Visit the Ironworks Gaming Website Email the Webmaster Graphics Library Rules and Regulations Help Support Ironworks Forum with a Donation to Keep us Online - We rely totally on Donations from members Donation goal Meter

Ironworks Gaming Radio

Ironworks Gaming Forum

Go Back   Ironworks Gaming Forum > Ironworks Gaming Forums > General Discussion

Reply
 
Thread Tools Search this Thread
Old 05-26-2007, 08:07 AM   #1
Harkoliar
Jack Burton
 

Join Date: March 21, 2001
Location: Philippines, but now Harbor City Sydney
Age: 35
Posts: 5,556
everytime i open my computer my antivirus picks this bugger up.



I am totally at a lost on what to do. I have ran Spybot, Adaware, and SuperAntiSpyware programs. I also ran a full antivirus scan. None of these detected anything related to this antivirus. (cleaned out lots of cookies though [img]tongue.gif[/img] ).

Anyway, upon looking at the alert, it seems to be coming from a website that tries to download its virus every single time. But there must be a trigger that tries to actually let the website know to target my computer. I am compeltely stumped and googling it didnt help much except that this is a trojan virus.

Also, I did Hijackthis program and posting my log here to anyone who can understand. Could it be a false detection error?

log

Quote:
Logfile of HijackThis v1.99.1
Scan saved at 10:07:24 PM, on 5/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINNT\System32\smss.exe
F:\WINNT\system32\winlogon.exe
F:\WINNT\system32\services.exe
F:\WINNT\system32\lsass.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\System32\svchost.exe
F:\WINNT\system32\LEXBCES.EXE
F:\WINNT\system32\spoolsv.exe
F:\WINNT\system32\LEXPPS.EXE
F:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
F:\WINNT\system32\drivers\CDAC11BA.EXE
F:\WINNT\System32\DRIVERS\dcfssvc.exe
F:\WINNT\Explorer.EXE
F:\Program Files\Ahead\InCD\InCDsrv.exe
F:\Program Files\Eset\nod32krn.exe
F:\WINNT\system32\nvsvc32.exe
F:\WINNT\System32\svchost.exe
F:\Documents and Settings\Rody\Desktop\aiepk.exe
F:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
F:\WINNT\system32\rundll32.exe
F:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
F:\Program Files\WinFast\WFTVFM\WFWIZ.exe
F:\Program Files\Eset\nod32kui.exe
F:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
F:\WINNT\system32\LVCOMSX.EXE
F:\Program Files\Logitech\Video\LogiTray.exe
F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\Skype\Phone\Skype.exe
F:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe
F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Logitech\Video\FxSvr2.exe
F:\WINNT\system32\ZoneLabs\vsmon.exe
F:\Program Files\Belkin\Bluetooth Software\BTTray.exe
F:\Program Files\GetRight\getright.exe
F:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
F:\Program Files\MagicDisc\MagicDisc.exe
F:\Program Files\Metacafe\MetacafeAgent.exe
F:\Program Files\GetRight\getright.exe
F:\WINNT\System32\svchost.exe
F:\Program Files\Maxthon\Maxthon.exe
F:\Program Files\Windows Media Player\wmplayer.exe
F:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - F:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - F:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - F:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [aiepk] F:\Documents and Settings\Rody\Desktop\aiepk.exe
O4 - HKLM\..\Run: [Zone Labs Client] F:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Lexmark X1100 Series] "F:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [WinFast Schedule] F:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [nod32kui] "F:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] F:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] F:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] F:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "F:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "F:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: MagicDisc.lnk = F:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: MetaCafe.lnk = F:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: GetRight - Tray Icon.lnk = F:\Program Files\GetRight\getright.exe
O4 - Global Startup: Metacafe.lnk = F:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - F:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - F:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///F:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - F:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - F:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///F:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///F:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///F:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - F:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - F:\Documents and Settings\Rody\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.moove.com
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/f...trol_en_US.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1105766151272
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.station.sony.com/s...soesysinfo.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA7B2DA4-2F0D-4571-BF47-5F1984AB5BCE}: NameServer = 192.168.0.1
O18 - Protocol: asp - {8D32BA61-D15B-11D4-894B-000000000000} - F:\WINNT\system32\hsppp.dll
O18 - Protocol: ezpp - {810403FA-E82E-11D5-8AAB-0010A404A3DE} - F:\WINNT\system32\EZTOOL~1.DLL
O18 - Protocol: hsp - {8D32BA61-D15B-11D4-894B-000000000000} - F:\WINNT\system32\hsppp.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: x-asp - {8D32BA61-D15B-11D4-894B-000000000000} - F:\WINNT\system32\hsppp.dll
O18 - Protocol: x-hsp - {8D32BA61-D15B-11D4-894B-000000000000} - F:\WINNT\system32\hsppp.dll
O20 - AppInit_DLLs: F:\WINNT\system32\perfc000.dat
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - F:\WINNT\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINNT\system32\WPDShServiceObj.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - F:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - F:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - F:\WINNT\System32\DRIVERS\dcfssvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - F:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - F:\WINNT\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - F:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINNT\system32\nvsvc32.exe
O23 - Service: ptssvc - Unknown owner - F:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - F:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - F:\WINNT\system32\ZoneLabs\vsmon.exe
help?
__________________

Catch me if you can..
Harkoliar is offline   Reply With Quote
Old 05-26-2007, 09:46 AM   #2
robertthebard
Xanathar Thieves Guild
 

Join Date: March 17, 2001
Location: Wichita, KS USA
Age: 54
Posts: 4,524
Assuming you pushed the Terminate button, I would say that it was denied access to your computer. You can prevent it setting the cookie by either avoiding the website, or by raising your security level to verify whether or not you want sites to automatically set cookies. It will prompt you for an action every time a site tries to set a cookie, but, in the long run, it's far better than having something nasty slipped in under the radar.
__________________
To those we have lost; May your spirits fly free.
Good Music: Here.
Interesting read, one of my blogs.
robertthebard is offline   Reply With Quote
Old 05-26-2007, 10:04 AM   #3
Harkoliar
Jack Burton
 

Join Date: March 21, 2001
Location: Philippines, but now Harbor City Sydney
Age: 35
Posts: 5,556
the thing is.. i never go to that website at all. This threat pops up everytime i log on to my computer.
__________________

Catch me if you can..
Harkoliar is offline   Reply With Quote
Old 05-26-2007, 10:24 AM   #4
Sir Krustin
Symbol of Cyric
 

Join Date: September 15, 2002
Location: Peterborough, ON, CANADA
Age: 54
Posts: 1,394
find the file "\windows\system32\drivers\etc\hosts" on your boot drive and use notepad to add the following line:

127.0.0.1 rat1o.info

It won't remove what is trying to load this address, but it will short-circuit the request until you find out what's going on.

The most likely culprit is GetRight, imo.
__________________
If I say \"Eject!\" and you say \"Huh?\" - you\'ll be talking to yourself! - Maj. Bannister, <b>Steel Tiger</b>
Sir Krustin is offline   Reply With Quote
Old 05-26-2007, 05:02 PM   #5
Bungleau
40th Level Warrior
 

Join Date: October 29, 2001
Location: Western Wilds of Michigan
Posts: 11,752
Things that look suspicious to me...

Quote:
Originally posted by Harkoliar:


F:\WINNT\system32\drivers\CDAC11BA.EXE
F:\Program Files\Eset\nod32krn.exe
F:\Documents and Settings\Rody\Desktop\aiepk.exe
F:\WINNT\system32\rundll32.exe
F:\Program Files\WinFast\WFTVFM\WFWIZ.exe
F:\Program Files\Eset\nod32kui.exe
F:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe
F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
F:\Program Files\GetRight\getright.exe
F:\Program Files\MagicDisc\MagicDisc.exe
F:\Program Files\GetRight\getright.exe
F:\Program Files\Maxthon\Maxthon.exe

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - F:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - F:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - F:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [aiepk] F:\Documents and Settings\Rody\Desktop\aiepk.exe
O4 - HKLM\..\Run: [nod32kui] "F:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "F:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: GetRight - Tray Icon.lnk = F:\Program Files\GetRight\getright.exe
O8 - Extra context menu item: &Clean Traces - F:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - F:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - F:\Program Files\DAP\dapextie2.htm
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - F:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - F:\Documents and Settings\Rody\Start Menu\Programs\IMVU\Run IMVU.lnk
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/f...trol_en_US.cab
O18 - Protocol: ezpp - {810403FA-E82E-11D5-8AAB-0010A404A3DE} - F:\WINNT\system32\EZTOOL~1.DLL
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - F:\Program Files\Eset\nod32krn.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - F:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Ermmm... I didn't get through all of 'em. I did see Rody in there... take a look. Those are all ones that I don't recognize or feel suspicious... Google is your friend to take them out now [img]smile.gif[/img]

*edit* You know what's on your system... I don't. I'm suspicious of anything that calls itself "MegaUpload" or "SuperAntiSpyware"... but that's just me. If they're something you installed on purpose, then I suspect you're fine.

And to restate, as I did below, don't just arbitrarily delete things. Google for them and see if they're related to something you recognize and approve of.

*/edit*

[ 05-26-2007, 11:07 PM: Message edited by: Bungleau ]
__________________
*B*
Save Early, Save Often Save Before, Save After
Two-Star General, Spelling Soldiers
-+-+-+
Give 'em a hug one more time. It might be the last.
Bungleau is offline   Reply With Quote
Old 05-26-2007, 05:30 PM   #6
andrewas
Harper
 

Join Date: October 2, 2001
Location: Aberdeen, Scotland
Age: 36
Posts: 4,774
Just a warning .. dont go and take the above post as the definitive answer, google for a hijackthis FAQ and confirm everything before you delete anything. In particular, the nod32 entries should be part of your antivirus (although malware can get devious, so check them out as well), and various other entries are part of things you may or may not want to get rid of.
andrewas is offline   Reply With Quote
Old 05-26-2007, 06:40 PM   #7
Harkoliar
Jack Burton
 

Join Date: March 21, 2001
Location: Philippines, but now Harbor City Sydney
Age: 35
Posts: 5,556
thanks guys. Actually the Rody is me and my profile. I do have a niftly program that loads up thru my desktop (just being a one file.exe file) lolz.

On another note, I do use several of the programs you found suspicious although yet I do have a feeling that its hiding in one of those program names as well. Sigh. Ill give it a shot and see how it goes by googling them one by one :-S.

To Sir Krustin: why would you think it be getright? I do have getright running in my background constantly as my download tool...
__________________

Catch me if you can..
Harkoliar is offline   Reply With Quote
Old 05-26-2007, 11:03 PM   #8
Bungleau
40th Level Warrior
 

Join Date: October 29, 2001
Location: Western Wilds of Michigan
Posts: 11,752
Thanks for clarifying, Andrewas. I had to run, and didn't have time to finish taking a look, nor to clarify what I meant to say.

What I meant to say was that for anything that you don't recognize, google for it to see what it is. Various sources may come up; liutilities and castlecop are a couple that I see frequently, and tend to trust.

Don't -- DO NOT -- just arbitrarily remove anything from in the list. It's amazing what you could break... says the voice of experience.

I'll go back and finish up the list from my perspective. Again, these are things that I don't recognize, which may mean diddly squat on your machine. Be your own judge.
__________________
*B*
Save Early, Save Often Save Before, Save After
Two-Star General, Spelling Soldiers
-+-+-+
Give 'em a hug one more time. It might be the last.
Bungleau is offline   Reply With Quote
Old 05-27-2007, 03:08 AM   #9
Harkoliar
Jack Burton
 

Join Date: March 21, 2001
Location: Philippines, but now Harbor City Sydney
Age: 35
Posts: 5,556
thanks heaps guys [img]smile.gif[/img] for some reason its not popping up anymore today. I dont know why though. I havent done anything to critically change any components. Wierd. im going to wait for a few days before i do anything.. research first
__________________

Catch me if you can..
Harkoliar is offline   Reply With Quote
Old 05-27-2007, 03:50 AM   #10
ZFR
Legion Symbol
 

Join Date: February 14, 2002
Location: Ireland
Age: 33
Posts: 7,327
Quote:
Originally posted by Harkoliar:
thanks heaps guys [img]smile.gif[/img] for some reason its not popping up anymore today. I dont know why though. I havent done anything to critically change any components. Wierd. im going to wait for a few days before i do anything.. research first
My guess is your nod antivirus removed it initially but it would appear again a few times from system restore. Now it's removed from there as well...
__________________
ZFR
ZFR is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Sneak Attack Ravenbear NWN Mod: Escape from Undermountain 4 06-11-2006 09:12 AM
Sneak Attack?? Irie word of Jah Icewind Dale | Heart of Winter | Icewind Dale II Forum 5 08-12-2003 12:51 PM
level up/sneak T'zang T'zi Miscellaneous Games (RPG or not) 28 04-23-2003 01:11 PM
Sneak Attacks... White Lancer Icewind Dale | Heart of Winter | Icewind Dale II Forum 7 11-14-2002 11:06 PM
Sneak Attack kirdie Icewind Dale | Heart of Winter | Icewind Dale II Forum 6 09-15-2002 07:31 PM


All times are GMT -4. The time now is 08:14 AM.


Powered by vBulletin® Version 3.8.3
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
©2017 Ironworks Gaming TM & The Great Escape Studios - All Rights Reserved