Next Generation Emulation banner

1 - 6 of 6 Posts

·
AKA snkmad
Joined
·
4,030 Posts
Discussion Starter #1
PLEASE DONT EXECUTE THIS FILE, I JUST PUT IT HERE FOR U GUYS TAKE A LOOK AT!!

Im getting this file from time to time on my c:, after i delete it appears randomly some time after.

Ive scanned my pc with Norton AV Corp 9, spybot search and destroy and hijackt this. Ad-ware 6 isnt updating anymore, weird uh?

Heres the log from Hijackt this, the number 17 is worring me:

Logfile of HijackThis v1.97.7
Scan saved at 10:59:16, on 07/11/04
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARQUIV~1\SYMANT~2\VPTray.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\rundll32.exe
C:\Arquivos de programas\RB\RBTRAY.EXE
C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe
C:\Arquivos de programas\VCool_18b10aa\VCool.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\BitSpirit\BitSpirit.exe
C:\Arquivos de programas\Skype\Phone\Skype.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\MYIE2\MyIE.exe
D:\Downloads\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [vptray] C:\ARQUIV~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: VCool.lnk = C:\Arquivos de programas\VCool_18b10aa\VCool.exe
O4 - Startup: RBTRAY.lnk = C:\Arquivos de programas\RB\RBTRAY.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Download Using &BitSpirit - C:\Arquivos de programas\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1EB05A4-55AC-4F63-8ED2-C8EC5C9E8AF4}: NameServer = 200.165.132.155 200.165.132.148
 

·
Registered
Joined
·
340 Posts
C:\Arquivos de programas\Skype\Phone\Skype.exe, C:\Arquivos de programas\VCool_18b10aa\VCool.exe, and C:\Arquivos de programas\RB\RBTRAY.EXE look spicious. i would suggest investigating those and running spybot and adaware if you havent already.
 

·
Extra Large Member
Joined
·
936 Posts
Vcool seems to be a legit prog, one that's used to detect CPU temperature.
http://vcool.occludo.net/

Skype could be legit, or it could be spam. It supposedly lets you make free phone calls.
http://www.skype.com/

RBtray appears legit, it's a prog to let you minimize anything to the sys tray.
http://www.moitah.net/


Tip: Anything you're suspicous of, do a google search for (include the extension if possible). That is what I do when trying to figure out what progs I can safely remove from the startup menu, or when I see a suspicious prog in the task manager. It works 99% of the time, only occaisionally does something not turn up.

Also, sites such as http://iamnotageek.com/ and http://computercops.biz/ can be quite usefull.


ied_s7m Seems to be for something called neo toolbar. Look at this page for how to remove it: http://computercops.biz/postt80048.html


Here's a couple other places to look for help with such things:
http://www.lavasoftsupport.com/index.php?showforum=44
http://help.lockergnome.com/index.php?showforum=48
 

·
AKA snkmad
Joined
·
4,030 Posts
Discussion Starter #4
Thanks a lot. All process are legit, the only thing bothering me is that IP thing on Number 17.
Neo bar, strange i dont even use IE anymore...Oh man, but my brother still use...Already told him to let go, but he insists on IE.
 
1 - 6 of 6 Posts
Top