I'm having pretty much the exact same problem. Did you manage to fix it? I did a search for roings in my registry and found a couple references, should I delete them all? This is aweful! thanks!

0

I took a scorched earth approach and it seemed to work - I used regedit search functions to identify anything to do with popuppers, roing and visual loading based on strings "popuppers", "roing" and any of the aforementioned process names. (Make sure you save a copy of you registry first, just in case) Forget the uninstall functions in control panel - this will not 'remove' the programme file.Also take a quick look through /WINDOWS (XP) and Program files to make sure everything related to these elements has been directly removed. If you can't remove them - then it shows a process is still active. Another approach is to try and isolate the time this crap uploaded itself, if you can get hold of the time stamp, try to use dos to find any files that arrived in that window. (or boot in safe mode and use explorer to find any associated files). I've had no problems for 48 hours now. However, I can't find any consistent infromation on this on the net, which means you may just have to try and isolate any process you don't recognise: Faber toys (free download) can help with trying to identify process.

0

I tried every thing from this post. but the only thing that worked for is: remove all link to SVM90194.dll in registry and rename this file at the end. don't forget it isused by the iexplorer.exe all the time and explorer.exe when in not working state. use the dos windows to rename this file.

0

I have this same problem, just got it last night. I contacted roings and told them to tell me how to remove it, no response yet. I don't have any of those things that the previous guy mentioned (optimize.exe, etc) You guys should get HijackThis, it searches your computer for suspicious processes. Get it from http://www.lurkhere.com/~nicefiles/ Then check out this forum, They seem very knowledgable: http://netrn.net/phpBB2/viewforum.php?f=2

0

I searched for "roing" and "popupper" in m regedit, deleted all entries related to them. However, the popupper folder in regedit kept coming back, so I went to popuppers.com, dowloaded their uninstaller. Double click it (it will seem like it did nothing but it did). I then went back to regedit, deleted the popupper folder (not the popupper uninstall related things!). Then I restarted my computer. now I no longer have roings engine or visual downloader in my add/remove software list. Also, I no longer have any references to roing or popupper in my regedit (other than the popupper uninstall files). However, my computer still goes to 100% cpu whenever I try to open "my computer" or open c:\ from internet explorer. So something still seems to be the problem.... why are some useful mesages being deleted from this thread?

0

It sounds a lot like roings engine. I just got rid of it a few hours ago. It makes your cpu peek at 100% constantly. You can only use your computer in safe mode. Several of the hints on the internet didnt help in my case. The add/remove programme option will not work. Roings engine will keep regenereating. I installed the HiJackThis programme and found several suspicious files. Especially the "su3gs3.dll" seemed to have something to do with the problem. But I uninstalled several other files, but after restoring the above file my problem returned, so I am confident the file has something to do with roings engine. Unfortunately I also removed other files using Faber Toys and SpyBot and I was so eager that I forgot to create backups and I accidentally removed some files used by Internet Explorer so now it doesnt work anymore. I installed Netscape instead - and since they built in a pop-up-killer it turned out to be an excellent choice. Give me some feed-back if you found this tip useful.

0

Hi, I have this problem, too, and here's my contribution to the post. Last night I go to open My Docs and nothing displayed. None of my folders show what's in them. You can see how many items, how many mgs, and so on, so the stuff wasn't gone, it just wasn't there lol. My experiences are basically the same as everybody in the post, except nobody has mentioned searchsprint, which all of a sudden has cropped up as a toobar-- this may be due to a winmx download, though, I don't know, I just thought that I would mention it. The first thing I do when this stuff happens is go to add/remove programs, which as well you know would not open, along with My Computer, yada yada yada. Well, actually it opens, but displays nothing, and jacks up my cpu to 100%, etc. When I jumped on after work today, I could get into add/remove, and visual loading engine was there, and you of course can't remove it (from the panel at least). I did a search and found a roing.ocx file and the setup log. I found 2 popupper cookies; it looks like I contracted this crap on Wednesday, February 11. Now, a few questions: First, what IS this? I mean, how did I get it? I know, it's probably a stupid question, I am not as techie as y'all are, but I am, just a little ; )and want to know how to get rid of it so I can get into my folders!!! All of my folders are off limits. Thank God I can do anything else. Second, could you guys look at my Hijack this log and see if you see anything that relates to your situation? I want to get rid of this. I am going to putz around until I do. --- Finally, where does this come from? Any immediate help is more than welcome. : ) Thanks, lorilei

0

Ooops! Forgot the log...and now I can't even get to my desktop! I'll be back with it when I can... This sucks. lorilei

0

I got it! At least for Windows 2000. Look for these two files e090z.dll nem214.dll Use search to find them (most likely they're in WINNT directory). If you can't delete them, first go to REGEDIT to edit the registry. Find everything that contains "e090z" or "nem214" within the registry and get rid of it (getting rid of "roing" and "popupper" may also help). Reboot. I'm finally able to see my icons and experience normal CPU usage. Good luck y'all. Yours Truly, The Flipcritic http://www.flipcritic.net

0

There is hope. I tried everything mentioned before but it didn't help. Then I ran Hijack this and fixed 4 files and the problem was solved. Executed explorer from taskmanager and opened MY Computer, no problem. Still ok after reboot. Now you want to know which lines I checked but I'm sorry , I don't know anymore(is there a log somewhere so I could help some more?)but 3 of them looked suspicious and the 4th was a toolbar. Good luck and good night (3am,5hours s---)

0

How do I remove Roings Engine? I'm using XP Pro I've deleted some of the files, but the Roings Engine is still running..And there are no popups appearing when i go IE, but CPU usage is there... I've also runned Hijack This, and Ad Aware...

0

Hey guys (mainly Fred lol), Okay, here's my Hijack This log--questionL Do I always get rid of BHO's? Logfile of HijackThis v1.97.7 Scan saved at 5:07:01 PM, on 2/13/2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\msdtc.exe C:\WINNT\system32\CTsvcCDA.exe C:\WINNT\system32\drivers\dcfssvc.exe C:\WINNT\System32\svchost.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\KODAK\KODAK EASYSHARE Software\bin\ptssvc.exe C:\WINNT\system32\regsvc.exe C:\WINNT\System32\tcpsvcs.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\MsPMSPSv.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\inetsrv\inetinfo.exe C:\WINNT\system32\mqsvc.exe C:\WINNT\StartupMonitor.exe C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe C:\WINNT\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\lcc\Local Settings\Temp\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {024DE5EB-3649-445E-8D57-C09A9A33D479} - C:\WINNT\system32\PHelper.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\googletoolbar_en_2.0.107-big.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {E3BB4412-F4ED-4AF4-A358-629490829D32} - C:\WINNT\couB2AkC.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: searchsprint - {AEE46806-2C5A-4A4E-A5DD-B4531F64A187} - C:\WINNT\xWIeOYX.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\googletoolbar_en_2.0.107-big.dll O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: Yahoo! Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab O16 - DPF: {2CAB81F6-1CBB-49FD-809E-B2D37D0CFFED} (IEFeature Class) - http://www.popmonster.com/control/src/iefeatures.ocx O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab O16 - DPF: {B8A04596-1C1B-48B6-9268-F2F86C9D55BC} (jimmyloader.jimmyform) - http://bins.roings.com/roing.cab O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab Thanks! lorilei

0

I'm running Win2k. L

0

Okay, This post has been helpful in that the only way to get rid of this is though trial and error (basically). So thank y'all for all of your help; I found some things (and yes i do know which stuff to get rid of : ). SO thanks y'all and if I can't do it I will definitely be back. Note: Logfile of HijackThis v1.97.7 Scan saved at 5:07:01 PM, on 2/13/2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\msdtc.exe C:\WINNT\system32\CTsvcCDA.exe C:\WINNT\system32\drivers\dcfssvc.exe C:\WINNT\System32\svchost.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\KODAK\KODAK EASYSHARE Software\bin\ptssvc.exe C:\WINNT\system32\regsvc.exe C:\WINNT\System32\tcpsvcs.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\MsPMSPSv.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\inetsrv\inetinfo.exe C:\WINNT\system32\mqsvc.exe C:\WINNT\StartupMonitor.exe C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe C:\WINNT\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\lcc\Local Settings\Temp\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {024DE5EB-3649-445E-8D57-C09A9A33D479} - C:\WINNT\system32\PHelper.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\googletoolbar_en_2.0.107-big.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {E3BB4412-F4ED-4AF4-A358-629490829D32} - C:\WINNT\couB2AkC.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: searchsprint - {AEE46806-2C5A-4A4E-A5DD-B4531F64A187} - C:\WINNT\xWIeOYX.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\googletoolbar_en_2.0.107-big.dll O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: Yahoo! Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab O16 - DPF: {2CAB81F6-1CBB-49FD-809E-B2D37D0CFFED} (IEFeature Class) - http://www.popmonster.com/control/src/iefeatures.ocx O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab O16 - DPF: {B8A04596-1C1B-48B6-9268-F2F86C9D55BC} (jimmyloader.jimmyform) - http://bins.roings.com/roing.cab O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab Note: I can't even close anything now; I run a search and the box stays open and My Computer was still in the background after me trying to open it last night---I didn't even know it was still there. This thing is so IRRITATING. Ah, hey, it gives me something to do : ) Lori

0

I am SO SORRY that I keep posting, but i need HELP! I go in and do everything the post said and then ran Hijack This again and this is my new log: Logfile of HijackThis v1.97.7 Scan saved at 11:39:46 AM, on 2/14/2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\msdtc.exe C:\WINNT\system32\CTsvcCDA.exe C:\WINNT\system32\drivers\dcfssvc.exe C:\WINNT\System32\svchost.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\KODAK\KODAK EASYSHARE Software\bin\ptssvc.exe C:\WINNT\system32\regsvc.exe C:\WINNT\System32\tcpsvcs.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\MsPMSPSv.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\inetsrv\inetinfo.exe C:\WINNT\system32\mqsvc.exe C:\WINNT\StartupMonitor.exe C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe C:\WINNT\explorer.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\lcc\Local Settings\Temp\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {024DE5EB-3649-445E-8D57-C09A9A33D479} - C:\WINNT\system32\PHelper.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\googletoolbar_en_2.0.107-big.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {E3BB4412-F4ED-4AF4-A358-629490829D32} - C:\WINNT\couB2AkC.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: searchsprint - {AEE46806-2C5A-4A4E-A5DD-B4531F64A187} - C:\WINNT\xWIeOYX.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\googletoolbar_en_2.0.107-big.dll O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: Yahoo! Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {2CAB81F6-1CBB-49FD-809E-B2D37D0CFFED} (IEFeature Class) - http://www.popmonster.com/control/src/iefeatures.ocx Now I can't get anything to close, can't find anything, can't open anything...AUUUHGH! I am taking a much needed break. If anybody would like to help me, please do! L

0

Ok. solved the problem (or so it seems) and it is very simple, so there is hope. I deleted from C:\Windows optmize.exe roing_bbi8016.exe then I run HIJACK This and I deleted some entries that did not seem reliable. I cannot rememeber the names of the files, but I do not know if it matters. Because as I read tons of messages about this problem it seems that we all have different files names, same problem but different names. Basically, go through the data that HThis offers you and get rid of some dlls files in your C:\windows that might be doing the problem and an entry of a toolbar (actually that is how my problem started). ANALOG DLL ARCHIVE was not useful for me, actually it made some other things work worse. So it depends on the characteristics of your problem. Hope this help and thanks a lot for everybody's suggestions. Hugo

0

I have HAD it!! All of you guys, thanks so much for the suggestions--Hugo's right; everybody's is different and I have done everything I possibly can, there are no references to anything anywhere and I still can't open anything! I am getting a tad p/o'd here!

0

HAH! I did it!!! I would tell you how, but all of the info's already in this post---it's everybody's individual problem and only Hijack This can help you. Thanks, you guys. L

0

I did wat Mark from UK suggested I deleted the following files c:\WINDOWS\roing_bbi8016.exe c:\WINDOWS\t2b6BL.exe c:\WINDOWS\optimize.exe c:\WINDOWS\isinstall_kart.exe I just couldn't find t2b6BL.exe or any of the .dll files Hijack this worked - It gives you ionfo on selected items if your not sure to delete but make backup of registry first. I had no problem after that Also get spybot from http://download.com.com/3000-2144-10194058.html?tag=lst-0-1 It's useful to have Thanks Mark from UK

0

Ok iv'e done everything that ulot have said to do but my problem is still there, i've had the same problem as jakie, i don't have any of the .dll files or t2b6BL.exe but i've got ridden of the other .exe's ant the registery entries but the problem is still here, so heres my hackthis log if u can see if nethings wrong or know wot to do can u post plzzzzz Logfile of HijackThis v1.96.0 Scan saved at 19:33:46, on 15/02/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\PROGRA~1\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Microangelo\muamgr.exe C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe C:\PROGRA~1\Immersion Corporation\TouchSense\Clients\Desktop\IDesktop.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\MSN Messenger\MsnMsgr.exe D:\steam\steam.exe C:\Program Files\Immersion Corporation\TouchSense\Server\TouchSense.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\System32\devldr32.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.exe C:\Documents and Settings\Miles\Desktop\hijackthis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.exe C:\WINDOWS\regedit.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {04281190-E2EF-4B3D-9C43-75D8157D5B87} - C:\WINDOWS\tnS5SY6.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [MOD] C:\Program Files\Microangelo\muamgr.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.exe O4 - HKLM\..\Run: [IDesktop.2.5] C:\PROGRA~1\Immersion Corporation\TouchSense\Clients\Desktop\IDesktop.exe 1 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/163e4dca2c73ff658516/netzip/RdxIE601.cab O16 - DPF: {5CA42785-ABC3-11D2-9F81-00104B2225C5} (Immersion Web ActiveX Control) - http://www.immersion.com/plugins/ImmWeb.cab O16 - DPF: {BE168AD8-D3DD-432C-B367-06D36A1AED15} (limmyloding.limmyform) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

0

ye i have done all that and then some but its still doin 100% wenever i try to open control panel, my computer, my documents or anything like that and even wen i try to open a folder on the desktop. please help this is really annoying. here is my hijack this log im running xp home. Logfile of HijackThis v1.97.7 Scan saved at 21:25:14, on 15/02/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\System32\drivers\CDAC11BA.exe C:\WINDOWS\System32\DRIVERS\CDANTSRV.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\windows\system32\cddrv32.exe C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe C:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.exe C:\Program Files\Kazaa\kazaa.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Winamp3\winampa.exe C:\WINDOWS\tYmh3h.exe C:\Program Files\Creative\ShareDLL\MediaDet.exe C:\windows\system32\win32gb.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\MemTurbo\MemTurbo.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\taskmgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Will Miners\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgin.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.virgin.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Virgin.net F1 - win.ini: run=c:\windows\system32\cddrv32.exe O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {C4656B96-F638-432F-9FD0-94318ABF4F5A} - C:\WINDOWS\p7fk6v.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar.dll O3 - Toolbar: searchsprint - {AEE46806-2C5A-4A4E-A5DD-B4531F64A187} - C:\WINDOWS\zE758P.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe /run O4 - HKLM\..\Run: [SAITEKAUTOCONFIGURE] C:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe /autorun O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.exe O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe" O4 - HKLM\..\Run: [esEXgxu92] C:\WINDOWS\tYmh3h.exe O4 - HKLM\..\Run: [win32gb] c:\windows\system32\win32gb.exe /noconnect O4 - HKLM\..\Run: [Cddrv32] c:\windows\system32\cddrv32.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [TaskTray] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe O4 - HKCU\..\Run: [Taskbar] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe O4 - HKCU\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent O4 - HKCU\..\Run: [Cddrv32] c:\windows\system32\cddrv32.exe O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo\MemTurbo.exe O4 - Startup: NetTurbo.lnk = C:\Program Files\SharewareOnline.com\NetTurbo\NetTurbo.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: NetTurbo.lnk = C:\Program Files\SharewareOnline.com\NetTurbo\NetTurbo.exe O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\GoogleToolbar.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\GoogleToolbar.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\GoogleToolbar.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\GoogleToolbar.dll/cmsimilar.html O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\GoogleToolbar.dll/cmtrans.html O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/big/1.1.62-big/GoogleNav.cab O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37705.5646064815 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2BF0DD65-438E-4E2F-AAE3-89820D56DAE9}: NameServer = 192.168.121.252,192.168.121.253 O17 - HKLM\System\CCS\Services\Tcpip\..\{A84424B7-9ADB-4C72-930D-8677DD5E20DA}: NameServer = 194.168.4.100 194.168.8.100

0

Following the advice enabled the problem to be identified and fixed. I agree that the problem manifests itself in different ways - I could not find any of the references listed. But HijackThis definitely identifies what is causing the problem - and it seems to be a random selection of letters and numbers, some uppercase, some not (like a password generator). Many thanks, and happy hunting!!

0

Hi, The toolbars seem to have a lot to do with this. I noticed on 21's HThis log that 'searchsprint' was in there---I got hit with all of this as soon as that installed itself on my computer. I have used Google toolbar for awhile now; however, when I got rid of the toolbars it seemed to do the trick. Hope this helps a little. L

0

Hey people, I was going CRAZY trying to find the solution to this problem. However, this discussion solved the problem. I followed the steps by deleting the dll files in the windows directory, but that didnt do the job. So I ran hijack this, and deleted 2 entries, one relating directly to roings. Here were the two entries I removed, and right after removing them, i started up explorer.exe and I was able to access my documents again. BH0:(no name) - {5AF67F5B-AAA6E-4B81-AC0C-EBE75D040C2} - \c:\WINDOWS\o48g0q8D.dll DPF: {B8A04596-1C1B-9268-F2F86C9D55BC} -(jimmyloader.jimmyform) - http://bins.roings.com/crack.cab Hope these two will help in your quest to remove this problem. Seya

0

come on!!! i think i fixed it. i deleted all the dlls and did everything above. then i deleted searchsprint or whatever through HT and a BHO in WINDOWS called p7fk6v.dll through HT and i can get onto my computer!!! yay. now i think its time for a blitz-delete all thats not needed. thank you all for all your help and suggestions. ppl who still have this problem i suggest looking for dlls in WINDOWS directory through Hijack this with a random number of letters and numbers as the name. good luck!!

0

I did it!!! Thanks for your posts. I got HiJackthis and deleted these entries: R3 - Default URLSearchHook is missing O16 - DPF: {65B818E1-F4D8-4F96-A1DF-35F3D1C86194} (limmyloding.limmyform) - http://bins.roings.com/crack.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/194bed9de58bee7ebe21/netzip/RdxIE6.cab O2 - BHO: (no name) - {C438B55E-1639-4053-8513-4CB175C391D4} - C:\WINDOWS\m8Kmc7yt0.dll I then ran Spy Sweeper again and got rid of Roings. Now no problems...seems A ok... I love this site...

0

Hi Lorelei and others, glad you fixed the problem. You're wright about the searchsprint toolbar , I remember I removed this to. I would remove all toolbars and also the "pop" items. After the problem was solved I ran NAV and it removed nem214.dll so removing this file won't solve the problem on it's own. Spybot helpt me out to and also for another problem. The one where explorer causes an error on execution. Opening a folder and surfing from there is ok. But that's another discussion I guess. Anyway if you encounter that problem, ad-aware or spybot can fix it. Regards, Fred

0

off topic : Sorry it's Lor i lei and I'm not Alfred.

0

Hi guys-- Sorry to beat a dead horse, but I suppose any additional info might assist people like me who come down the pike with similar symptoms but a slightly different solution. First, let me thank you all for this discussion. It set me on the right path. Second, the problem is indeed unique to each user. I ran Hijack This and deleted all .dll files and Toolbar "extras" that weren't necessary. Essentially, anything that looked suspicious (i.e., entries with "(no name)" or official software identification), I deleted with HT. The additional toolbars do indeed seem to be the culprit. Malware, no doubt. Best of luck to future detectives searching for clues here. Rob

0

I had the same problem this link got rid of it for me http://www.popuppers.com/uninstallprog.exe It seems you have to get the unistall from a machine that is not infected. Because if you have their "program", the URL redirects you to bullsh|t.

0

Well looks like I wasn't the only one in this... ok. I have found one file that had "roing" as internal name and another with "wat" as internal name. The names are e6T59.ocx e3053.dll These seem to be from this "Roing Company" The first one under "Orginal Name" was "roing.ocx" so here's another name to the already somewat long list of names it goes under. But it seems to me that it changes file names. I dunno how often or if this is even true. But it does seem like a reasonable explantion. I dunno if there are any new "victems" to this "Roing the Ripper", but I hope this helps. Good luck. "And I thought computers were suppose to help us!"

0

Also in C:\windows\Downloaded Program Files\ ,for Win XP Pro, there was a limmieload.limmieload something like that and i believe this is related to "roing" because sum of the roing files had this in there and/or registry entries. "And I thought computers were suppose to help us!"

0