Popup acts like it is in memory, smni.com

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

nicemikelake

Thread Starter
Joined
Sep 18, 2003
Messages
3
:confused:
I thought that most popups come from viewed web pages, but keep getting a tab for the following website:

http://www.smni.com

Actually, nothing ever pops up, it places an annoying tab that does nothing. Every now and then it re-appears. I am using Windows XP with included IE6, and Sygate Personal Firewall.

I tried stopping it by blocking the site with my firewall, but it keeps coming up, then changes to a "site not found" after a 5-10 second delay. Still have the stupid tab though.

How can I find where this is coming from? I searched the files on my computer for smni.com, and nothing showed up.

:confused: Michael John Lake
http://www.NiceMike.com
 

dvk01

Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
First Name
Derek
go to http://www.tomcoyote.org/hjt/ , and download 'Hijack This!'.
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and please copy & paste its contents to the forum.

It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required, so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.
 

nicemikelake

Thread Starter
Joined
Sep 18, 2003
Messages
3
Here are the results of the "Hijack This" scan.

Note that my roommate has run many online games and offers advertized on Yahoo and Lycos. Some of the unnecessary junk may be from these "downloads".
_______________________________

Logfile of HijackThis v1.97.2
Scan saved at 6:53:57 PM, on 9/18/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\mcafee.com\VSO\mcvsshld.exe
C:\Program Files\mcafee.com\Agent\mcagent.exe
C:\Program Files\mcafee.com\Agent\mcupdate.exe
C:\Program Files\TimeSink\AdGateway\TsAdBot.exe
C:\Program Files\Iomega HotBurn\Autolaunch.exe
C:\Real\Player\realplay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\MSMGT.exe
C:\Program Files\mcafee.com\VSO\mcshield.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Mikes Downloads\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toast.net/start/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/
O1 - Hosts: 255.255.255.255 www.casinoxo.com
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\mcafee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\mcafee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\Program Files\mcafee.com\Agent\mcupdate.exe /embedding
O4 - HKLM\..\Run: [USB] C:\WINDOWS\system32\usb.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TimeSink Ad Client] "C:\Program Files\TimeSink\AdGateway\TsAdBot.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb02.exe
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn\Autolaunch.exe"
O4 - HKLM\..\Run: [RealTray] C:\Real\Player\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSMGT] C:\WINDOWS\MSMGT.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [AOL Instant Messenger (TM)] C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe -cnetwait.odl
O9 - Extra button: MktBrowser (HKLM)
O9 - Extra 'Tools' menuitem: MarketBrowser (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: MoneySide (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Toki Toki Boom - http://download.games.yahoo.com/games/clients/y/vtm_x.cab
O16 - DPF: Video Poker - http://download.games.yahoo.com/games/clients/y/vpt0_x.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot2_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et0_x.cab
O16 - DPF: Yahoo! Exploder - http://download.games.yahoo.com/games/clients/y/vtk_x.cab
O16 - DPF: Yahoo! Go - http://download.games.yahoo.com/games/clients/y/gt1_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt4_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/games/clients/y/ot0_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst3_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.5.cab
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://mirror.worldwinner.com/games/v42/brickout/brickout.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://www109.coolsavings.com/download/cscmv5X.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://mirror.worldwinner.com/games/v44/bjattack/bjattack.cab
O16 - DPF: {5EE92643-21CE-4949-903F-39439DCC3944} (Shapetris Control) - http://mirror.worldwinner.com/games/v42/shape/shape.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://www.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://mirror.worldwinner.com/games/v41/wordcube/wordcube.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://mirror.worldwinner.com/games/v52/cubis/cubis.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://mirror.worldwinner.com/games/v41/sol/sol.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37844.5812615741
O16 - DPF: {A7798D6C-C6B5-4F26-9363-F7CDBBFFA607} (download Class) - http://www.gigex.com/ActiveX/vxpspeeddelivery.dll
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://mirror.worldwinner.com/games/v50/swapit/swapit.cab
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://mirror.worldwinner.com/games/v40/tilecity/tilecity.cab
O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} - http://webpdp.gator.com/v3/download/pdpplugin5094_hd3ptdmgainads.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://aceshigh.microgaming.com/aceshigh/FlashAX.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4285/mcfscan.cab
 
Joined
Mar 25, 2001
Messages
3,334
Hi nicemikelake, Welcome to TSG.

You can have HJT fix the following items. Close your browser, open up HJT and check the following items and then click FIX. Reboot afterwards.


O1 - Hosts: 255.255.255.255 www.casinoxo.com

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL


O4 - HKLM\..\Run: [TimeSink Ad Client] "C:\Program Files\TimeSink\AdGateway\TsAdBot.exe"


O4 - HKLM\..\Run: [MSMGT] C:\WINDOWS\MSMGT.exe


After rebooting, delete this file:

C:\Program Files\TimeSink\AdGateway\TsAdBot.exe"


Afterwards, go here and download Spybot:

http://www.safer-networking.org/index.php?lang=en&page=download

...after installing, have it go on line and download all updates. Have it scan your system for any problems. Everything it finds in RED is safe to fix.

:)
 

nicemikelake

Thread Starter
Joined
Sep 18, 2003
Messages
3
Thankyou buckaroo,

I used HJT to remove the suggested items, and the strange pop-up went away.

Tried to download Spybot several times from c-net, and could not get anything to happen. Because this is Saturday evening, it might be too much web traffic, so I will wait till Monday. At least the obvious problem is gone.

This stuff might not be virus, but it is almost as annoying. How much processor power might these unwanted items take away?

Sincerely,
Mike Lake
 
Joined
Mar 25, 2001
Messages
3,334
Okay, good. (y) When you get Spybot, make sure you use it's update function to go online and download all updates. Keep the application updated and scan your system on a regular basis.

About prcessor power....I don't have a clue. :D

Take care.

:)
 
Joined
Oct 15, 2004
Messages
2
Hi !!

I ran Hijack This and this was the result :

Logfile of HijackThis v1.98.2
Scan saved at 11:29:34:AM, on 15/10/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP3 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\CA\eTrust\Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust\Antivirus\InoRT.exe
C:\Program Files\CA\eTrust\Antivirus\InoTask.exe
C:\WINNT\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\System32\mnmsrvc.exe
C:\WINNT\System32\NALNTSRV.EXE
C:\WINNT\system32\tsamain.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\wm.exe
C:\WINNT\system32\svchost.exe
C:\NOVELL\ZENRC\wuser32.exe
C:\NOVELL\ZENRC\WUOLService.exe
\npbnis21\SYS\PUBLIC\clntrust.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Promon.exe
C:\WINNT\system32\Smtray.exe
C:\WINNT\system32\NWTRAY.EXE
C:\Program Files\CA\eTrust\Antivirus\realmon.exe
C:\Documents and Settings\user\Application Data\shnw.exe
C:\WINNT\system32\w?wexec.exe
C:\Program Files\Novell\iFolder\TrayApp.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
\NPBNIS02\SYS\PUBLIC\NALDESK.EXE
\NPBNIS02\soft\IMAGES\INSTALL\Snappe32\Apps\Stinger\stinger239.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\NOVELL\GroupWise\GrpWise.exe
C:\NOVELL\GroupWise\Notify.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.eskom.co.za/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.eskom.co.za/powerzone/main800x600.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = npbproxy.eskom.co.za:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;147.110.*.*;*.eskom.co.za;172.*.*.*;*.arivia.co.za;visione.eskom.co.za;zenzele.eskom.co.za;<local>
O1 - Hosts: 147.110.176.12 zenwsimport
O1 - Hosts: 147.110.176.12 npbnzw01.eskom.co.za
O1 - Hosts: 147.110.176.12 npbnzw01
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {63DE3757-EF1E-0CE7-825A-15557EF02A18} - C:\WINNT\system32\rsfwe.dll
O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINNT\system32\bridge.dll (file missing)
O2 - BHO: Core Library - {A23AB93D-6CFF-442c-BB8A-41F6145F47E7} - C:\WINNT\system32\PDF7831.dll
O2 - BHO: Curl - {A78CC2FF-6E4E-4556-B27C-D7C3A70D7A50} - C:\WINNT\system32\NDrv.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [ZENRC Tray Icon] zentray.exe
O4 - HKLM\..\Run: [RunEAV] C:\WINNT\system32\cmd.exe /C START /MIN C:\WINNT\System32\KIX32.EXE C:\WINNT\System32\EAVRUN.KIX $UsePorts=ON
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrust\Antivirus\realmon.exe"
O4 - HKLM\..\Run: [searchbar] C:\WINNT\system32\vnmispoisn_downloader.exe
O4 - HKLM\..\Run: [mswspl] C:\WINNT\system32\vnmispoisn_downloader.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\system32\bridge.dll",Load
O4 - HKLM\..\Run: [SafeGuard Popup Updater (required)] regsvr32 /s C:\WINNT\system32\PDF7831.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Aaat] C:\Documents and Settings\user\Application Data\shnw.exe
O4 - HKCU\..\Run: [Mlnvzywk] C:\WINNT\system32\w?wexec.exe
O4 - Global Startup: GroupWise Notify.lnk = C:\NOVELL\GroupWise\Notify.exe
O4 - Global Startup: Novell iFolder.lnk = C:\Program Files\Novell\iFolder\TrayApp.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0084C3C2-4B0E-11D1-8064-0060977B0E09} (Attachmate Edit3270 Class) - http://mainframe.eskom.co.za/hostaccess/ENU/Standard/AXClient/at3270.CAB
O16 - DPF: {0DF0058D-5B88-11D1-B7C7-0006296A7CDE} (AtmCommandBar Class) - http://mainframe.eskom.co.za/hostaccess/ENU/Standard/AXClient/atcommon.CAB
O16 - DPF: {1356B571-7919-11CF-A2DA-08005A48F0E4} (Attachmate Configuration Object - TN3270) - http://mainframe.eskom.co.za/hostaccess/ENU/Standard/AXClient/TN327.CAB
O16 - DPF: {23BFA621-48D9-11D2-B3D4-000629ED42AF} (Attachmate Custom Code Page Installer) - http://mainframe.eskom.co.za/hostaccess/ENU/Standard/axclient/aucpdnld.cab
O16 - DPF: {3DC1AC46-CA1A-11CF-BECD-08005A9B94B7} (Attachmate Screen3270 Object) - http://mainframe.eskom.co.za/hostaccess/ENU/Standard/AXClient/as3270.CAB
O16 - DPF: {3E5C2E12-57B6-11D1-8956-0006291171A1} (Attachmate Browser Frame Class) - http://mainframe.eskom.co.za/hostaccess/ENU/Standard/AXClient/ataction.CAB
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://appserv.eskom.co.za/EAG/Setup/PlugIns/iftwclix.cab
O16 - DPF: {7F37B328-86F5-11CF-B401-08005AC024EB} (Attachmate Session Object) - http://mainframe.eskom.co.za/hostaccess/ENU/Standard/AXClient/ascommon.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/BM2/BM2.cab
O16 - DPF: {E9041F85-3C18-4A7E-A29D-E24F84B79BF1} - http://64.7.220.98/downloads/e2g27.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{07618AA1-86D4-4C69-89CC-F116E48A3F0B}: Domain = eskom.co.za
O17 - HKLM\System\CCS\Services\Tcpip\..\{07618AA1-86D4-4C69-89CC-F116E48A3F0B}: NameServer = 147.110.52.7,147.110.52.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{A663EC29-C3BC-4696-80A3-99DB664011C2}: Domain = eskom.co.za
O17 - HKLM\System\CCS\Services\Tcpip\..\{A663EC29-C3BC-4696-80A3-99DB664011C2}: NameServer = 147.110.52.7,147.110.52.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = eskom.co.za
O17 - HKLM\System\CS1\Services\Tcpip\..\{07618AA1-86D4-4C69-89CC-F116E48A3F0B}: Domain = eskom.co.za
O17 - HKLM\System\CS1\Services\Tcpip\..\{07618AA1-86D4-4C69-89CC-F116E48A3F0B}: NameServer = 147.110.52.7,147.110.52.10
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = eskom.co.za
O17 - HKLM\System\CS2\Services\Tcpip\..\{07618AA1-86D4-4C69-89CC-F116E48A3F0B}: Domain = eskom.co.za
O17 - HKLM\System\CS2\Services\Tcpip\..\{07618AA1-86D4-4C69-89CC-F116E48A3F0B}: NameServer = 147.110.52.7,147.110.52.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = eskom.co.za

please help !!
 
Joined
Mar 25, 2001
Messages
3,334
OMG forty4, where'd you resurrect this thread from? Hi and welcome to TSG.

1. Let us know exactly what problems you're experiencing.

2. What can you tell us about Eskom? Is it your ISP?

There's a couple of applications you can run in the meantime.

Spybot:

http://www.majorgeeks.com/download.php?det=2471

Make sure you download any updates then have it check your system for any problems. Whatever Spybot finds in RED is safe to delete.


Then, go here and download AdAware

http://www.majorgeeks.com/download.php?det=506

Make sure you download current updates and allow it to do a full system scan.

Everything AdAware finds is safe to delete.


Go here for a free online AV scan:

http://housecall.trendmicro.com/housecall/start_corp.asp


When done, rescan with HJT and post a current log, okay?

:)
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top