow connections, I am dropping packets left and right. If I connect to a server, I can ping at 50 one second, and 500 the next... and this is the same server that I use to get a constant 20 on. I don't even get how I got infected in the first place, the only thing I did was download ventrilo from the ventrilo website, theres no way I got it that way, but when I woke up 8 hours later it said I had a worm.

 

 

 

I can't figure out why I am having connection problems. I am dropping packets left and right. I hate satelite internet, but beleive me it has nothing to do with that. I called the ISP, they said they arn't doing any maintainance. I checked my router and this is really starting to bug me.

 

 

 

Oh, and after that worm got in my system, I "repaired" windows with my windows CD... is it possible some of my services got reenabled and are causing me lag? I know I had a good ammount of them disabled, and I am using a wireless card... dunno if that means anything, but after repairing windows it looks like everything was reverted back to "automatic"

 

 

 

Arg... I wish blackviper wouldn't have taken down his site. All help is much appreciated. Oh, one last thing, if I repaired windows, is it possible my sound driver got messed up? Or is it just my imagination that things sound different? I really need help on this one, especially with the next season of CAL coming up, I can't be lagging during matchs!!!

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 4:31:36 PM, on 7/6/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)



Running processes:

C:\WINDOWS\System32\smss[Caution: Executable File]

C:\WINDOWS\system32\winlogon[Caution: Executable File]

C:\WINDOWS\system32\services[Caution: Executable File]

C:\WINDOWS\system32\lsass[Caution: Executable File]

C:\WINDOWS\system32\svchost[Caution: Executable File]

C:\WINDOWS\System32\svchost[Caution: Executable File]

C:\WINDOWS\system32\spoolsv[Caution: Executable File]

C:\WINDOWS\Explorer[Caution: Executable File]

C:\Program Files\McAfee.com\VSO\mcvsshld[Caution: Executable File]

c:\program files\mcafee.com\agent\mcagent[Caution: Executable File]

c:\program files\mcafee.com\agent\mcdetect[Caution: Executable File]

C:\PROGRA~1\mcafee.com\vso\mcvsescn[Caution: Executable File]

C:\Program Files\McAfee.com\VSO\oasclnt[Caution: Executable File]

c:\PROGRA~1\mcafee.com\vso\mcshield[Caution: Executable File]

C:\WINDOWS\SOUNDMAN[Caution: Executable File]

c:\PROGRA~1\mcafee.com\agent\mctskshd[Caution: Executable File]

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm[Caution: Executable File]

C:\WINDOWS\system32\nvsvc32[Caution: Executable File]

C:\WINDOWS\system32\svchost[Caution: Executable File]

C:\WINDOWS\System32\svchost[Caution: Executable File]

C:\WINDOWS\system32\taskmgr[Caution: Executable File]

D:\Program Files\Winamp\winamp[Caution: Executable File]

C:\Program Files\Ventrilo\Ventrilo[Caution: Executable File]

C:\Program Files\Steam\Steam[Caution: Executable File]

C:\WINDOWS\system32\ctfmon[Caution: Executable File]

C:\Documents and Settings\Duenkel\Desktop\HijackThis[Caution: Executable File]



R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32[Caution: Executable File] C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr[Caution: Executable File]" /checktask

O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld[Caution: Executable File]

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent[Caution: Executable File]

O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate[Caution: Executable File]

O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt[Caution: Executable File]

O4 - HKLM\..\Run: [soundMan] SOUNDMAN[Caution: Executable File]

O4 - HKLM\..\Run: [nwiz] nwiz[Caution: Executable File] /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32[Caution: Executable File] C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [ctfmon[Caution: Executable File]] C:\WINDOWS\system32\ctfmon[Caution: Executable File]

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxdm414CXUS

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL[Caution: Executable File]/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim[Caution: Executable File] (file missing)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker[Caution: Executable File] (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker[Caution: Executable File] (file missing)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File]

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File]

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WBSrv - D:\PROGRA~1\WINDOW~1\wbsrv.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc[Caution: Executable File]

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: Executable File]

O23 - Service: McAfee WSC Integration (McDetect[Caution: Executable File]) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect[Caution: Executable File]

O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield[Caution: Executable File]

O23 - Service: McAfee Task Scheduler (McTskshd[Caution: Executable File]) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd[Caution: Executable File]

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr[Caution: Executable File]) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr[Caution: Executable File]

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32[Caution: Executable File]

...

Link to comment
Share on other sites

what is this?

C:\Program Files\Ventrilo\Ventrilo.e3e (CAUTION - executable file)

 

 

 

 

Anyways, i had party poker at my gramparents house, and for some reason, along with it came quite a few other 'non-friendly' programs.

yourmysin.jpeg

Current Goals

80/80 Fletching

60/75 Woodcutting

97/100 Combat

Link to comment
Share on other sites

yea, ventrilo is just a VOip client.. as far as the exe's go, its is just windows stuff, Mcafee stuff, winamp (music program), soundman (my sound driver), steam (a game) and HJT

 

 

 

If anyone has any ideas let me know... seriously... I can't find any spyware or anything that would relate to my internet being slow, my ISP says theres no maintainance being done on any of the towers and my internet usually gives me awesome connections.

...

Link to comment
Share on other sites

I don't even get how I got infected in the first place, the only thing I did was download ventrilo from the ventrilo website, theres no way I got it that way, but when I woke up 8 hours later it said I had a worm.

 

 

 

W32.Licum (W32/Gael.worm.a [McAfee]) is a file-infecting worm that may spread by exploiting the Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS03-026).

 

 

 

In other words, it wasn't anything you downloaded. You just happened to have a vulnerable machine. Which I can't see why, as it was patched back in 2003~.

 

 

 

I can't figure out why I am having connection problems. I am dropping packets left and right. I hate satelite internet, but beleive me it has nothing to do with that. I called the ISP, they said they arn't doing any maintainance. I checked my router and this is really starting to bug me.

 

 

 

You said you had "repaired" XP, this would cause you to have to obtain all the windows updates again, it might be downloading.

 

 

 

Oh, and after that worm got in my system, I "repaired" windows with my windows CD... is it possible some of my services got reenabled and are causing me lag? I know I had a good ammount of them disabled, and I am using a wireless card... dunno if that means anything, but after repairing windows it looks like everything was reverted back to "automatic"

 

 

 

Yeah, repairing an XP install puts it back to defaults. That's the whole point in the repair. :wink:

 

Have you tried it hardwired, just for a comparison. I know I can't use wireless to game, as it lags me out alot.

 

 

 

Arg... I wish blackviper wouldn't have taken down his site. All help is much appreciated. Oh, one last thing, if I repaired windows, is it possible my sound driver got messed up? Or is it just my imagination that things sound different? I really need help on this one, especially with the next season of CAL coming up, I can't be lagging during matchs!!!

 

 

 

If you need a disk to install the sound driver, it should have asked you when it was repairing the install, if XP has native support for your soundcard, then it should be working the way it was before.

 

Try downloading your latest soundcard drivers?

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 4:31:36 PM, on 7/6/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)



Running processes:

C:\WINDOWS\System32\smss.e3e (CAUTION - executable file)

C:\WINDOWS\system32\winlogon.e3e (CAUTION - executable file)

C:\WINDOWS\system32\services.e3e (CAUTION - executable file)

C:\WINDOWS\system32\lsass.e3e (CAUTION - executable file)

C:\WINDOWS\system32\svchost.e3e (CAUTION - executable file)

C:\WINDOWS\System32\svchost.e3e (CAUTION - executable file)

C:\WINDOWS\system32\spoolsv.e3e (CAUTION - executable file)

C:\WINDOWS\Explorer.e3e (CAUTION - executable file)

C:\Program Files\McAfee.com\VSO\mcvsshld.e3e (CAUTION - executable file)

c:\program files\mcafee.com\agent\mcagent.e3e (CAUTION - executable file)

c:\program files\mcafee.com\agent\mcdetect.e3e (CAUTION - executable file)

C:\PROGRA~1\mcafee.com\vso\mcvsescn.e3e (CAUTION - executable file)

C:\Program Files\McAfee.com\VSO\oasclnt.e3e (CAUTION - executable file)

c:\PROGRA~1\mcafee.com\vso\mcshield.e3e (CAUTION - executable file)

C:\WINDOWS\SOUNDMAN.e3e (CAUTION - executable file)

c:\PROGRA~1\mcafee.com\agent\mctskshd.e3e (CAUTION - executable file)

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.e3e (CAUTION - executable file)

C:\WINDOWS\system32\nvsvc32.e3e (CAUTION - executable file)

C:\WINDOWS\system32\svchost.e3e (CAUTION - executable file)

C:\WINDOWS\System32\svchost.e3e (CAUTION - executable file)

C:\WINDOWS\system32\taskmgr.e3e (CAUTION - executable file)

D:\Program Files\Winamp\winamp.e3e (CAUTION - executable file)

C:\Program Files\Ventrilo\Ventrilo.e3e (CAUTION - executable file)

C:\Program Files\Steam\Steam.e3e (CAUTION - executable file)

C:\WINDOWS\system32\ctfmon.e3e (CAUTION - executable file)

C:\Documents and Settings\Duenkel\Desktop\HijackThis.e3e (CAUTION - executable file)



R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.e3e (CAUTION - executable file) C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.e3e (CAUTION - executable file)" /checktask

O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.e3e (CAUTION - executable file)

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.e3e (CAUTION - executable file)

O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.e3e (CAUTION - executable file)

O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.e3e (CAUTION - executable file)

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.e3e (CAUTION - executable file)

O4 - HKLM\..\Run: [nwiz] nwiz.e3e (CAUTION - executable file) /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.e3e (CAUTION - executable file) C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [ctfmon.e3e (CAUTION - executable file)] C:\WINDOWS\system32\ctfmon.e3e (CAUTION - executable file)

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxdm414CXUS

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.e3e (CAUTION - executable file)/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.e3e (CAUTION - executable file) (file missing)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.e3e (CAUTION - executable file) (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.e3e (CAUTION - executable file) (file missing)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.e3e (CAUTION - executable file)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.e3e (CAUTION - executable file)

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WBSrv - D:\PROGRA~1\WINDOW~1\wbsrv.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.e3e (CAUTION - executable file)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.e3e (CAUTION - executable file)

O23 - Service: McAfee WSC Integration (McDetect.e3e (CAUTION - executable file)) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.e3e (CAUTION - executable file)

O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.e3e (CAUTION - executable file)

O23 - Service: McAfee Task Scheduler (McTskshd.e3e (CAUTION - executable file)) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.e3e (CAUTION - executable file)

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.e3e (CAUTION - executable file)) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.e3e (CAUTION - executable file)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.e3e (CAUTION - executable file)

 

 

 

Remove these two entries:

 

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm414CXUS

 

 

 

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu ... 0.0.15.cab

dwmafianw7.jpg

Notoriously Trollish.

Link to comment
Share on other sites

Yea I got rid of those and a few others, but I am more concerned about the internet laggyness problems then that.

 

 

 

Unfortunetly this is a family computer and my dads into that poker junk...

 

 

 

Anyway, I am still pointing my nose in the direction of the windows services being set to automatic again... I found someone who managed to copy blackviper's site before he took it down... I dunno, I am going to guess that it has something to do with QOS Packeting, so I will try messing around with that later today and get back to you guys on how it went.

...

Link to comment
Share on other sites

AHAHAHA!!! Omg, I am so psyched... After playing around with the services, everything is back to normal and my internet is like whoa boom! Lol, I am so incredibly glad... wow. I don't know which service it was, but one of the like 30 I turned off was making my internet slower, not by much, but when you play competitivly a few MS makes a huge difference.

 

 

 

Okay well thanks for help guys. Maybe I will start hanging out at T&C again if I have time :P

 

 

 

Peace out guys.

...

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.