i got another question...again....

No explicit questions like "how do I hack xxx.com" please!
User avatar
RNA
suck-o-fied!
suck-o-fied!
Posts: 95
Joined: 23 Nov 2006, 17:00
17
Location: A bit to the right of null
Contact:

Post by RNA »

Let me googlify any suspicious looking ones

havent seen
C:\WINDOWS\IA\command.exe before, and
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
Dunno what DeluxeCommunications is.

User avatar
JuggaloMushroom
Fame ! Where are the chicks?!
Fame ! Where are the chicks?!
Posts: 252
Joined: 18 Jul 2006, 16:00
17
Contact:

Post by JuggaloMushroom »

is that the only one?

User avatar
RNA
suck-o-fied!
suck-o-fied!
Posts: 95
Joined: 23 Nov 2006, 17:00
17
Location: A bit to the right of null
Contact:

Post by RNA »

When I quickly browsed through, try going into safe mode, archive them then delete them.

If you have an issue go get the backup in safemode and put it back, it not oh well :P

User avatar
JuggaloMushroom
Fame ! Where are the chicks?!
Fame ! Where are the chicks?!
Posts: 252
Joined: 18 Jul 2006, 16:00
17
Contact:

Post by JuggaloMushroom »

gosh i am screwed lol

User avatar
RNA
suck-o-fied!
suck-o-fied!
Posts: 95
Joined: 23 Nov 2006, 17:00
17
Location: A bit to the right of null
Contact:

Post by RNA »

Not really, though if I were you Id just back up important things and reformat

User avatar
LaBlueGirl
Suckopithicus chickasaurus
Suckopithicus chickasaurus
Posts: 513
Joined: 22 Mar 2006, 17:00
18
Location: Brussel
Contact:

Post by LaBlueGirl »

RNA wrote:Let me googlify any suspicious looking ones

havent seen
C:\WINDOWS\IA\command.exe before, and
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
Dunno what DeluxeCommunications is.
DXCBHO.DLL - Adware.DeluxeCommunications.BHODeluxeCommunications (a SurfSideKick variant) URL search hook/browser helper object.

:)
"Hey, Crash!
Ever tried walking with no legs?

It's real slow!"
~Crunch, Crash Bandicoot TTR

User avatar
LaBlueGirl
Suckopithicus chickasaurus
Suckopithicus chickasaurus
Posts: 513
Joined: 22 Mar 2006, 17:00
18
Location: Brussel
Contact:

Post by LaBlueGirl »

JuggaloMushroom wrote:here:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\IA\command.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\cfg32.exe
C:\Program Files\Common Files\{AC25F15A-07CF-1033-0309-050804030001}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\wmplayer.exe
C:\WINDOWS\cfg32a.exe
C:\Program Files\limewire\limewire.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\DllHost.exe
C:\Documents and Settings\Compaq_Owner\My Documents\HijackThis.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.suck-o.com/
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\gdutj.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,qycxtqm.exe
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: svchost.exe
O4 - Global Startup: wmplayer.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.whitehatsecurity.ps
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://slipknot1972.spaces.msn.com//Pho ... nPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\jt4607hse.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
CFG32S.DLL Spyware RemoveCFG32S.DLL has been determined by the Prevx database as Bad. Therefore this file is unsafe to run and should be removed using Prevx1. ...

rpcapd.ini (file missing)
Could be something you messed with for awhile then deleted.
If so, then delete it.
If it still shows up in your scan, lemme know.

Ok.
I'm guessing you have a crapload of ads and mal-ware on your computer.

I highly suggest dl'ing and running (regularly) Ad-aware AND Spy-bot Search and Destroy.
They will give a conflict of inteest warning, but don't worry about it.
One is good for removing running programs, the other more thorough.

Also, I'd check out McAfee's FreeScan, just to be on the safe side.
http://pcpitstop.com/freescan/default.asp

LBG
"Hey, Crash!
Ever tried walking with no legs?

It's real slow!"
~Crunch, Crash Bandicoot TTR

User avatar
JuggaloMushroom
Fame ! Where are the chicks?!
Fame ! Where are the chicks?!
Posts: 252
Joined: 18 Jul 2006, 16:00
17
Contact:

Post by JuggaloMushroom »

still acting up i regularly do S&D and i still do to this day and the problem consist, I belive that i have a trojan from a file i downloaded a long time ago and i deleted every file i had at the moment and whent got the system recovery and i still have that problem(please help me it feels like i am about to die :cry: )

User avatar
LaBlueGirl
Suckopithicus chickasaurus
Suckopithicus chickasaurus
Posts: 513
Joined: 22 Mar 2006, 17:00
18
Location: Brussel
Contact:

Post by LaBlueGirl »

JuggaloMushroom wrote:still acting up i regularly do S&D and i still do to this day and the problem consist, I belive that i have a trojan from a file i downloaded a long time ago and i deleted every file i had at the moment and whent got the system recovery and i still have that problem(please help me it feels like i am about to die :cry: )
Erm, run FreeScan, find out your trojan, find out what it affects (for example, .exe). If it does, then anything you dl will be infected lol.
If not, Google and see what free or trial AV will get rid of it.

You can delete files till Kingdom Come:) (Although I don't recommend it).

I'm no expert on System Recovery, but if it didn't work, you either clean your PC with AV software or reformat.

You'll know if your PC is FUBAR'd if you manage to disinfect your 'puter and it is still fux0red.

LBG
"Hey, Crash!
Ever tried walking with no legs?

It's real slow!"
~Crunch, Crash Bandicoot TTR

Post Reply