1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Popup acts like it is in memory, smni.com

Discussion in 'Web & Email' started by nicemikelake, Sep 18, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. nicemikelake

    nicemikelake Thread Starter

    Joined:
    Sep 18, 2003
    Messages:
    3
    :confused:
    I thought that most popups come from viewed web pages, but keep getting a tab for the following website:

    http://www.smni.com

    Actually, nothing ever pops up, it places an annoying tab that does nothing. Every now and then it re-appears. I am using Windows XP with included IE6, and Sygate Personal Firewall.

    I tried stopping it by blocking the site with my firewall, but it keeps coming up, then changes to a "site not found" after a 5-10 second delay. Still have the stupid tab though.

    How can I find where this is coming from? I searched the files on my computer for smni.com, and nothing showed up.

    :confused: Michael John Lake
    http://www.NiceMike.com
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,224
    First Name:
    Derek
    go to http://www.tomcoyote.org/hjt/ , and download 'Hijack This!'.
    Unzip, doubleclick HijackThis.exe, and hit "Scan".

    When the scan is finished, the "Scan" button will change into a "Save Log" button.
    Press that, save the log somewhere, and please copy & paste its contents to the forum.

    It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required, so do NOT fix anything yet.
    Someone here will be happy to help you analyze the results.
     
  3. nicemikelake

    nicemikelake Thread Starter

    Joined:
    Sep 18, 2003
    Messages:
    3
    Here are the results of the "Hijack This" scan.

    Note that my roommate has run many online games and offers advertized on Yahoo and Lycos. Some of the unnecessary junk may be from these "downloads".
    _______________________________

    Logfile of HijackThis v1.97.2
    Scan saved at 6:53:57 PM, on 9/18/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\Smc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\mcafee.com\VSO\mcvsshld.exe
    C:\Program Files\mcafee.com\Agent\mcagent.exe
    C:\Program Files\mcafee.com\Agent\mcupdate.exe
    C:\Program Files\TimeSink\AdGateway\TsAdBot.exe
    C:\Program Files\Iomega HotBurn\Autolaunch.exe
    C:\Real\Player\realplay.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\MSMGT.exe
    C:\Program Files\mcafee.com\VSO\mcshield.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Mikes Downloads\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toast.net/start/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us4.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/
    O1 - Hosts: 255.255.255.255 www.casinoxo.com
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\mcafee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\mcafee.com\Agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\Program Files\mcafee.com\Agent\mcupdate.exe /embedding
    O4 - HKLM\..\Run: [USB] C:\WINDOWS\system32\usb.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TimeSink Ad Client] "C:\Program Files\TimeSink\AdGateway\TsAdBot.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb02.exe
    O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn\Autolaunch.exe"
    O4 - HKLM\..\Run: [RealTray] C:\Real\Player\realplay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MSMGT] C:\WINDOWS\MSMGT.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [AOL Instant Messenger (TM)] C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe -cnetwait.odl
    O9 - Extra button: MktBrowser (HKLM)
    O9 - Extra 'Tools' menuitem: MarketBrowser (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
    O16 - DPF: Toki Toki Boom - http://download.games.yahoo.com/games/clients/y/vtm_x.cab
    O16 - DPF: Video Poker - http://download.games.yahoo.com/games/clients/y/vpt0_x.cab
    O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
    O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot2_x.cab
    O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et0_x.cab
    O16 - DPF: Yahoo! Exploder - http://download.games.yahoo.com/games/clients/y/vtk_x.cab
    O16 - DPF: Yahoo! Go - http://download.games.yahoo.com/games/clients/y/gt1_x.cab
    O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt4_x.cab
    O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab
    O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
    O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/games/clients/y/ot0_x.cab
    O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst3_x.cab
    O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
    O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
    O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
    O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.5.cab
    O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab
    O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://mirror.worldwinner.com/games/v42/brickout/brickout.cab
    O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://www109.coolsavings.com/download/cscmv5X.cab
    O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://mirror.worldwinner.com/games/v44/bjattack/bjattack.cab
    O16 - DPF: {5EE92643-21CE-4949-903F-39439DCC3944} (Shapetris Control) - http://mirror.worldwinner.com/games/v42/shape/shape.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
    O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://www.worldwinner.com/games/shared/dephlp.cab
    O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://mirror.worldwinner.com/games/v41/wordcube/wordcube.cab
    O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://mirror.worldwinner.com/games/v52/cubis/cubis.cab
    O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://mirror.worldwinner.com/games/v41/sol/sol.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37844.5812615741
    O16 - DPF: {A7798D6C-C6B5-4F26-9363-F7CDBBFFA607} (download Class) - http://www.gigex.com/ActiveX/vxpspeeddelivery.dll
    O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://mirror.worldwinner.com/games/v50/swapit/swapit.cab
    O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://mirror.worldwinner.com/games/v40/tilecity/tilecity.cab
    O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} - http://webpdp.gator.com/v3/download/pdpplugin5094_hd3ptdmgainads.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://aceshigh.microgaming.com/aceshigh/FlashAX.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4285/mcfscan.cab
     
  4. buckaroo

    buckaroo

    Joined:
    Mar 25, 2001
    Messages:
    3,334
    Hi nicemikelake, Welcome to TSG.

    You can have HJT fix the following items. Close your browser, open up HJT and check the following items and then click FIX. Reboot afterwards.


    O1 - Hosts: 255.255.255.255 www.casinoxo.com

    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll

    O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL


    O4 - HKLM\..\Run: [TimeSink Ad Client] "C:\Program Files\TimeSink\AdGateway\TsAdBot.exe"


    O4 - HKLM\..\Run: [MSMGT] C:\WINDOWS\MSMGT.exe


    After rebooting, delete this file:

    C:\Program Files\TimeSink\AdGateway\TsAdBot.exe"


    Afterwards, go here and download Spybot:

    http://www.safer-networking.org/index.php?lang=en&page=download

    ...after installing, have it go on line and download all updates. Have it scan your system for any problems. Everything it finds in RED is safe to fix.

    :)
     
  5. nicemikelake

    nicemikelake Thread Starter

    Joined:
    Sep 18, 2003
    Messages:
    3
    Thankyou buckaroo,

    I used HJT to remove the suggested items, and the strange pop-up went away.

    Tried to download Spybot several times from c-net, and could not get anything to happen. Because this is Saturday evening, it might be too much web traffic, so I will wait till Monday. At least the obvious problem is gone.

    This stuff might not be virus, but it is almost as annoying. How much processor power might these unwanted items take away?

    Sincerely,
    Mike Lake
     
  6. buckaroo

    buckaroo

    Joined:
    Mar 25, 2001
    Messages:
    3,334
    Okay, good. (y) When you get Spybot, make sure you use it's update function to go online and download all updates. Keep the application updated and scan your system on a regular basis.

    About prcessor power....I don't have a clue. :D

    Take care.

    :)
     
  7. forty4

    forty4

    Joined:
    Oct 15, 2004
    Messages:
    2
    Hi !!

    I ran Hijack This and this was the result :

    Logfile of HijackThis v1.98.2
    Scan saved at 11:29:34:AM, on 15/10/2004
    Platform: Windows 2000 SP3 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.00 SP3 (5.00.2920.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\CA\eTrust\Antivirus\InoRpc.exe
    C:\Program Files\CA\eTrust\Antivirus\InoRT.exe
    C:\Program Files\CA\eTrust\Antivirus\InoTask.exe
    C:\WINNT\LogWatNT.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINNT\System32\mnmsrvc.exe
    C:\WINNT\System32\NALNTSRV.EXE
    C:\WINNT\system32\tsamain.exe
    C:\WINNT\System32\nvsvc32.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\wm.exe
    C:\WINNT\system32\svchost.exe
    C:\NOVELL\ZENRC\wuser32.exe
    C:\NOVELL\ZENRC\WUOLService.exe
    \npbnis21\SYS\PUBLIC\clntrust.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\Promon.exe
    C:\WINNT\system32\Smtray.exe
    C:\WINNT\system32\NWTRAY.EXE
    C:\Program Files\CA\eTrust\Antivirus\realmon.exe
    C:\Documents and Settings\user\Application Data\shnw.exe
    C:\WINNT\system32\w?wexec.exe
    C:\Program Files\Novell\iFolder\TrayApp.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    \NPBNIS02\SYS\PUBLIC\NALDESK.EXE
    \NPBNIS02\soft\IMAGES\INSTALL\Snappe32\Apps\Stinger\stinger239.exe
    C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
    C:\NOVELL\GroupWise\GrpWise.exe
    C:\NOVELL\GroupWise\Notify.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.eskom.co.za/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.eskom.co.za/powerzone/main800x600.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = npbproxy.eskom.co.za:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;147.110.*.*;*.eskom.co.za;172.*.*.*;*.arivia.co.za;visione.eskom.co.za;zenzele.eskom.co.za;<local>
    O1 - Hosts: 147.110.176.12 zenwsimport
    O1 - Hosts: 147.110.176.12 npbnzw01.eskom.co.za
    O1 - Hosts: 147.110.176.12 npbnzw01
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {63DE3757-EF1E-0CE7-825A-15557EF02A18} - C:\WINNT\system32\rsfwe.dll
    O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINNT\system32\bridge.dll (file missing)
    O2 - BHO: Core Library - {A23AB93D-6CFF-442c-BB8A-41F6145F47E7} - C:\WINNT\system32\PDF7831.dll
    O2 - BHO: Curl - {A78CC2FF-6E4E-4556-B27C-D7C3A70D7A50} - C:\WINNT\system32\NDrv.dll (file missing)
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Promon.exe] Promon.exe
    O4 - HKLM\..\Run: [Smapp] Smtray.exe
    O4 - HKLM\..\Run: [ZENRC Tray Icon] zentray.exe
    O4 - HKLM\..\Run: [RunEAV] C:\WINNT\system32\cmd.exe /C START /MIN C:\WINNT\System32\KIX32.EXE C:\WINNT\System32\EAVRUN.KIX $UsePorts=ON
    O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrust\Antivirus\realmon.exe"
    O4 - HKLM\..\Run: [searchbar] C:\WINNT\system32\vnmispoisn_downloader.exe
    O4 - HKLM\..\Run: [mswspl] C:\WINNT\system32\vnmispoisn_downloader.exe
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\system32\bridge.dll",Load
    O4 - HKLM\..\Run: [SafeGuard Popup Updater (required)] regsvr32 /s C:\WINNT\system32\PDF7831.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Aaat] C:\Documents and Settings\user\Application Data\shnw.exe
    O4 - HKCU\..\Run: [Mlnvzywk] C:\WINNT\system32\w?wexec.exe
    O4 - Global Startup: GroupWise Notify.lnk = C:\NOVELL\GroupWise\Notify.exe
    O4 - Global Startup: Novell iFolder.lnk = C:\Program Files\Novell\iFolder\TrayApp.exe
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0084C3C2-4B0E-11D1-8064-0060977B0E09} (Attachmate Edit3270 Class) - http://mainframe.eskom.co.za/hostaccess/ENU/Standard/AXClient/at3270.CAB
    O16 - DPF: {0DF0058D-5B88-11D1-B7C7-0006296A7CDE} (AtmCommandBar Class) - http://mainframe.eskom.co.za/hostaccess/ENU/Standard/AXClient/atcommon.CAB
    O16 - DPF: {1356B571-7919-11CF-A2DA-08005A48F0E4} (Attachmate Configuration Object - TN3270) - http://mainframe.eskom.co.za/hostaccess/ENU/Standard/AXClient/TN327.CAB
    O16 - DPF: {23BFA621-48D9-11D2-B3D4-000629ED42AF} (Attachmate Custom Code Page Installer) - http://mainframe.eskom.co.za/hostaccess/ENU/Standard/axclient/aucpdnld.cab
    O16 - DPF: {3DC1AC46-CA1A-11CF-BECD-08005A9B94B7} (Attachmate Screen3270 Object) - http://mainframe.eskom.co.za/hostaccess/ENU/Standard/AXClient/as3270.CAB
    O16 - DPF: {3E5C2E12-57B6-11D1-8956-0006291171A1} (Attachmate Browser Frame Class) - http://mainframe.eskom.co.za/hostaccess/ENU/Standard/AXClient/ataction.CAB
    O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://appserv.eskom.co.za/EAG/Setup/PlugIns/iftwclix.cab
    O16 - DPF: {7F37B328-86F5-11CF-B401-08005AC024EB} (Attachmate Session Object) - http://mainframe.eskom.co.za/hostaccess/ENU/Standard/AXClient/ascommon.CAB
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
    O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/BM2/BM2.cab
    O16 - DPF: {E9041F85-3C18-4A7E-A29D-E24F84B79BF1} - http://64.7.220.98/downloads/e2g27.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{07618AA1-86D4-4C69-89CC-F116E48A3F0B}: Domain = eskom.co.za
    O17 - HKLM\System\CCS\Services\Tcpip\..\{07618AA1-86D4-4C69-89CC-F116E48A3F0B}: NameServer = 147.110.52.7,147.110.52.10
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A663EC29-C3BC-4696-80A3-99DB664011C2}: Domain = eskom.co.za
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A663EC29-C3BC-4696-80A3-99DB664011C2}: NameServer = 147.110.52.7,147.110.52.10
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = eskom.co.za
    O17 - HKLM\System\CS1\Services\Tcpip\..\{07618AA1-86D4-4C69-89CC-F116E48A3F0B}: Domain = eskom.co.za
    O17 - HKLM\System\CS1\Services\Tcpip\..\{07618AA1-86D4-4C69-89CC-F116E48A3F0B}: NameServer = 147.110.52.7,147.110.52.10
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = eskom.co.za
    O17 - HKLM\System\CS2\Services\Tcpip\..\{07618AA1-86D4-4C69-89CC-F116E48A3F0B}: Domain = eskom.co.za
    O17 - HKLM\System\CS2\Services\Tcpip\..\{07618AA1-86D4-4C69-89CC-F116E48A3F0B}: NameServer = 147.110.52.7,147.110.52.10
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = eskom.co.za

    please help !!
     
  8. buckaroo

    buckaroo

    Joined:
    Mar 25, 2001
    Messages:
    3,334
    OMG forty4, where'd you resurrect this thread from? Hi and welcome to TSG.

    1. Let us know exactly what problems you're experiencing.

    2. What can you tell us about Eskom? Is it your ISP?

    There's a couple of applications you can run in the meantime.

    Spybot:

    http://www.majorgeeks.com/download.php?det=2471

    Make sure you download any updates then have it check your system for any problems. Whatever Spybot finds in RED is safe to delete.


    Then, go here and download AdAware

    http://www.majorgeeks.com/download.php?det=506

    Make sure you download current updates and allow it to do a full system scan.

    Everything AdAware finds is safe to delete.


    Go here for a free online AV scan:

    http://housecall.trendmicro.com/housecall/start_corp.asp


    When done, rescan with HJT and post a current log, okay?

    :)
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/165617

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice