|
Donations |
|
|
|
|
|
If you found this site helpful, please donate to help keep it online
Don't want to use PayPal? Try our physical address
|
|
|
Survey |
|
|
|
|
|
|
|
|
Translate |
|
|
|
|
|
|
|
|
|
|
View previous topic :: View next topic |
Author |
Message |
dmozur
Guest
|
Posted: Wed Apr 21, 2004 3:31 pm Post subject: 100% cpu usage |
|
|
I am running W2K. On startup I get error message reading "can't run scripts on this page" followed by multiple popups, even tho browser is not open and Popup Stopper Pro is running.
After several minutes either the browser freezes, ad-aware freezes if I am trying a scan. At that time task manager shows 100% cpu usage, with either winlogon or ad-aware showing 99% usage.
Have tried latest Spybot and Ad-Aware without any help. Below is my hyjack this file. Can anyone help??
Dave
Logfile of HijackThis v1.97.7
Scan saved at 2:33:29 PM, on 4/21/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\WINNT\System32\cisvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PopUpStopperProfessional.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\DOCUME~1\DmoZUR\LOCALS~1\Temp\EMESH.EXE
C:\DOCUME~1\DmoZUR\LOCALS~1\Temp\EMESH.EXE
C:\Program Files\Active ShutDown\asd.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Screenshot Utility\ScreenshotUtility.exe
C:\WINNT\System32\cidaemon.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\msiexec.exe
C:\unzipped\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://c:\DOCUME~1\DmoZUR\LOCALS~1\Temp\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\MTUSpeed\help\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://c:\DOCUME~1\DmoZUR\LOCALS~1\Temp\toolbar.dll/sa
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: FDA Bar - {9595C62C-76C6-49A6-9BDA-3253DD7A34FF} - C:\Program Files\Free Downloads Accelerator\fdabar99.dll
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: StumbleUpon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINNT\DOWNLO~1\CONFLICT.1\STUMBL~1.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~1\PopUpStopperProfessional.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Sys] C:\DOCUME~1\DmoZUR\LOCALS~1\Temp\EMESH.EXE
O4 - HKCU\..\Run: [AdwareSys] C:\DOCUME~1\DmoZUR\LOCALS~1\Temp\EMESH.EXE
O4 - Startup: Active ShutDown.lnk = C:\Program Files\Active ShutDown\asd.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Startup: Screenshot Utility.lnk = C:\Program Files\Screenshot Utility\ScreenshotUtility.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Program Files\Free Downloads Accelerator\fdaie.htm
O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINNT\DOWNLO~1\CONFLICT.1\STUMBL~1.DLL/blogimage
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Add to FireViewer Conduit (HKLM)
O9 - Extra 'Tools' menuitem: Add to FireViewer Conduit (HKLM)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc.../swdir.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200...taller.exe
O16 - DPF: {4F18FFF5-85B9-4378-A1B4-06743830EC70} (WAPUploaderAX Class) - http://www.web-a-photo.com/WebaphotoUploader.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/12282670893518cc23...xIE601.cab
O16 - DPF: {57BBF06E-D997-11D3-8997-00104BD12D94} (PCPDiskHealth Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupda...t/opuc.cab
O16 - DPF: {6B401179-541E-4BF3-800F-10C39B529DB9} - http://ftp.gurunet.com/pub/cabs/GNInstallerFree.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {95844941-7934-4693-92D9-8202EA7B20ED} - http://www.stumbleupon.com/stumble.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C...3310185185
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/Shar.../cabsa.cab
O16 - DPF: {C6AB80BC-7E87-11D4-8BBB-0001025F438B} (MP3.com DirectToDevice Control) - http://filedownloads.mp3.com/filedownlo...Device.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc...wflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?312
O17 - HKLM\System\CCS\Services\Tcpip\..\{019E5125-6C29-4C0F-B065-AE45CED12008}: NameServer = 167.206.3.222,167.206.112.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D18AFE5-F1DA-47D6-85E4-4C7F9856D79C}: NameServer = 10.0.16.2,10.0.16.17
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC7AA1E6-7D97-4A4C-B1B6-AC988FE6B3E4}: NameServer = 167.206.3.222,167.206.112.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{019E5125-6C29-4C0F-B065-AE45CED12008}: NameServer = 167.206.3.222,167.206.112.138
O17 - HKLM\System\CS2\Services\Tcpip\..\{019E5125-6C29-4C0F-B065-AE45CED12008}: NameServer = 167.206.3.222,167.206.112.138 |
|
Back to top |
|
|
football
Guest
|
Posted: Wed Apr 21, 2004 5:42 pm Post subject: |
|
|
google about this and the two temp toolbar issues in your r lines.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\MTUSpeed\help\blank.htm
Fix these three:
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit.exe
google on the O16 clsid's to see whether they're kept or removed in other threads. Tony Klein's bho list is another good help here.
Also check out the toolbar clsid's in your O3 lines. |
|
Back to top |
|
|
Joruas
Guest
|
Posted: Wed Apr 21, 2004 8:22 pm Post subject: |
|
|
Just for grinns,
http://download.broadbandmedic.com/
there is a vx2.betterinternet finder program at the above link.
curious if it identifies vx2. . . on your machine. |
|
Back to top |
|
|
dmozur
Guest
|
Posted: Thu Apr 22, 2004 12:05 am Post subject: |
|
|
wrote: |
Just for grinns,
http://download.broadbandmedic.com/
there is a vx2.betterinternet finder program at the above link.
curious if it identifies vx2. . . on your machine. |
vx2 log is shown below, indicating awd.dll and awd.cpy.dll files. Can't get rid of these files, I tried before.
Log for VX2.BetterInternet File Finder
Files Found---
C:\WINNT\system32\awd.cpy.dll
C:\WINNT\system32\awd.dll
Guardian Key---
Asynchronous 000
DllName C:\WINNT\system32\awd.dll
Impersonate 000
Logon WinLogon
Version 122
ID {FF43583A-4D08-474E-A47D-408812A4035F}
IDex CS3
User Agent String---
{FF43583A-4D08-474E-A47D-408812A4035F}
Can you offer any suggestions?
Thanks for your help.
Dave
|
|
Back to top |
|
|
dmozur
Guest
|
Posted: Thu Apr 22, 2004 12:09 am Post subject: |
|
|
Here is vx2 log showing awd.dll and awd.cpy.dll files.Log for VX2.BetterInternet File Finder
Files Found---
C:\WINNT\system32\awd.cpy.dll
C:\WINNT\system32\awd.dll
Guardian Key---
Asynchronous 000
DllName C:\WINNT\system32\awd.dll
Impersonate 000
Logon WinLogon
Version 122
ID {FF43583A-4D08-474E-A47D-408812A4035F}
IDex CS3
User Agent String---
{FF43583A-4D08-474E-A47D-408812A4035F}
Can't get rid of these files with killbox. Previously i tried regedit with no luck. Any suggestions?Thanx for your help
Dave |
|
Back to top |
|
|
Joruas
Guest
|
Posted: Thu Apr 22, 2004 10:16 am Post subject: |
|
|
With regedit, navigate to:
Hkey_Local_Machine\Software\Microsoft\Windows NT\Current Version\Winlogon\Notify\Guardian
Right click on the guardian key [then] select privleges.
remove the check in the box for inherit privleges [and] click apply.
When asked about existing privleges, select delete to remove all privleges from that key.
reboot
delete the two dll files
navigate back to the guardian key and check the inherit privleges box [then] apply
delete the guardian key |
|
Back to top |
|
|
dmozur
Guest
|
Posted: Thu Apr 22, 2004 6:31 pm Post subject: |
|
|
When I right click on Guardian, the drop-down menu does not include properties--just "new-find-delete-rename-copy key name". I'm running win2k not XP. Is that the reason? And what do I do about it? |
|
Back to top |
|
|
Guest
|
Posted: Thu Apr 22, 2004 8:05 pm Post subject: |
|
|
|
|
Back to top |
|
|
Guest
|
Posted: Thu Apr 22, 2004 8:42 pm Post subject: |
|
|
With Win2K run regedt32 rather than the (also present) regedit |
|
Back to top |
|
|
dmozur
Guest
|
Posted: Thu Apr 22, 2004 10:21 pm Post subject: |
|
|
wrote: |
With Win2K run regedt32 rather than the (also present) regedit |
I followed your instructions --but in a half-assed fashion. As a result, the Winlogon Notify\Guardian sub-folders have disappeared from the registry.
I am still getting the same error message and popups when windows opens,. So far I haven't noticed any new problems resulting from my screw-up, but I haven't really looked too hard.
I enclose the actual error message. Maybe it can tell you something
While I’m at it, here’s a new hijack file. I appreciate your help. Sorry I’m so sloppy in following instructions
Logfile of HijackThis v1.97.7
Scan saved at 10:19:00 PM, on 4/22/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\WINNT\System32\cisvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINNT\system32\regsvc.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PopUpStopperProfessional.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Active ShutDown\asd.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Palm\HOTSYNC.EXE
C:\WINNT\system32\stisvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Screenshot Utility\ScreenshotUtility.exe
C:\WINNT\System32\cidaemon.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\unzipped\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://c:\DOCUME~1\DmoZUR\LOCALS~1\Temp\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\MTUSpeed\help\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://c:\DOCUME~1\DmoZUR\LOCALS~1\Temp\toolbar.dll/sa
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: FDA Bar - {9595C62C-76C6-49A6-9BDA-3253DD7A34FF} - C:\Program Files\Free Downloads Accelerator\fdabar99.dll
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: StumbleUpon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINNT\DOWNLO~1\CONFLICT.1\STUMBL~1.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~1\PopUpStopperProfessional.exe"
O4 - HKCU\..\Run: [Sys] C:\DOCUME~1\DmoZUR\LOCALS~1\Temp\EMESH.EXE
O4 - HKCU\..\Run: [AdwareSys] C:\DOCUME~1\DmoZUR\LOCALS~1\Temp\EMESH.EXE
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: Active ShutDown.lnk = C:\Program Files\Active ShutDown\asd.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Startup: Screenshot Utility.lnk = C:\Program Files\Screenshot Utility\ScreenshotUtility.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Program Files\Free Downloads Accelerator\fdaie.htm
O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINNT\DOWNLO~1\CONFLICT.1\STUMBL~1.DLL/blogimage
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Add to FireViewer Conduit (HKLM)
O9 - Extra 'Tools' menuitem: Add to FireViewer Conduit (HKLM)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc.../swdir.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar...vSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200...taller.exe
O16 - DPF: {4F18FFF5-85B9-4378-A1B4-06743830EC70} (WAPUploaderAX Class) - http://www.web-a-photo.com/WebaphotoUploader.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/12282670893518cc23...xIE601.cab
O16 - DPF: {57BBF06E-D997-11D3-8997-00104BD12D94} (PCPDiskHealth Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupda...t/opuc.cab
O16 - DPF: {6B401179-541E-4BF3-800F-10C39B529DB9} - http://ftp.gurunet.com/pub/cabs/GNInstallerFree.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {95844941-7934-4693-92D9-8202EA7B20ED} - http://www.stumbleupon.com/stumble.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C...3310185185
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/Shar.../cabsa.cab
O16 - DPF: {C6AB80BC-7E87-11D4-8BBB-0001025F438B} (MP3.com DirectToDevice Control) - http://filedownloads.mp3.com/filedownlo...Device.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc...wflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?312
O17 - HKLM\System\CCS\Services\Tcpip\..\{019E5125-6C29-4C0F-B065-AE45CED12008}: NameServer = 167.206.3.222,167.206.112.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC7AA1E6-7D97-4A4C-B1B6-AC988FE6B3E4}: NameServer = 167.206.3.222,167.206.112.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{019E5125-6C29-4C0F-B065-AE45CED12008}: NameServer = 167.206.3.222,167.206.112.138
O17 - HKLM\System\CS2\Services\Tcpip\..\{019E5125-6C29-4C0F-B065-AE45CED12008}: NameServer = 167.206.3.222,167.206.112.138
|
|
Back to top |
|
|
Guest
|
Posted: Thu Apr 22, 2004 10:38 pm Post subject: |
|
|
Here's the error message. It didn't show up in the last message
Description: |
|
Filesize: |
28.29 KB |
Viewed: |
17 Time(s) |
|
|
|
Back to top |
|
|
NedKali
Guest
|
Posted: Wed Jun 02, 2004 10:26 pm Post subject: |
|
|
locate and delete this file to start with
C:\DOCUME~1\DmoZUR\LOCALS~1\Temp\EMESH.EXE
i am having same problems as you
adaware has identified a dll file which i am am working on deleting which i believe is responsible for the popups.
the website popularscreensavers.com is where i got this wretched thing from.
good luck |
|
Back to top |
|
|
|
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum
|
Powered by phpBB 2.0.8a © 2001 phpBB Group
Version 2.0.6 of PHP-Nuke Port by Tom Nitzschner © 2002 www.toms-home.com
Version 2.2 by Paul Laudanski © 2003-2004 Computer Cops
|