 |
| Register | Login | |||||
 |
Main
| Memberlist
| Active users
| ACS
| Commons
| Calendar
| Online users Ranks | FAQ | Color Chart | Photo album | IRC Chat |
|
| | ||
|
| Register | Login | |||||
|
Main
| Memberlist
| Active users
| ACS
| Commons
| Calendar
| Online users Ranks | FAQ | Color Chart | Photo album | IRC Chat |
|
| | ||
| 0 user currently in Hardware/Software. |
| Acmlm's Board - I2 Archive - Hardware/Software - auroeco.exe - popups and crap |
 |  |  |
| Add to favorites | "RSS" Feed | Next newer thread | Next older thread |
| User | Post | ||
Xeolord - B l u e s - Power Metal > All Level: 81  Posts: 3003/3418 EXP: 4884196 For next: 108653 Since: 03-15-04 From: Yeah Since last post: 15 hours Last activity: 15 hours |
| ||
| What is this crap? I mean hell, this auroeco.exe crap pops up about every 10 minutes I'm on the net. It's basically ie popup windows that have no top toolbar of any kind, so all I can really do is close them. It's really gotten old. I've done Spybot, Adaware, Hi-Jack This!, and Driver scans of all kinds, and I still can't seem to get this crap off my computer. ie has gotten annoying also. I never go into it, and never start it up, but eventually it'll be running without any notice, and sometimes it makes things freeze (maybe a folder, Script popups of some kind, Firefox, etc), so I have to go into the Task Manager and End It, quite often. I also have this issue with "Popuppers". Whenever my computer starts up, and I go into a user, pop64 will automatically start running, along with other completely uselsess junk. Thing is, I still haven't scanned in Safe Mode ... just remember, I do have an issue with getting into Safe Mode, but I'm positve Xk answered my question about that, and I can probably easily do that if I want. Think Scanning in Safe Mode will get rid of this stuff? Edit: there's also a lot of other random things, like bejjjdlz.exe, whenever I end things like this, other suspicious things take it's place. (edited by Xeolord on 08-03-05 11:05 PM) |
|||
Kitten Yiffer Purple wand Furry moderator Vivent l'exp����¯�¿�½������©rience de signalisation d'amusement, ou bien ! Level: 135 Posts: 10672/11162 EXP: 28824106 For next: 510899 Since: 03-15-04 From: Sweden Since last post: 3 hours Last activity: 4 min. |
| ||
| I had viruses that didn't go away until I did a scan in safe mode, and safe mode with command line is the best choiche if you want to be really really safe. That's it, if you can use the command line in Win XP. :/ And from personal experience, I had viruses that didn't go away until I did get into safe mode. Thought I honestly hadn't much computer problems since I started to use Firefox here. :/ And oh, Hi-Jack This! logs might be useful for us to look through at least... And don't be scared if Safe mode takes quite some time to start and have a odd start-up, that's normal.  If Safe mode is even more fucked up, then only a reinstall can save your computer. :/ |
|||
|
Colleen Administrator Level: 136 Posts: 9668/11302 EXP: 29369328 For next: 727587 Since: 03-15-04 From: LaSalle, Quebec, Canada Since last post: 3 hours Last activity: 1 hour |
| ||
| Some spyware files end up using random names/etc. in an attempt to sneak by any scanners/make them harder to identify, I suppose. I'd do a Hijack log since odds are your problem can be identified through that. Helped me out bigtime with a similar problem a few months ago. |
|||
|
Xeolord - B l u e s - Power Metal > All Level: 81 Posts: 3006/3418 EXP: 4884196 For next: 108653 Since: 03-15-04 From: Yeah Since last post: 15 hours Last activity: 15 hours |
| ||
So, it would be safe to post a full log here? ...  Just being cautious. And yeah, I'm using Win XP, Office Edition (no clue how my dad got Office instead of Home). Any kind of reinstall is out of the question though, my dad won't even allow me to reformat this computer, so yeah (he just won't allow that kind of stuff). |
|||
|
Colleen Administrator Level: 136 Posts: 9672/11302 EXP: 29369328 For next: 727587 Since: 03-15-04 From: LaSalle, Quebec, Canada Since last post: 3 hours Last activity: 1 hour |
| ||
| The whole log from the software? Sure. It shouldn't be THAT large. |
|||
|
Xeolord - B l u e s - Power Metal > All Level: 81 Posts: 3007/3418 EXP: 4884196 For next: 108653 Since: 03-15-04 From: Yeah Since last post: 15 hours Last activity: 15 hours |
| ||
| Here it is: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id= R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id= R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id= R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank R3 - Default URLSearchHook is missing F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe O2 - BHO: (no name) - {136FDA8D-FB30-9427-A07A-C52057B1E763} - (no file) O2 - BHO: (no name) - {17C7B2F5-EB9A-B726-0D65-0133797FC583} - (no file) O2 - BHO: (no name) - {3BFF6319-30E8-89C3-94E4-1EE045666A74} - C:\WINDOWS\system32\fqszitsr.dll O2 - BHO: (no name) - {D9146009-9CE2-5601-3858-9EABB4E96F6F} - (no file) O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe O4 - HKLM\..\Run: [QAGENT] C:\QUICKENW\QAGENT.EXE O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Documents and Settings\Steven\Desktop\SnesJukebox\Jukebox 2\\DeadAIM.ocm",ExportedCheckODLs O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [5BGB87A2Y5ZCER] C:\WINDOWS\System32\Nzc2.exe O4 - HKLM\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe O4 - HKLM\..\Run: [jiclzmrq] C:\WINDOWS\zziukxge.exe O4 - HKLM\..\Run: [YPC] C:\Program Files\Yahoo!\Parental Controls\YPC.EXE O4 - HKLM\..\Run: [oemncib] C:\WINDOWS\wfpvtkntg.exe O4 - HKLM\..\Run: [soxolvfe] C:\WINDOWS\system32\soxolvfe.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [doyehvln] C:\WINDOWS\system32\doyehvln.exe O4 - HKLM\..\Run: [ewajtcd] c:\windows\system32\ewajtcd.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB002" /M "Stylus CX4600" O4 - HKLM\..\Run: [yuclvmhi] C:\WINDOWS\system32\yuclvmhi.exe O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe O4 - HKLM\..\Run: [seeve] C:\WINDOWS\seeve.exe O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe" O4 - HKLM\..\Run: [0c13e9jl] C:\WINDOWS\system32\0c13e9jl.exe O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\system32\vidctrl\vidctrl.exe O4 - HKLM\..\Run: [bejjjdtz] C:\WINDOWS\system32\bejjjdtz.exe O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe O4 - HKLM\..\Run: [fcdndt] c:\windows\system32\ntsjrf.exe r O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe" -quiet O4 - HKCU\..\Run: [YFHYFMW] C:\WINDOWS\YFHYFMW.exe O4 - HKCU\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA\VIA Sound Player\mixer\AudioDeck_bmp.exe O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe O12 - Plugin for .m3u: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O15 - Trusted Zone: *.media-motor.net O15 - Trusted Zone: *.popuppers.com O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/diamond.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D4A3257E-2DA1-440A-9853-A2B9E6A3756F}: NameServer = 151.164.11.201 151.164.1.8 seeve.exe, is the same thing as the pop64 program that starts up at the beginning, but doesn't appear or anything. And a lot of other things on that list are just crap also ... I've deleted a lot of these things repeatedly in HiJack This, like those plugins, but yeah, they just seem to keep on coming back, or they're never really deleted. (edited by Xeolord on 08-03-05 11:49 PM) |
|||
|
Kitten Yiffer Purple wand Furry moderator Vivent l'exp����¯�¿�½������©rience de signalisation d'amusement, ou bien ! Level: 135 Posts: 10677/11162 EXP: 28824106 For next: 510899 Since: 03-15-04 From: Sweden Since last post: 3 hours Last activity: 4 min. |
| ||
| O2 - BHO: (no name) - {3BFF6319-30E8-89C3-94E4-1EE045666A74} - C:\WINDOWS\system32\fqszitsr.dll Gives no result on google... move it in safe mode or something.  F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe I would remove nail if I was you. From system.ini and the file itself. It seems to be some sort of spyware. O4 - HKLM\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe O4 - HKLM\..\Run: [jiclzmrq] C:\WINDOWS\zziukxge.exe Safe to say that both are spyware. O4 - HKLM\..\Run: [oemncib] C:\WINDOWS\wfpvtkntg.exe O4 - HKLM\..\Run: [soxolvfe] C:\WINDOWS\system32\soxolvfe.exe Thoose too. I can't go through all of them due to time constraints, but a simple hint is... use google. Google for the filenames and see what uses them. If you get no results, then it's one of thoose spyware programs who names themself a random name. And you should also delete them in safe mode, otherwise they are just running behind the scenes and recreate themself... (edited by Kitten Yiffer on 08-03-05 11:54 PM) |
|||
|
Colleen Administrator Level: 136 Posts: 9673/11302 EXP: 29369328 For next: 727587 Since: 03-15-04 From: LaSalle, Quebec, Canada Since last post: 3 hours Last activity: 1 hour |
| ||
| Oh boy... This is messy. Really messy. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id= R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id= R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id= R3 - Default URLSearchHook is missing (That IE site doesn't look like a "proper" search engine at all.) F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe (F0 programs are ALWAYS things you don't want. Always.) O2 - BHO: (no name) - {3BFF6319-30E8-89C3-94E4-1EE045666A74} - C:\WINDOWS\system32\fqszitsr.dll (You can probably delete the other O2's as well to be on the safe side but that seems like the only fishy one. Random DLL names aren't good.) O4 - HKLM\..\Run: [5BGB87A2Y5ZCER] C:\WINDOWS\System32\Nzc2.exe O4 - HKLM\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe O4 - HKLM\..\Run: [jiclzmrq] C:\WINDOWS\zziukxge.exe O4 - HKLM\..\Run: [oemncib] C:\WINDOWS\wfpvtkntg.exe O4 - HKLM\..\Run: [soxolvfe] C:\WINDOWS\system32\soxolvfe.exe O4 - HKLM\..\Run: [doyehvln] C:\WINDOWS\system32\doyehvln.exe O4 - HKLM\..\Run: [ewajtcd] c:\windows\system32\ewajtcd.exe O4 - HKLM\..\Run: [yuclvmhi] C:\WINDOWS\system32\yuclvmhi.exe O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe O4 - HKLM\..\Run: [seeve] C:\WINDOWS\seeve.exe O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\system32\vidctrl\vidctrl.exe O4 - HKLM\..\Run: [bejjjdtz] C:\WINDOWS\system32\bejjjdtz.exe O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe O4 - HKLM\..\Run: [fcdndt] c:\windows\system32\ntsjrf.exe r O4 - HKCU\..\Run: [YFHYFMW] C:\WINDOWS\YFHYFMW.exe O4 - HKCU\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe O15 - Trusted Zone: *.media-motor.net O15 - Trusted Zone: *.popuppers.com O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/diamond.cab Make sure you close any of those programs that are running before you delete them, or do the job in Safe Mode. Then do a restart and a rescan to see if anything new pops up or if everything's gone. |
|||
|
Xeolord - B l u e s - Power Metal > All Level: 81 Posts: 3008/3418 EXP: 4884196 For next: 108653 Since: 03-15-04 From: Yeah Since last post: 15 hours Last activity: 15 hours |
| ||
| Colleen: Yeah, I've attempted deleting all of those R# programs before, but those seem to be one of the things that keeps on coming back, so obviously something about them isn't getting deleted. I guess I'll just have to do a few scans in Safe Mode here soon, I'll post my results in a bit (I'll probably do this tommorow). It sucks having a 4-5 year old computer, and a parent who doesn't believe in reformatting. So yeah, all of this has just kind of built up over time ... ugh.  (edited by Xeolord on 08-04-05 12:12 AM) (edited by Xeolord on 08-04-05 12:13 AM) |
|||
neotransotaku Baby Mario 戻れたら、 誰も気が付く Level: 87 Posts: 3756/4016 EXP: 6220548 For next: 172226 Since: 03-15-04 From: Outside of Time/Space Since last post: 11 hours Last activity: 1 hour |
| ||
| try to following something similar that was suggested in this thread: http://board.acmlm.org/thread.php?id=16301 |
|||
|
HyperLamer <||bass> and this was the soloution i thought of that was guarinteed to piss off the greatest amount of people Sesshomaru Tamaranian Level: 118 Posts: 6278/8210 EXP: 18171887 For next: 211027 Since: 03-15-04 From: Canada, w00t! LOL FAD Since last post: 2 hours Last activity: 2 hours |
| ||
| Also, when you edit system.ini make sure you leave it as "Shell=Explorer.exe". Don't delete the entire entry, if you like having a GUI that is. |
|||
|
Xeolord - B l u e s - Power Metal > All Level: 81 Posts: 3019/3418 EXP: 4884196 For next: 108653 Since: 03-15-04 From: Yeah Since last post: 15 hours Last activity: 15 hours |
| ||
I think it's bad, when scans in safe mode didn't seem to do much.  So, my other alternatives? Guess I should refer to that thread neo posted. |
| Add to favorites | "RSS" Feed | Next newer thread | Next older thread |
| Acmlm's Board - I2 Archive - Hardware/Software - auroeco.exe - popups and crap |
| | |
