Tech Problem Aggregator

Altnet is visiting me again

Q: Altnet is visiting me again

I keep getting this Altnet thing coming up on my Spybot and AdAware. Here's my Hijack This log:

Logfile of HijackThis v1.97.3
Scan saved at 10:40:50 AM, on 12/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\lxamsp32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\pctspk.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\program files\qttask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\rundll32.exe
D:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
D:\Program Files\LexmarkX63\ACMonitor_X63.exe
C:\Program Files\eFax Messenger Plus 3.3\J2GDllCmd.exe
C:\Program Files\eFax Messenger Plus 3.3\J2GTray.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\My Downloads\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youravon.com/homepage.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: 3Deep.lnk = C:\Program Files\E-Color\3Deep\3Deepctl.exe
O4 - Global Startup: AcBtnMgr_X63.exe.lnk = D:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Global Startup: ACMonitor_X63.exe.lnk = D:\Program Files\LexmarkX63\ACMonitor_X63.exe
O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Registration\SonnReg.exe
O4 - Global Startup: eFax Live Menu 3.3.lnk = C:\Program Files\eFax Messenger Plus 3.3\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 3.3.lnk = C:\Program Files\eFax Messenger Plus 3.3\J2GTray.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ComcastHSI (HKLM)
O9 - Extra button: Support (HKLM)
O9 - Extra button: Help (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: Help (HKCU)
O9 - Extra button: RemindU (HKCU)
O9 - Extra button: Support (HKCU)
O9 - Extra button: ComcastHSI (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net/
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot2_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://download.macromedia.com/pub/shockwave/cabs/authorware/awswax.cab
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://mirror.worldwinner.com/games/v45/skillgam/skillgam.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://mirror.worldwinner.com/games/v42/brickout/brickout.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Puzzle Control) - http://mirror.worldwinner.com/games/v41/jigsaw/jigsaw.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://mirror.worldwinner.com/games/v49/bjattack/bjattack.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://mirror.worldwinner.com/games/v46/blockwerx/blockwerx.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://mirror.worldwinner.com/games/v40/freecell/freecell.cab
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://mirror.worldwinner.com/games/v44/wordcube/wordcube.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://mirror.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8BDF4BDB-7C40-4DC8-B2DD-138D8059698C} (Focus Control) - http://mirror.worldwinner.com/games/v41/focus/focus.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com/components/ocx/survid/MSSurVid.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://mirror.worldwinner.com/games/v45/wordmojo/wordmojo.cab
O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} - http://install.wildtangent.com/cda/islandrally/ActiveLauncher/ActiveLauncherSetup.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - http://rtc.webresponse.microsoft.com/media/XP/TLIEFlash.CAB
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://mirror.worldwinner.com/games/v55/cubis/cubis.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://mirror.worldwinner.com/games/v44/sol/sol.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} (RegConfig Class) - http://download.yahoo.com/dl/installs/bkm/prod/yregcfg.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38290.5613888889
O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX Control) - http://thesims.ea.com/teleport/families/MaxisSimsFamilyTeleX.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://mirror.worldwinner.com/games/v60/swapit/swapit.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://mirror.worldwinner.com/games/v40/hangman/hangman.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://mirror.worldwinner.com/games/v40/tilecity/tilecity.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/components/ocx/exterior/Outside.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {BE19A2A5-ABDD-4E3E-9230-0A414EB1E9FD} (PictureItLauncher Class) - http://photos8.msn.com/resources/neutral/controls/DigWebX.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C738EA53-97C2-441B-AC52-DFBC597BCBE5} (Chess Control) - http://mirror.worldwinner.com/games/v47/chess/chess.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {D27FFC5F-D7B9-4349-9F41-F7458B585374} (SoloTriv Control) - http://mirror.worldwinner.com/games/v43/solotriv/solotriv.cab
O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} (CarPoint Auto-Pricer Control) - http://autos.msn.com/components/ocx/autopricer/autopricer.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://play05.pogo.com/game/deluxe/zuma/popcaploader_v5.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4405/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

Thanks!

A: Altnet is visiting me again

12 more replies
Answer Match 56.28%

ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 8:07:59 PM, 10/16/2005
+ Report-Checksum: 7DDC05E7

+ Scan result:

HKLM\SOFTWARE\Altnet -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Altnet\Dashboard -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Altnet\Dashboard\Messages -> Spyware.Altnet : Error during cleaning
C:\Documents and Settings\All Users\Start Menu\Programs\PSGuard -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\PSGuard\PSGuard.lnk -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\PSGuard\Register.lnk -> Spyware.PSGuard : Cleaned with backup
:mozilla.13:C:\Documents and Settings\June\Application Data\Mozilla\Firefox\Profiles\56pgrfdd.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.24:C:\Documents and Settings\June\Application Data\Mozilla\Firefox\Profiles\56pgrfdd.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.25:C:\Documents and Settings\June\Application Data\Mozilla\Firefox\Profiles\56pgrfdd.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.32:C:\Documents and Settings\June\Application Data\Mozilla\Firefox\Profiles\56pgrfdd.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.41:C:\Documents and Settings\June\Application Data\Mozilla\Firefox\... Read more

A:Altnet -> Spyware.Altnet

Did you run Ewido in Safe Mode?

*Download Cleanup from Here

A window will open and choose SAVE, then DESKTOP as the destination.
On your Desktop, click on Cleanup40.exe icon.
Then, click RUN and place a checkmark beside "I Agree"
Then click NEXT followed by START and OK.
A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
Click OK
DO NOT RUN IT YET

Boot into Safe Mode (start tapping the F8 key at Startup, before the Windows logo screen)

* Run Cleanup:
Click on the "Cleanup" button and let it run.
Once its done, close the program.

Reboot.

Run ActiveScan online virus scan:
http://www.pandasoftware.com/products/activescan.htm

When the scan is finished, anything that it cannot clean have it delete it.
Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
Save the results from the scan.

Post a new Hijack This log and the results of the ActiveScan.
 

1 more replies
Answer Match 44.94%
Q: Altnet

Hi,
I hope someone can help with this. I routinely run AdAware Professional, PC Tools Registry Mechanic and SpyBot and have McAfee Security Centre installed but on running Regedit notice that my registry still has entries for malware - in particular Altnet. Is there any danger in deleting these entries from the registry or is there any other way I can get rid of them?
Many thanks,
Pilot

A:Altnet

Hi,
I hope this is the right place to post an HJT log.
In your guide you say be specific about the problem but I'm not sure what it is. My system is running very slowly. If I leave my machine unattended for any time, when I try to restart it, nothing happens and the only way I can get it going again is by switching off and on again. I know I have some malware on my machine but I can't get rid of it. In particular, Altnet is firmly established in my Registry. I routinely run AdAware Professional, PC Tools Registry Mechanic, SpyBot and McAfee Security Centre. AdAware shows Altnet as being removed, SpyBot only removes it after a roboot and McAfee doesn't even mention it, but after every reboot, Altnet is still there in my Registry. I don't know if this is what is causing my problems but it's driving me crazy. Any help you can give would be appreciated.
Many thanks,
Pilot.
Logfile of HijackThis v1.99.1
Scan saved at 00:29:31, on 29/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1... Read more

19 more replies
Answer Match 44.94%
Q: Altnet

HiMy PC have been infected with Altnet and also the Searchweb toolbar. I have now tried several software for find and removing this type of infections (Adaware, SpyScan, Spyware Doctor, CVShredder and SpySubtract) everyone of this tools report the following instanse in registry:HKLM\Software\AltnetHKLM\Software\Altnet\Dashboardbut none of them are able to remove this. I have also tried to removed this manually, but are not allowed to do this. None of the tools are reporting anything about Searchweb toolbar, but every time I start IE, Searchweb toolbar do take controll over my IE. Has Searchweb somthing to do with the Altnet problem ?Anyway, a copy from the latest HJT-log is enclosed, hopefully somebody can help me with this problems.?Thank you in advanceLogfile of HijackThis v1.99.0Scan saved at 14:44:13, on 25.01.2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Programfiler\Fellesfiler\Panda Software\PavShld\pavprsrv.exeC:\Programfiler\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exeC:\Programfiler\Panda Sof... Read more

A:Altnet

Hi You are running HijackThis from a temp folder. You will need to move hijackthis.exe to a permanent folder, such as c:\hjt . This has to be done as HijackThis creates backups when you fix items. These backups could easily get deleted in a temporary folder.First create a new folder:A. Click My Computer icon on your desktopB. Click C: driveC. Click the File menu --> New --> Folder, a folder "New folder" will be created.D. Rename it HJTUnzip hijackthis.exe to the c:\HJT folder.Download System Security Suite here:System Security Suite Download & Tutorial. Unzip it to your desktop.Install the program. Don't use it yet.Please print or copy these instructions because you are not able to access the Internet in SafeMode.Make sure you are set to show hidden files and folders: A. On the Tools menu in Windows Explorer, click Folder Options.B. Click the View tab.C. Under Hidden files and folders, click Show hidden files and folders.D. Uncheck Hide extensions for known filetypes and Hide protected operating system files.How to see hidden files in WindowsREBOOT into SafeMode by tapping F8 key repeatedly at bootup: Starting your computer in Safe modeRun HijackThis!, press Scan, and put a check mark next to all these:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.radkncluevjst.com/DaeelIQ9C3LBn...3Vxb4Tbk9lP.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zlv... Read more

17 more replies
Answer Match 44.94%
Q: Altnet

hi all

i keep getting infected with the following browser plug in?

KKEY_LOCAL_MACHINE\ALNET

any idea how i can get rid of it - i have tried regedit etc but i cant delete ( i have adaware - spybot and microsoft antispyware

thx

ps this is my HJT log

logfile of HijackThis v1.99.1
Scan saved at 12:00:21, on 04/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\System32\svc... Read more

A:Altnet

10 more replies
Answer Match 44.94%
Q: altnet

Hi,
I was doing a spyware scan on my computer and it came up with altnet in my registry. Spybot S&D said it couldn't be fixed because it was still in the memory. Do you know what this means? If it helps you find a problem here is my HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 6:02:40 PM, on 10/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dlbucoms.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lexingtonband.tk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tabora... Read more

A:altnet

Hello BP,

Please show me the exact message shown by SpyBot. if that's unavailable, do a Panda scan & show me the results.

This is for the BlockChecker infection you have.

Please download Atribune's Blockrem from HEREUnzip it to its own folder on your desktop.
Boot your computer to safe mode by rebooting and tapping the F8 button repeatedly until it brings up a boot menu.
From that menu, select Safe Mode by using the arrow keys to highlight it then pressing enter.
Once in safe mode open the Blockrem folder on your desktop and double-click blockrem.bat (this is the file with the gear icon) to run it.
Once it is running please follow the onscreen instructions.
Reboot in normal mode and post a new HijackThis log.

19 more replies
Answer Match 44.52%

Hi, I continue to have this message each time I run spybot, microsoft spyware, and adaware sp, (hkey_local_machine\software\altnet) I even called microsoft and he could not delete the file in the register, it keeps coming back immediately after trying to clear out the file. It says it can't be deleted when I am in the registry. What else can I do?
Thank you and God bless,
Kim Morris

A:altnet in register

OK, let us have a look at your HijackThis log first. If you still have this problem after doing some cleaning we suggested, then remind us again and we will try to help you fix this.

Please download HijackThis - this program will help us determine if there are any spyware/malware on your computer. Create a folder at C:\HJT and move HijackThis.exe there. Double click on the program to run it.

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Get HijackThis Analyzer and save it to the same folder as the hijackthis.log file. Run HijackThis Analyzer and type in y if you agree. The result.txt file will open up in Notepad. Copy the whole result.txt log and post it in the forum. We do not need the original hijackthis.log (unless we ask for it). Do not fix anything in HijackThis since they may be harmless.

5 more replies
Answer Match 44.52%

Hey, it appears that the Altnet/BDE (data miner) is on my computer. Problem is, I don't know how to remove it! I have the following virus/spyware removers, but none of them seem to be able to remove it.

-Ad-Aware SE Personal
-Ewido
-Norton Anti-virus 2004
-Spybot Search&Destroy
-AVG Anti-Virus

I also have HijackThis! for log purposes.

I would be very grateful if any of you techies could help me out

Thank You
 

A:Need help with removal of Altnet/BDE!

16 more replies
Answer Match 44.52%

Raised ? about this in other section.closed it i think,kind of got off the original subject. Have ? about
someone saying the music plugin i had (from kazaa),having spyware. In program files,it is called Altnet.
I paid like 20 or so for monthly thing about a year ago,for 1 month. Maybe this belongs in Multimedia,
don't know? Anyway,have been not able to remove this.Tried add/remove programs and My Uninstaller.
Anyone have thoughts ?
 

A:Altnet won't uninstall

16 more replies
Answer Match 44.52%

Hello,Info:OS: WinXp HomeHp dx2000 P4Norton AntiVirus 2005 recently updatedMicrosoft Defender recently updatedWinXp Firewall turned OFFI have scanned and re-scanned my computer, thousand of times, deleted altnet an equal thousand times BUT-It could not be removed from Registry Keys no matter how many times i clicked 'delete'.I want to get rid of Altnet AND its affiliates spyware and other programs (AdClicker 1.0, Cydoor.TOPicks.a, PestTrap) for good.I will be more than grateful if you can help, step by step, to delete Altnet because it is frustrating me without mentioning that WinXp is loading dreadfully slowly. I can provide u with whatever information you need if necessary.Thank you for your time. like.no.other

A:Cannot Delete Altnet

Download and scan with Ewido Anti-Malware v3.5Ewido Install and Scan InstructionsDownload and scan with Ad-Aware SE Personal. Setup & Configure as shown here.Download and scan with Spybot S&D 1.4. Setup & Configure as shown here.[DO NOT choose the option to install TeaTimer]Note: If you encounter any error messages while downloading the updates, manually download them from here.Perform these online Virus scans:[Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component.]Trend Micro Housecall ScanPanda ActiveScan [ActiveScan Panda does not remove adware/spyware but will autoclean for viruses & worms.]

3 more replies
Answer Match 44.52%

I've been having pop ups like crazy.They are freezing up my computer to the point it kicks me off the internet. When I run AVG it finds a file called Adware.Altnet.It will not let me heal this,move it to the vault, or delete it.I came across a website (greyknight17.com) which was very helpful in getting me this far.Hopefully someone here can help me now.These are the things that I have done
ATF Cleaner
AVG virus scan
Malwarebytes' Anti-Malware
Super AntiSpyware
Panda ActiveScan
HijackThis
Here is my HijackThis log file....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:00:59 PM, on 6/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe... Read more

More replies
Answer Match 44.52%

1. Internet and Email take forever to open
2. Google searches for things that I am not searching for
3. When a website is typed into the address bar different websites open at the same time

Thank you for any help I might receive.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:30:46 PM, on 4/27/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\flexlm\i486_nt\obj\lmgrd.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\flexlm\i486_nt\obj\ptc_d.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX ... Read more

A:HiJackThis Log Cannot get rid of ALTNet

Hello GB2, From this point on, please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible. Download Security Check by screen317 from here or here. Save it to your Desktop. Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt. Please post the contents of that document. ************ Download CKScanner from here Save it to your desktop. <=== IMPORTANT Doubleclick CKScanner.exe and click Search For Files. After a very short time, when the cursor hourglass disappears, click Save List To File. A message box will verify that the file is saved. Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply. ************ We need to run GMER for rootkits. If you having trouble running GMER, try running it in the Safe Mode. How to Reboot into Safe Mode tap F8 key during reboot, until the boot menu appears...use the arrow keys to choose "Safe Mode" from the menu......,then press the "Enter" key.Please download GMER from one of the following locations, and save it to your desktop: Main Mirror This version will download a randomly named file (Recommended) Zip Mirror This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Close any and all open programs, as this ... Read more

2 more replies
Answer Match 44.52%

Hi Guys,

I hope you can help me. I first noticed my issues when McAfee found FakeAlert-FV.dll trojan.

After that I noticed javascript error popups and redirects when cliking on search results links from Google.

Everything I have tried below still doesn't fully remove Altnet

Hope you can help.

Thank you in advance for anything you can do.

############################################################

DDS (Ver_09-10-26.01) - NTFSx86
Run by user at 1:26:08.50 on Sun 11/15/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1276 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System3... Read more

A:Altnet Infection

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

2 more replies
Answer Match 44.52%

Ok, I recently detected Altnet on my computer, and I think its because my brother had used my computer and tried to download kazaa (which I dislike with a passion) but I guess he said it never finished installing. Anyways, I scan my computer every 2 days and both spybot and adaware came up with Altnet entries, that they cannot remove. I want to kill it before it destroys my computer like it did my old one. I also found viewpoint media on my computer, and I cant get rid of it. I was hoping you'd be able to help me get rid of them, as well as any other problematic things you may find in my log. Though I'm pretty sure theres not much there..Thank you so much. I really hope this makes sense, because i havent been making much sense today.
-Nix

Logfile of HijackThis v1.99.0
Scan saved at 3:53:06 PM, on 1/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Ana... Read more

A:Altnet problems. Please help

Have you truned off restore point, booted and turned them on

http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam

Also does brother have an account, because other than some file missing entries (O9) it looks clean - log in as bro and post his log

Now I am not sure about AIM+.exe, but don't see it being removed
 

2 more replies
Answer Match 44.52%

Hi:

I need help in removing Altnet from my computer. I've tried Norton, Ad-Aware and even Spy Bot to no avail!

I need "simple" instructions. Can anyone help?

A:Remove Altnet

I'll move this post to the Hijack This section. Just follow the instructions below and our Security Team will be able to help you.

Please download HijackThis http://www.greyknight17.com/spy/HijackThis.exe - this program will help us determine if there are any spyware/malware on your computer. Create a folder at C:\HJT and move HijackThis.exe there. Double click on the program to run it.

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless.

2 more replies
Answer Match 44.52%

So I did the steps you offered.
Do you think it's clean now?

Here is my hjt log:

Logfile of HijackThis v1.99.1
Scan saved at 4:43:13 PM, on 11/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe ... Read more

A:Altnet in my computer

Hello Mady,

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

***************************************************

Close any open browsers.

***************************************************

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries:

(If you like Dell as your homepage, please just use www dell com)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k42037/sb02b.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab


Click 'Fix Checked' and close HijackThis.

-----------------------------------

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan Click on located at the bottom of the page.
A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the sca... Read more

16 more replies
Answer Match 44.52%

still cant get rid of ALTNET now mouse is behaving very erratically i have all the usual spyware removal tools but just cant get rid of this can anyone help please this is my HJL

Logfile of HijackThis v1.99.1
Scan saved at 15:45:17, on 16/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\PROGRA~1\Mc... Read more

A:Solved: altnet

didnt get a response this time but managed to solve the ALTNET problem - cost me though - $ 29.99 SPYHUNTER - done the job pc is faster and enabled adaware etc to find more spyware - recommended if u have altnet !!
 

1 more replies
Answer Match 44.52%

How on earth do you remove it from your pc??? I tried to with McAfee and Lavasoft Adaware and nothing removes it. Please help.
 

A:Adware Altnet

16 more replies
Answer Match 44.52%

This has become an obsession with me. I cannot get rid of altnet. tried several programs, safe mode, etc. It just cannot be deleted. Someone must have the answer! Used ad-aware, spybot, norton, kazaabegone. I need closure so I can move on!!
 

A:Damn Altnet

8 more replies
Answer Match 44.1%

I have run Spybot and it finds Altnet.
Ad-ware finds MRU List, AltnetBDE and Zango
Spyware finds Cydoor.

I have the logs.

Please help.

Thank you,
Kendrick

A:I Have Altnet, Cydoor, Zango And Others...

Hello SprinksWhat OS (Win XP/2000, etc) are you using? What type of anti-virus are you using and when was the last time you ran a scan? Your saying that both Spybot and Ad-aware are finding malware which means they are doing their job. Did they not remove whatever they found?If your having problems with Spybot and Ad-aware removing malware, try doing your scans in SAFE MODE.If that does not work, then download and scan with SUPERAntiSypware Free for Home Usersalternate sitealternate siteDouble-click SUPERAntiSypware.exe to install and use the default settings for installation.Run SUPERAntiSypware and update the definitions before scanning by selecting "Check for Udates".When done, select "Scan for Harmful Software".There are three scanning options available. Choose "Perform Complete Scan" and click "Next".When done, a Scan Summary will appear with potentially harmful items that were detected. Click "OK".Place a checkmark next to items you wish to remove/quarantine and Click "Next".A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.Select close to exit the program.Also, if your running Win XP/2000, download and scan with Ewido Anti-Spyware v4.0 in "SAFE MODE".Print out the Ewido Install and Scan Instructions. Then perform this online Virus scan:[Watch the Address bar in IE. You may receiv... Read more

3 more replies
Answer Match 44.1%

hi everybody,
i am trying to delete a registry key called altnet, it is in HKLM\software\altnet, and when i try to delete it says error deleting the key.
inside the altnet key is anothwer key called dashboard then another one called settings. when i try to access the settings key it says "cannot open settings:error while opening key"
so i tried the registrar to see what is inside the settings key and there is a key called ACCESS DENIED, and i click delete and it doesn't delete. so i try exporting the key to somehow modify it , and it says "error exporting key: the system cannot find the specified file"

oh and the SETTINGS and ACCESS DENIED keys are in red color in registrar

so how can i delete the key,
Thnx, Hector
 

A:ALTNET in REGISTRY can't delete

11 more replies
Answer Match 44.1%

Does the newest build of Kazaa Lite have altnet included with it?
 

A:Kazaa Lite and Altnet

I dunno but I think this should give you some data - Diet KaZaA or something like that I hear is the best combo with KaZaA Lite - then there are some plugins too.
http://www.slyck.com/fasttrack.html
 

3 more replies
Answer Match 44.1%

I ran the Microsoft Anti-spyware Beta 1 program. It found this one virus called Altnet (Browser plug-in). It gave me 5 options remove, ignore, quarantine and always ignore. I don't know which one to choose, because I am absolutely clueless on what this program does or if i need it. Would someone please help me figure out what to do with this program?? should I ignore it remove it or quarantine it ??..

Thank you !.
 

A:Altnet ( Browser plug-in) ? ? ?

6 more replies
Answer Match 44.1%

Hiya
Having checked out some of the posts on this forum, i tried to remove the 3 adware above (Only taken 2 days so far!) Although my system seems to be working fine now, i have some leftover thingumies as follows:

Ewido finds Altnet, PSGuard & CoolWebSearch (but can't remove any of them).
AVG finds nothing.
Housecall (online) finds Altnet (then claims to remove, but doesn't).
CWSShredder finds nothing.
AdAware finds AltnetBDE (but can't remove) - it gives the registry entry HKEY_LOCAL_MACHINE:SOFTWARE\Altnet, which though empty, Regedit will not let me delete.

The HJT log is below, but apart from R1, nothing jumps out at me.
BTW this is my 1st post to any forum anywhere and, being in Uganda i have power every other day or 3, so pls bear with any delays in my replies.
Th x in advance.
Cheers

Logfile of HijackThis v1.99.1
Scan saved at 12:53:11 PM, on 29/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray... Read more

A:Altnet, PSGuard, CoolWebSearch

please post teh ewido log so we can see what it found & couldn't fix
 

3 more replies
Answer Match 44.1%

Just wanted to thank MFDnSC and Rosebud6 for trying to help me get rid of that godawful Altnet. I just got rid of it with a nifty little program that I purchased last year, called Fix-It by V-Com. It has a feature called registry majic which just calls up the registry in order to edit. Well, just for a goof I did the usual left click, hit delete, but this time it actually did delete! I was totally shocked. No, it's not a free program but so well worth the money!! Hope you are reading this, Conde_i73!!!
 

More replies
Answer Match 44.1%

I've got one on the bench now that was loaded with crap that I pretty much have taken care of EXCEPT... Altnet.exe. Spybot finds it but cannot remove it because it's in memory. I allow it to run on the next boot, it finds it again but still can't get rid of it. SO,... then I try booting up in safe mode hoping it won't find it's way into memory but, of course, it does. I also ran SuperAntiSpyware and it still remains. When I do reboot, I get this cryptic message that a registry key or something had to be recovered and the recovery was successful. I'm sure that means "you tried to get rid of me but here I am...". Anyone out there have any sure-fire methods of getting rid of this pest? Thanks!
rtg
 

A:ALTnet: a determined little bugger...

6 more replies
Answer Match 44.1%

Something causing IE to go to ad webpages instead of the requested pages after a google search.

PANDA

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-10-04 14:10:34
PROTECTIONS: 0
MALWARE: 44
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00020302 adware/ncase Adware No 0 Yes No c:\windows\didduid.ini
00020942 adware/exact.bargainbudd... Read more

A:HKLM/Software/Altnet

Hello and welcome to TSF
Download RSIT by random/random and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

=========
Logs Required
log.txt
info.txt

If there is no response to this post within 72hrs, this thread will be closed.

9 more replies
Answer Match 44.1%

Hopefully someone can help me here. I have Windows XP home addition as my OS.

The way I understand it altnet can use my systems resources and available hard drive space on my computer. It seems like even when I am not online the data lights keep going on my modem so something is going on here. I don't have many programs installed on my computer but it is saying that 97% of the hard drive is full??? What the heck!!

I am trying to remove altnet from my computer and have followed some of the advice from previous posts.

Since I am pretty much computer illiterate I need VERY specific instructions. Here is what I have done so far.

Spyware Doctor installed keeps finding Altnet but will not remove. Microsoft Antispyware Beta 1 says it fixed problem but it still comes up next time I scan.

Have run both in safe mode, still there.

I have shut off system restore, run both spyware scans, rebooted, but no luck!!

Went into regedit to try and remove reg keys but it would not let me.

Please please help me here. I am so darn frustrated with the whole thing!!!
Thanks all in advance.
 

A:Solved: Help!!! Need to remove Altnet

15 more replies
Answer Match 44.1%

When I run qiuckscan on AdAware SE, it finds AltnetBDE. I have tried quarantining it and removing it, but it is still there. I have also run Spybot S&D, AVG free, CleanUp, RegCleaner, Windowwasher, CCleaner, and Xoftspy. They were all run in safe mode. When Altnet was discovered it was deleted by these programs, but is still there on subsequent runs. Also, AdAware SE hangs up when run on full scan and will not complete. I have tried uninstalling and installing again with the same results. It will only run on quick scan. Anyone have any ideas on how to remove Altnet and also to fix AdAware SE? Thanks.

Bob
 

A:Solved: Altnet problem

Hi,..D/load HJT log to see what is running on your system..
www.thespykiller.co.uk/files/HJTsetup.exe
Close all windows..let it scan>save to notepad>edit>select all>edit>copy>paste on your thread..a log expert will help you...
 

2 more replies
Answer Match 43.68%

my scans keep returning adware-altnet but mcaffee says that it is 'unable to remove'. how can i get this off of my pc? thanks in advance for your assistance.
 

A:McAffee keeps finding Adware-Altnet

What location is it found in
 

1 more replies
Answer Match 43.68%

I have a virus in the archives on my D drive.
The virus is Adware.Win32.Altnet.b . I have Windows XP. How do I get rid of this virus without doing a destructive system restore. I do not know how to unpack my file on my D drive in order to manually remove the virus, also I understand that this is risky since it may impact my ability to do a system restore later on my computer if I attempt to go int my archive. Any advice out there. Help!!
 

A:adware. win32.Altnet.b virus

Hi my name is David

Click here to download HJTsetup.exe
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

1 more replies
Answer Match 43.68%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:07:37 PM, on 7/8/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\wanmpsvc.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre1.6.0_01\bin\jusched.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\System32\wbem\wmiprvse.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet... Read more

A:Altnet, Myway.mywebsearch, Pc Really Slow

Hello nmartin199,

Do you still need help here?

Regards,
tea

3 more replies
Answer Match 43.68%

I am working on a friends lap top to get it free of Antivirus 2009.Win Xp pro sp3I ran Malwarebites It found aprox 380 infections.Then Ran Spybot it found about 20 moreNorton was not working. It would not upgrade and was almost at the end of its paid contract. I uninstalled Norton and installed AVG free. It only found cookies at this point It is running much faster now but SpyBot still finds Altnet. Says it will run on restart but can not remove it. Same from safe mode. This is a hijack this log from after MalwarebitesThen there is an up to date oneThank you for your timeCalvinLogfile of Trend Micro HijackThis v2.0.2Scan saved at 17:58:17, on 20/08/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe... Read more

A:Getting Rid Of Antvirus 2009 And Found Altnet

Hello CalvinderWelcome to BleepingComputer ========================Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

3 more replies
Answer Match 43.68%

Windows XP SP2, IE 6.

Spybot SD 1.5 cannot get rid of Altnet and Huntbar; McAfee warns of IGetNet, but can't remove it.

Your help is appreciated.

HJT log follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:04 PM, on 9/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program ... Read more

More replies
Answer Match 43.68%

Operating System: Windows XP Upon going through the list Altnet could not be deleted from Spybot S&D or Housecall Antivirus. Also Housecall said that I did not have the Correct Java Runtime but I did install the latest java after deleting all other versions. I was worried that working without the java kernel Housecall might not get everything. So please check for general problems as well. Other issues: I also had a problem with downloading Macromedia Flash Player. All of the current user accounts have administration powers however only the latest was actually able to download the latest Flash player due to the other accounts not having sufficient rights. my Microsoft Office is having issues. Whenever I click on it the program tries to reinstall after clicking cancel three times it opens like normal. Also I was worried about deleting these entries from Panda ActiveScan Incident Status Location Potentially unwanted tool:application/need2find Not disinfected hkey_current_user\software\Need2Find ... Read more

A:Altnet (spybot S&d Nor Housecall Could Remove It)

Hello Quinnton,Other issues: I also had a problem with downloading Macromedia Flash Player. All of the current user accounts have administration powers however only the latest was actually able to download the latest Flash player due to the other accounts not having sufficient rights. my Microsoft Office is having issues. Whenever I click on it the program tries to reinstall after clicking cancel three times it opens like normal. I dont think I can help you with the Macromedia Flash Player and MicroSoft Office problems. This forum is for malware removal only and those are software problems. I am not seeing any malware in your Hijackthis log, so lets run some scans and see what they find. Download and install AVG Anti-Spyware v7.5.After download, double click on the file to launch the install process. Choose a language, click "OK" and then click "Next".Read the "License Agreement" and click "I Agree".Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.Connect to the Internet, go back to AVG Anti-Spyware, select the "Update" button and click "Start update". Wait until you see the "Update successful" message. If you are having problems... Read more

2 more replies
Answer Match 43.68%

I have removed all tracesof Altnet from the computer and registry except that one Altnet folder cannot be deleted. Spybot S&D and XoftSpy detect this debris but also cannot remove it even though XoftSpy says it has deletd it. I have tried in normal and safe mode. In regedit, clicking on the folder or its subfolders and pressing Delete just gives a message refusing to delete the folder.

HiJackThis does not mention Altnet or its search name.

Any ideas please.

Regards

Awestruck

More replies
Answer Match 43.68%

im having problems with my task manager and it does not show up...
i also have an adware called altnet and im not sure how to get rid of it
pls help...ty in advance

Logfile of HijackThis v1.97.5
Scan saved at 7:06:15 PM, on 5/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\MsConfigs\MsConfigs.exe
C:\WINDOWS\system32\p2pnetwork.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Sony... Read more

A:tskmanager doesnt work & Altnet

11 more replies
Answer Match 43.26%

I've been unable to remove the subject malware from my computer. Spybot is unable to remove after startup. My system performance is suffering! I run McAfee Viruscan and my account is current. I use the Microsoft Windows firewall, but don't think this is cutting it, so if you could refer me to a good alternative, I'd appreciate that, also. Attached is my HJT Log. THANKS!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:57:07 PM, on 8/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program... Read more

A:Solved: Removing smitfraud-C.CoreService and Altnet

9 more replies
Answer Match 43.26%

Hi, I sure stumbled into something ewwy. Aluria security center told me I have acquired altnet, perfect keylogger and now naughty popups. I use the removal feature in Aluria to remove them after turning off System Restore but on restart the altnet and naughty popups remain. I traced altnet to my graphic art program, JASC animation shop in the dll msvcirt. I have scanned my system with adaware, trend micro house calls, spybot s&d and Aluria. I did the hijack this log and analyzer, both logs follow.
Please help me cause I feel dense. And thank you. (Oh I have sp2 but use Norton Internet Security for the firewall.)
1Logfile of HijackThis v1.99.1
Scan saved at 11:25:24 PM, on 5/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.e... Read more

A:altnet, perfect keylogger, naughty popups

Hi...

Download SILENT RUNNERS to a new folder,... Unzip if Zipped, and run the Silent Runners.vbs file.
Open the "Startup Programs.txt" file it creates, and copy/paste the contents to this post, please.
The "Startup Programs.txt" file will be in the folder you ran the "Silent Runners.vbs" file from.

11 more replies
Answer Match 41.16%

There is a rare problem in the Sims that seems only to affect my computer. The thread has 40-some views, but no replies, and I posted more than a week ago. Please help me!

Click on the text to go to the forum

Please help,
rothn
 

A:Nobody is visiting my forum

It means that no one has an answer! I know its unfortunate, but it does happen I am afraid
 

2 more replies
Answer Match 41.16%

I need some help--I believe my son 12 year old son is visiting inappropriate website while we are at work. At the end of the night I clean out the temporary internet folder to free up space on the computer and last night I was just scan the folder and found all kinds of porn websites!! So I clean it out and when I logged on this evening the sites he normally visits are there but so where other porn sites.

Tell if Im wrong but is it true that every website you visit is recorded in the temp internet folder? and so popups get space there and when those cookies automatically go there is the computer is just left on which is what he is trying to tell me.

So is there another way to find out a list of websites that have been visited.

I really need to get these questions asked.

Thanks
 

A:HELP-son maybe visiting XXX sites

15 more replies
Answer Match 40.74%

Lots of people on social media sites like using URL shorteners to link people to different sites. Only problem I have with this, is that I cannot see the destination. Is there anything out there that can allow me to test a links' identity before visiting it?

A:Test URLs before visiting them?

I use this site: http://longurl.org/expand

3 more replies
Answer Match 40.74%

Hello wise ones,

I often have guests staying w/ me from around the world that I know little about other than intuition, what is on their profile and written references from other hosts. Through www.couchsurfing.com

I am very concerned letting them use my PC as they may download a virus or install a key logger. (Kapersky is installed and shows up under the guest identity on XP. But I think perhaps they could turn it off and bypass it?)

What would be the best way to allow them computer access?

1. Get an old PC for them to use? (if they are on my router can they access my other PC's personal information? If so how do I limit them from accessing my PC info?)

2. Install a software program like used at a Internet Cafe?

Any other ideas?

Kind Thanks!
 

A:Best PC Security with Visiting Guests?

8 more replies
Answer Match 40.74%

Hi, thought I'd see if all is well on the folk's PC, since I'm not up close and personal with it like this often. For one thing I think the google toolbar entries are different than they are on other machines I have it on. (Mainly want to make sure nothing sinister is going on, but would also be interested in shutting off everything that can be. For example I did install Windows Messenger and enable Remote Assistance since we are going to try that when the need arises after I leave again, but assume I should figure out how to keep Windows Messenger from being on all the time. It's not enabled in msconfig or anything.)

Here's their log. We all thank you!

Logfile of HijackThis v1.99.1
Scan saved at 3:19:25 PM, on 9/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32... Read more

A:Mom & dad's HJT ok? Good kid checkin up while visiting! :)

P.S., I don't know if peop can tell when you've chosen about:blank as your IE start page on purpose, but I did. Although I wouldn't know how to tell if there was also a bad about:blank present. I did run Housecall, just a couple tribalfusion thingies found.
 

1 more replies
Answer Match 40.74%

after visiting the site wowhead suddenly found that my cpu had multiple viruses, i removed them with zone alarm but it did not fix the problem with the desktop screen which now has a &quot;warning&quot; about viruses and trojans and that i should go get them fixed. there is also a bubble that appears which says something like &quot;your computer has been infected click this bubble to sort problem&quot;. and it tries to open an anti virus web page real-av.org even if i don't click the bubble. here is my hyjack this log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:57:30 PM, on 6/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Norton Utilities\NPROTECT.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Speed Disk\nopdb.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\frmwrk32.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - H... Read more

More replies
Answer Match 40.74%

The other day I was just following some links to a couple of sites, one was free6.com and the other nudeamateurhoes.com and now I have a weird icon on my taskbar. The icon itself says curse when moused over but has no way to exit the icon like the others on my task-bar.

Anyone every experience this problem and is it related to the sites or did I get it some other way.

Btw I did manage to find it and it in my programs folder and it is called curse.exe but when I try to delete it I am told I dont have access rights or something like that to delete this file.

Any help is greatly appreciated.

A:Problems after visiting sites!

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Answer Match 40.74%

Hello all,
I am having a problem with all of the browsers on my computer directing to a spam search site when I try to visit certain websites.

I believe the problem started when I installed this software to help me switch audio output very easily:
http://www.sevenforums.com/customization/65079-anyway-use-hotkeys-switch-sound-output.html

I've done the following:
1) Run updated Malware bytes Anti Malware
2) Run TDSS Rootkit Remover Tool by Kaspersky.
3) Run Virus Remover Tool by Kaspersky.
4) Reset my cookies in Chrome.
5) Read the "Before posting a log" on this forum (the sticky post).
6) Updated my notification options as recommended.
I could not run GMER as I'm running Windows 7 64 bit.

I've attached my DDS/Attach/Hijack logs.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Nublard at 12:30:59 on 2011-11-19
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8187.6350 [GMT -5:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestr... Read more

A:Redirecting When Visiting Websites

Hi,

you mentioned running a number of tools in the beginning, did they all come back clean? I'd be in particular interested in the tdsskiller log.

regards myrti

12 more replies
Answer Match 40.74%

My sister in law is in town and I hooked her up to our router. At home she uses timewarner roadrunner as her ISP. Her Outlook is not sending mail while connected through my wireless. Nothing should have changed in her outgoing mail provider, at least that I know of, so why would connecting to my wireless mean she gets a failure to send in outlook? Any thoughts?
 

A:relative visiting and using wireless

16 more replies
Answer Match 40.74%

I have a smc router, and sometimes i need to change the ip address on my dmz zone to connect to xbox live games (or it takes forever to get into games). anyway, since yesterday i can't get into the devices webpage to change my settings, everytime i try it just keeps the "internet explorer cannot display webpage".
so im wondering if there is another way to change these settings? or why is it saying that? we had a storm yesterday so I figured maybe its down due to that, but i can't imagine it not being fixed as of yet.
thanks in advance.
 

A:is there a way to get into my router without visiting the webpage?

we had a storm yesterday so I figured maybe its down due to that,Click to expand...

It may have damaged the router
you could try resetting the router - there will be a reset button on the back, this will take it back to factory condition, however, that will mean resetting all the settings, and if it resets and still will not let you log into the router, then you will probably no longer have any internet access, as you can not set this up....

If you have the Setup CD that may have come with the router - you maybe able to access the settings via setup CD.
 

1 more replies
Answer Match 40.74%

  
Quote: Originally Posted by Casuaisxtynine


Really really random bsod's. help please! :<


This is a repost.. I'm sorry for this but I need help

A:BSOD - Visiting websites

Hi Casuaisxtynine.

Click on the button below ....



It will download the DM log collector. Right click on the application and run as administrator. It will generate a .zip file on your desktop. Upload the .zip.
Screenshots and Files - Upload and Post in Seven Forums

9 more replies
Answer Match 40.74%

Really really random bsod's. help please! :<

A:BSOD - Visiting websites.

Code:
BugCheck 116, {fffffa80046bb010, fffff88003bb045c, 0, 2}
This bugcheck indicates that an attempt to reset the display within the allocated time interval failed, hence the bugcheck.
This isn't a typical bugcheck in terms that this only happens when the graphics card doesn't respond either because of a bad driver or the GPU is faulty.


Code:
2: kd> KnL
# Child-SP RetAddr Call Site
00 fffff880`05a7a1c8 fffff880`0414b054 nt!KeBugCheckEx <-- The BSOD crash
01 fffff880`05a7a1d0 fffff880`0414ad5e dxgkrnl!TdrBugcheckOnTimeout+0xec <-- Instruction telling the system to crash if the graphics card doesn't respond.
02 fffff880`05a7a210 fffff880`0400ff13 dxgkrnl!TdrIsRecoveryRequired+0x1a2 <-- Telling the system to run a display recovery.
03 fffff880`05a7a240 fffff880`0403ded6 dxgmms1!VidSchiReportHwHang+0x40b <-- This reports the graphics card has hung.
04 fffff880`05a7a320 fffff880`04023ce9 dxgmms1!VidSchWaitForCompletionEvent+0x196
05 fffff880`05a7a360 fffff880`04026be7 dxgmms1!VIDMM_GLOBAL::xWaitForAllEngines+0x1e9
06 fffff880`05a7a460 fffff880`040252d8 dxgmms1!VIDMM_GLOBAL::SetupForBuildPagingBuffer+0xd7
07 fffff880`05a7a4a0 fffff880`0402522e dxgmms1!VIDMM_GLOBAL::UnmapVideoApertureSegmentInternal+0x34
08 fffff880`05a7a630 fffff880`0402e77e dxgmms1!VIDMM_GLOBAL::UnmapVideoApertureSegment+0x13e
09 fffff880`05a7a6a0 fffff880`0402e527 dxgmms1!VIDMM_APERTURE_SEGMENT::UnmapApertureRange+0x7a
0a fffff880`05a7a6f0 ff... Read more

8 more replies
Answer Match 40.74%

I was looking at our internet history and there are several sites on there and it seems no one is claiming visiting them. I want to believe that no one has been on these sites but I don't see any other way for them to appear on our internet history without someone viewing the site? Any ideas on how these got on there? Any possible way at all other than viewing the site....please, please help me. My trust and my marriage is potentially on the line here. I am looking for answers and I cannot think of anything, other than the worst. Any viruses or sites that hack into your computer and upload this stuff to your history, I know I'm grasping but I need answers. Please any thoughts at all?
 

A:Is there ANY way something could appear on your internet history without visiting?

6 more replies
Answer Match 40.74%

My company has 2 offices that operate total independent of each other. Each has their own domain. I have a VP that is usually in office B. Part of the time he is in Office A. His computer is part of office B domain and when he is in office A needs to use those printers and data on office A servers. How do I get that to work. He has Windows 10 Pro on his laptop.
 

More replies
Answer Match 40.32%

I am trying to figure out why I cannot send out emails while I am visiting family. I have access to the internet and can receive emails without problem, but I cannot send out messages, even though I have confirmed that my outgoing email settings are correct. I can send out emails when I am at home and accessing my home network wirelessly, but when I visit family, I cannot send out emails. I am using a laptop with Vista and all of the current Windows updates and am using Outlook 2007 for email. My mom has the same problem when she comes to my house though. Her email works perfectly at home, but when she comes to my house and uses my network, she can receive email, but not send. Any thoughts?

A:can receive, not send out when visiting friends

If the person you are visiting has different ISP than you, you will have to connect to that ISP's network in order to send mail with an email client.

You can check with YOUR ISP to find out what settings you need to change OR see if is an FAQ which will guide you through configuring the client for use when traveling OR you can use your ISP web mail.

2 more replies
Answer Match 40.32%

I've had this problem for quite some time. Last time there's just no video showing even though there's audio playing in the background. But now when I open Dailymotion on my mozilla firefox, it crashes immediately.

I've uninstalled MF and Flash player and reinstall them again but it's still not working. Dailymotion is working fine with IE, and this depends as well.

Please help me thanks a lot.

Version of mozilla - 3.6.24 (i'm using the old version one cause there are some add on that are disabled in the latest verion)
Version of IE - 8.0

A:Mozilla keeps crashing when visiting Dailymotion

New browsers.
Monzilla Firefox new one is 10.0.2
I.E. 8 new one is #9
Your old browsers can be causing this problem. I have no problem going to the website.

3 more replies
Answer Match 40.32%

Hi Guys,

Recently i have been having a lot of BSOD issues while visiting a certain website on all browsers.The said website access my webcam as well as microphone.After few BSOD's i thought maybe its a adobe flash player issue so i uninstalled flash player.

Now to test my system further i visited the said website using IE and google chrome which have built-in flash player plugin and i got the same BSOD error.Tried the same in Guest account with the same BSOD error repeating itself.

I am attaching the relevant zip file.

Oh my system is DELL Inspiron 14 laptop with windows 8.1 installed.

TIA

A:BSOD while visiting certain website on all browsers

All of your dumpfiles blames Probably caused by : RTKVHD64.sys ( RTKVHD64+1af077 )
This is the driver for your Realtek High Definition Audio Function Driver

Your Dell model only supports windows 7 drivers see here
Product Support | Dell US

But maybe the generic driver from Realtek will also work on your Dell machine. Try updating to the latest windows 8.1 compatible driver from here.
Driver Description: Realtek High Definition Audio Function Driver
Driver Update Site: Realtek

2 more replies
Answer Match 40.32%

Hi all. Ive been battling this issue for a few days now. whenever i visit sites such as myspace or espn.com, when im either searching around on the sites my computer will lock up. i can hear it processing information as if it were getting sent massive amounts of information, yet when i check the sites on another computer in my house i dont have these issues. i tried disabling javascript and it worked for part of the problem, but when i started to search the website further, i encountered the issue again. This occurs with both internet explorer and firefox, and my flashplayer and windows media player are both updated. ive searched my computer with spybot and adaware.

A:Computer locking up when visiting certain sites

Try reseting you security permissions. Goto tool > internet options > security tab. Click on default level, then set it to low hit apply, then move it right back to medium and hit apply. This will put it back to microsoft recommended settings. let us know if that works.

2 more replies
Answer Match 40.32%

I saw reunion.com posting my personal info on a google search of my name. I never gave that info. I called and they said they created that account for me from public info. However, when I clicked on the site, something downloaded and now my PC is slow!

IBM ThinkPad T41 / Win XP.
HJT below!

Thank You!!!!!!!!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:11:50 PM, on 8/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_pr... Read more

More replies
Answer Match 40.32%

hxxp://gotlurk.net

I think this is the website where the malware came from, but I'm not sure. I've included the URL here, in case it helps someone figure out what my problem is.

I didn't click on any of the advertisements or install any new programs or download any files. But within 5 minutes of my visiting the page, popups began to rapidly show up. I usually use FireFox, but they were coming from Internet Explorer. They were coming very fast- maybe 20 within as many seconds, so I unplugged my wireless router and forcibly disconnected my computer from the internet.

I used another computer to look up tutorials on how to get rid of a malware problem, and downloaded recommended programs. I also edited the registry myself and deleted registry keys that were obviously associated with the malware that hadn't been there before (named things like "vvxxasjdfdsf.exe" and such) but this malware is obviously beyond my limited expertise, because it is still there.

My computer hasn't been connected to the internet since. (I'm using a different computer to post here.)

When the computer's on, Internet Explorer attempts to connect to the internet every few minutes. For the first few minutes where I didn't realize I had a problem, I'm pretty sure it connected to more malware sites and downloaded more crap onto my computer. Spybot seems to have gotten almost everything, except for the very stubborn root problem, which Spybot says is "Smitfraud.C"

I'm not en... Read more

A:constant popups from visiting a website

Quote:




Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.





Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work: Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those few things, everything should go smoothly

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------
Information
IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

BitComet 0.97

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Please note: you must NOT us... Read more

4 more replies
Answer Match 40.32%

My XP computer will use 100% CPU when visiting even very simple web pages. Any help is highly appreciated.

A:CPU usage 100% when visiting simple web pages

Hi Student,

Are you looking at the column titled CPU? Try looking at the bottom where it lists CPU Usage: Maybe?

Good Luck, Jim

5 more replies
Answer Match 40.32%

I am rephrasing the question to be more specific. I cannot see how my first request was inappropriate. I have not needed to set up a network in years, so I hope someone has the answer to my question.

I am paying for my home internet, and I do not want anyone visiting pron websites. Is their any tool that can alert me if one of my friends is accessing inappropriate material on the website. Someone closed my question before, so I guess knowing how to share their internet histories is NOT the proper answer.

I will not stand for people looking at bad websites, so I hope someone can point me to a decent solution.
 

A:I need to make sure users are not visiting bad websites

6 more replies
Answer Match 40.32%

I am working on this for someone. They try to log in to their online banking, and Internet Explorer 7 will shut down their browser and give the following message displayed on their desktop: Data Execution Prevention. Vista was recently installed, error came about at that time. Suggestions? What is this feature?

A:Error Message when visiting website

Does anyone know what this is? I have tried working with it, but I'm not having any luck. Any advice would be greatly appreciated.

1 more replies
Answer Match 40.32%

I joined an on-line forum and for some reason I am unable to post any messages, or reply to any posts. When I attempt to do either one, I received an error message from Internet Explorer which says it has encountered a problem and must close. It only closes that forum"s window, all other windows using IE are up and running. I belong to numerous other on-line forum and have no problems in posting.

The site recognizes me and I am able to read all postings; and I am able to use the forum?s personal message program. Using the PM program, I explained my problem to the site administrator??..this is her response:


?I understand now, but I'm not sure I can help. It may be a security setting, but I also fear it may be malware. I might start with lowering your security (if you're comfortable) and a virus scan?

I have no virus, at least not one that Norton product can detect, my security setting is set at a medium setting. I do not use any other browser.

I would appreciate any help you can provide me. Thanks.

A:Exlporer closes while visiting a forum

Hello

Do you have these problems in any other browsers? Please try one of the below (both are free):

Firefox
http://www.mozilla.com/en-US/firefox/
Opera
http://www.opera.com/

Please also do this:

http://blogs.msdn.com/ie/archive/2006/06/12/628499.aspx

1 more replies
Answer Match 40.32%

Hi everyone. I am getting a Configuration Error on some sites. What does this mean?

Here's the text of the error:

Server Error in '/' Application.
--------------------------------------------------------------------------------

Configuration Error
Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.

Parser Error Message: Failed to decrypt using provider 'RsaProtectedConfigurationProvider'. Error message from the provider: The RSA key container could not be opened.

Source Error:
Line 12: </configSections>
Line 13: <connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider">
Line 14: <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
Line 15: xmlns="http://www.w3.org/2001/04/xmlenc#">
Line 16: <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
Source File: C:\www.songtouch.com\web.config Line: 14
--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:2.0.50727.42; ASP.NET Version:2.0.50727.42
 

A:Configuration Error While Visiting Certain Sites?

*bump*
 

1 more replies
Answer Match 40.32%

Hello.

I've not had this happen to me before. On visiting "RosariansCorner" I receive the attached message.

I can get to the site through the cached sites in Google but can't navigate the actual site.

Have you come across this before. Other sites are fine. I'm using Firefox and Windows XP.

Thank you.

Penny.
 

More replies
Answer Match 40.32%

Hello all, I'm new at this so please excuse any mistakes.

Over the past two weeks, I've received occasional virus warnings when I go to Foxnews.com.
Avast warns me about "http://iwqoxiaw.info/ng/pdf.php" and provides a name of: JS:Pdfka-BG.
This has not happened on any other websites.

I'm running XP Pro, Avast virus, and Zone Alarm.

I'm a bit concerned as I can't find any info about this that I understand and was wondering if anyone could help.

I've attached the "attach.txt file and a hijack this log.

Thanks in advance.

Below is the DDS.txt

DDS (Ver_09-03-16.01) - NTFSx86
Run by Administrator at 11:01:50.10 on Tue 03/24/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1548 [GMT -4:00]

AV: avast! antivirus 4.8.1335 [VPS 090323-0] *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1 ... Read more

A:Avast warning when visiting Fox News

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

2 more replies
Answer Match 40.32%

Hi!
 
Today, while  visiting a website with IE, I suddenly got a new window which contained a message from "NSA+ FBI" ( or smthg like that), telling me that I am at risk of being thrown to jail for the next 5-7 years unless I pay a fine of about 150$ either with my credit card or by buying some sort of prepaid phone cards. It was imposible for me to close the window or to use CTRL+ ALT+DEL so as to close it from Task Manager. So, I shut down the computer from the start menu.
 
After restarting it, the internet works much slower.
 
Since then, I ran a quick scan with my Security Essentials (updated right before starting the scan), which lasted for about 70 minutes (!!!) but found nothing . I have also performed a scan using Microsoft's Safety Scanner, which returned the result that there are no unwanted programs on my computer.
 
But if no unwanted software is on my computer, then how come did I got that screen asking me for money on behalf of CIA/ FBI.. etc... ?????
 
Thank you
 
 
OS: Windows 7 Home premium
Anti-virus: Security Essential

A:Infected while visiting a website ??? newbie here...

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scr... Read more

10 more replies
Answer Match 40.32%

I made a search for the above problem with google and lead me here. I downlowded Combo fix and I finally got this log:ComboFix 10-04-21.01 - vasilis 26/04/2010 11:39:37.1.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1253.30.1033.18.2047.1558 [GMT 3:00]Running from: c:\documents and settings\vasilis\Desktop\ComboFix.exe.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\0fkk02x.exeC:\9jyhdim8.exeC:\autorun.infC:\chxnxyx.exec:\docume~1\vasilis\LOCALS~1\Temp\cvasds0.dllc:\docume~1\vasilis\LOCALS~1\Temp\cvasds1.dllc:\docume~1\vasilis\LOCALS~1\Temp\herss.exec:\documents and settings\vasilis\Recent\.pifC:\dqm.exeC:\utcddeq.exec:\windows\system32\SHELLLNK.TLBC:\wyskq6lt.exe.((((((((((((((((((((((((( Files Created from 2010-03-26 to 2010-04-26 ))))))))))))))))))))))))))))))).2010-04-26 06:08 . 2010-04-26 06:08 128512 --sh--r- C:\hc3hvi0.exe2010-04-24 05:58 . 2010-04-24 05:58 128000 --sh--r- C:\twhvna.exe2010-04-22 06:03 . 2010-04-23 06:32 128512 --sh--r- C:\vgyn6ewc.exe2010-04-19 06:27 . 2010-04-21 06:26 127488 --sh--r- C:\r3fhr.exe.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-04-26 07:55 . 2009-02-09 14:05 10 ----a-w- c:\windows\popcinfo.dat2010-04... Read more

A:Problem visiting mcafee site

When I try to visit mcafee side or other antivirus sides as well as microsoft pages I get the following answer:The page cannot be displayed The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may need to adjust your browser settings. To attempt fixing network connectivity problems, click Tools, and then click "Diagnose Connection Problems..." Dont know how to repair my pc. Please help me.Here follows The DDS text DDS (Ver_10-03-17.01) - NTFSx86 Run by vasilis at 10:48:40.59 on 30/04/2010Internet Explorer: 6.0.2900.5512Microsoft Windows XP Professional 5.1.2600.3.1253.30.1033.18.2047.1676 [GMT 3:00]============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\A4Tech\Mouse\Amoumain.exeC:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exeC:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exeC:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exeC:\Program Files\Gendex\VixCfg\gxstart.exesvchost.exeC:\Program Files\IVT Corporation\BlueSoleil\... Read more

10 more replies
Answer Match 40.32%

I'm usually a lot smarter than this.. but I read someones post in a forum about how a website has set up a popular game, San Andreas Multiplayer, in a frame that remotes a machine so you can play in the browser. The game is a bit more involved than a typical browser game, so of course i figured it would be unplayable at best, but curiosity got the best of me and I visited the site.I immediately figured out that it was just a video of someone logging into a server, and i was most likely being infected while watching.. I checked around and saw some minimal info about the site including this post:http://www.gtaforums.com/index.php?showtopic=538035The site I visited was: www,sampfreeonline,tk .. which points to: samponlinefree,orq,pl(dots were replaced with commas so no one clicks by accident)Can anyone verify if this is indeed a malicious site.. I'm thinking I have a keylogger installed now and its just waiting for me to join a server... ..or even worse..Any help is greatly appreciated!Thanks!!
 

A:Tricked into visiting fake website...

Welcome aboard  There is not much info about those sites.  Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At th... Read more

5 more replies
Answer Match 40.32%

I'm pretty sure I've been hit with something, but I'm not sure how to trace it down.
 
I need to try to identify what it is so I can make sure i know what they were looking for. 
 
Here's one of the only screenshots Ive been able to grab of the offending software.
 
http://imgur.com/a/WMJVL
 
It appears to customize what is displayed based upon GeoIP.
 
Where do I begin? I haven't done malware removal in depth since XP SP2.
 
Thanks,

Booty
 
 

More replies
Answer Match 40.32%

Greetings from Finland!

Thanks for a very useful page!

After a visit on a warez-page the weirdest things happened to my computer..
Luckily, it seems like most of them are gone now, thanks to this page! I found the program HijackThis and were able to get
rid of some annoying stuff, for instance that "http://ehttp.cc/?". What is that by the way?

One thing is still bothering me though and believe that's because of the same warez-page. It's kind of strange acctually...
Some pages (for instance http://www.suprnova.org/ and http://www.aftonbladet.se/) started to run REALLY slow! And it doesn't
seem to have anything to do with the internet connection itself; when i check Task Manager-->Performance-->CPU Usage, it's
like 100%! Despite I don't do anything!
What is the problem and moreover, how do I fix it? Would it help you if I posted one of those "hijack-logs"?

Thanks in advance!
(Feels good to know that all skilled people out there aren't evil hackers )
 

A:Result of visiting a warez-page...

16 more replies
Answer Match 40.32%

Hello,
 
So I've always wondered if you can get a virus/malware just by visiting a website?
 
I always thought this was a No, because I believe a user is only infected when he/she opens up that malware/virus FILE, once you open it up and install it then you are infected.
 
I know there are drive by downloads, but your anti-virus or anti-malware program should detect the file and automatically delete it.
 
Malware/virus can't infect your computer unless you open the file, right?

A:can you get a virus/malware just by visiting a website?

Hi NEMS Yes, it's entirely possible to get infected by simply visiting a website. Most commonly via what we call "Exploit Kits". Right now, EK are used to deliver a lot of dangerous malware (such as banking trojans and Cryptoware) to computers worldwide. So using a standard Antivirus and Antimalware won't cut it. Using a program that protects your web browser against such threats, like Malwarebytes Anti-Exploit will. but your anti-virus or anti-malware program should detect the file and automatically delete it.This is assuming that the file pushed on your system is already known to your Antivirus or Antimalware (in its database). If it's not, it won't do anything. And we all know that no products have a 100% detection ratio.Edit: For more information on Exploit Kits and how they work, see the article below.Tools of the Trade: Exploit Kits

27 more replies
Answer Match 40.32%

We recently added a filter to our computer because of our children. Each week we get a report on sites that we attempted to be opened, but are blocked. There are several, but one in particular is on there all the time and has a high percentage. I am wondering if anyone recognizes it and if it is possible that somehow there is something on our computer that is automatically leading us there. We have not gone to it ever as far as I know.

It is: eserviceds1x.us.dell.com

We have both AdAware SE and Spybots and run them regularly.

Below is our Hi-Jack this latest run:
Logfile of HijackThis v1.98.2
Scan saved at 11:49:24 AM, on 10/13/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\873374_eng.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Roxio\Easy C... Read more

A:Websites visited that we aren't visiting??

Hi MNgirl,

1 Download LSPFix from http://www.cexx.org/lspfix.htm .

2 Create a permanent folder like C:\Program Files\LSP and extract the download zip file into that folder.

3 Log your computer in safe mode (hit F8 many times during booting procedure);

4 Disable your System Restore : have a look to Disabling or enabling Windows XP System Restore ;

5 Close all open windows - it is very important;

6 Run LSPFix : click only the Fix button;

7 Reboot normally and post a new HijackThis log.
 

3 more replies
Answer Match 40.32%

I have a:
Gateway laptop Gateway Laptop
MX6433
AMD Turion 64 mobile
Technology ML-30
1.59 GHz, 448 MB of RAM
Windows XP Media Center edition (service pack 3).

I bought it two years or so ago. Since as long as I can remember I have had this problem.

when I am on my browser (I use chrome, firefox, and IE) my wireless connection will cut out after a while. I have noticed that if I am on just one site (example: Pandora.com) it can be fine for hours. But once I start going to different sites, I eventually get kicked off. It can be any website, Facebook, youtube, etc.

When I lose connectivity, I refresh my wireless connections and only the printer comes up. If I try to right click on the tray icon to repair internet connection, it freezes. I am guessing that this is a hardware problem. (?) Though I'm not extremely technical with computers, I know my way around most issues that can arise.

I have reformatted my hard drive (twice) and all my software is up to date. I have run AVG scan and Ad Aware scan hundreds of times. Can anyone offer assistance? Thank you very much!
 

More replies
Answer Match 39.9%

hi,
I visited a specific homepage about a person that was shared @ an internet community forum. I was wondering if this person could tell my ip address from me visiting, looking, or saving pics from there?

thanks.
 

A:Ip address detected if visiting user homepage?

13 more replies
Answer Match 39.9%

Hi all,

First post bc I can't find a good answer to this question anywhere.

I play guitar and as such, I frequently visit www.ultimate-guitar.com. For the past few months, whenever I visit the site, there is a good chance of my computer spontaneously just shutting down. It doesn't happen every time, but it happens a good portion of the time that I go to the site, and it only ever happens on that site.

I'm currently running 64-bit Vista Home Premium. This happens on both Chrome and Firefox.
 

A:Computer shuts down when visiting specific website

8 more replies
Answer Match 39.9%

The last two times I have visited a mediafire download page, I have been redirected to a dodgy page asking me update programs such as Firefox and Java (even though I uninstalled Java over a year ago). The two domains I've seen for the page are lpmxp2.com and updowntot.com. I didn't stick around long enough to get a screenshot, but the two pages appeared to be identical with the exception of the alleged program update displayed. The first time this happened was three days ago, and the redirect only happened once that day. I visited mediafire again today, and the same thing happened.

I can't find any recent discussion on this anywhere so it doesn't appear to be a recent known problem. Any help would be appreciated.

Update: I ran a scan with AdwCleaner, and it found and removed this key from my registry: HKCU\Software\AppDataLow\Software. I'm going to run a Malwarebytes scan now.

A:Getting redirected when visiting mediafire download pages

ThisIsMadness91,

Is there anything else added to this:

HKCU\Software\AppDataLow\Software

9 more replies
Answer Match 39.9%

BEFORE YOU READ: Yes, i am a newb at computers and stuff that's why i'm here for help, you may need to explain things step-by-step.
THANKS IN ADVANCE =]
Okay, sometimes when I go to websites it comes up with "internet explorer has encountered a problem and needs to close. We are sorry for the inconvenience. " that tells me to report the error. It just started doing this 2 days ago. So here is my HJT log my friend told me to post somewhere.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:45:39 PM, on 12/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\... Read more

A:Error sometimes when visiting sites. HTJ file included

helloooo :(

1 more replies
Answer Match 39.9%

Besides MAC address filtering, is there another good / easier way to keep visiting laptops etc from plugging in a CAT cable and accessing a LAN protected by a perimeter firewall?

thnx in advance,

dbotas
 

A:Securing jacks on small biz LAN from visiting laptops?

Aside from having switches which you can turn off the ports on unsed LAN drops, you'll have to configure and setup some sort of NAC or 802.1x solution. On some managed switches there is an option to do port security which you can program approved MAC addresses that are permitted on that port or have the switch learn the first MAC address to lock it down to. This is way different than MAC address filtering you're thinking about on SOHO/SMB wireless routers which only work on the wireless portion.
 

1 more replies
Answer Match 39.9%

Ok, I'm at wit's end. So I gotta ask for help.
I use IE7 browser and I'm getting the Sysfader error
whenever I visit Google Video, and of course the
browser goes down. This has only started happening,
I guess past six weeks or so. The Sysfader error does not
happen on any other video site, even youTube, just
Google Videos.

I've done all the troubleshooting and searched
everywhere for a solution. So I know the following
info.

- It's got nothing to do with nVidia card thingy.
I got all ATI stuff and a REAL-TEK sound card.

-Under my System Performance in Control Panel,
all the scrolling and fade effects are turned off
(not checked) And I thought that's what the Sysfader
thing was, but that's not it, still happening.

-I've disabled all the IE7 Add-ons except "cookies"
and the "Adobe Shockwave flash Active-x" cause the
videos won't play without it, but all other add-ons
have been disabled to see if that helped.
And restarted the browser and rebooted etc.

So, that's all I could find. And I'm stuck.

Okay, I just made it do it....I went
to Google Video, did a search on "Jordan Maxwell",
videos come up, I click on one, it tries to open up
in a separate window, then the error box pops up:

_____________________________________________________
SysFader: IEXPLORE.EXE - Application Error
The instruction at "0x75c54a27" referenced memory at "0x00000240".
The memory could not ... Read more

More replies
Answer Match 39.9%

is it safe to visit a website that has been attacked with SQL injection? ..as an example google www.wowyeye.cn www.killwow1.cn and look at the websites that have been compromised by these Chinese domains, if by chance if you surf to a site "taken over" can that website with the attack host files be downloaded to your browser?
 

A:visiting Compromised websites -SQL Injection ATTACKS

6 more replies
Answer Match 39.9%

The title speaks for itself. I recently set up remote desktop to my computer at work. It works fine when i actually want to connect. However when i am just surfing around the remote desktop connection(where it asks for login name and password) pops up out of nowhere. For instance when i go to check at www.comcast.net the home page pops up along the Remote Desktop login screen. It's more of an annoyance then anything else. Is there a setting i need to tweak somewhere that i've missed?
 

A:Remote Desktop opens when visiting certain web pages

Interesting. No one has ever heard of or encountered this problem before?
 

3 more replies
Answer Match 39.9%

Hi,
 
I opened a link I probably shouldn't have on Facebook and ever since Avast! has been giving me the 'Suspicious item has been detected' dialog every thirty seconds or so.
 

 
Infection Details:
URL:          http://r1---sn-8pgbpohxqp5-ac5e.gvt1.com/crx/blobs/QgAAAC6..(more stuff but it's hidden)
Infection:   Win32:Evo-gen [Susp]
Process:   C:\Windows\System32\svchost.exe 

 
Now, the URL seems telling. The domain gvt1.com is owned by Google, and a CRX is a Chrome extension, so I suspect it's trying to download a malicious Chrome extension onto my PC. And it would appear it attempts to download it every 30 seconds, but Avast! keeps blocking it. However, I have no idea what to do to stop it from doing this and indeed whether or not my PC is already pwned. 
 
I've run a full MBAM scan and thus far found no hint of any malware in memory nor in the file system, but I'm still scared my PC's been pwned and I don't know whether I should shut it down or run rkill or what.
 
Thank you for your help.
 
edit: forgot to mention, I run Windows 7.

A:Avast! alerts after visiting a website [urgent]

Lets run these xereeto

MiniToolBox
Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:
Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.[/list]Please download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.Copy and paste the contents of that logfile in your next reply.A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.[/list]
Junkware Removal Tool
Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential confli... Read more

1 more replies
Answer Match 39.9%

A friend recently started getting 'Windows Internet Security' popups when she visits Myspace that say the following:

"Your browser is under the threat of infection. Windows requires your permission to install online protection tool.

Your browser is run in unsafe mode. Running the protection mode will help you to keep your computer safe. Staying at the suspicious website in unsafemode may lead to the loss of personal data and computer breakage. To run the web browser in protected mode Windows requires installing the antivirus scanner software and online protection tool.

Name: Online Protection Tool
Publisher: Microsoft Windows"

Ends with an Allow or Don't Allow option.

She has been hitting Don't Allow since the message has terrible grammar and doesn't look legit. She ran scans with Malwarebytes and AVG and found a couple trojans and they were deleted without any problems but this message is still popping up every time she goes to Myspace. Any help will be appreciated.

A:Weird security popups when visiting myspace

Hello, please post the MBAM log.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Next run ATF and SAS:Note.. SAS doesn't open the registry hives for other user accounts on the system, so scans should be done from each user account.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mod... Read more

1 more replies
Answer Match 39.9%

after i restarted my computer everything looked to be fine until i went on to craigslist and all of the sudden this malwareweblink.com (http://malwareweblist.com/block.php?id=2036-2&url=http://vancouver.en.craigslist.org/forums/?act=Q&ID=144014843)

took over the screen and says my computer is at risk and it gives me two options

continue unprotected or get security software

i am running avg for firwall spyware and antivirus. this doesnt only happen with only craigslist it happens with almost every website i go to. not every time either but 50% of the time.

if i click continue unprotected it goes back to the website i was previously at but then pops up again. so i tried to click get security software and it takes me to a website to purchase antivir antivirus (http://malwareweblist.com/1/?id=2036-2)

so i belive this is a virus or somthing so if anyone can help me with this problem would be great thank you

please see the attachments as well

A:Warning! Visiting this site may harm your computer!

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

2 more replies
Answer Match 39.9%

Hey guys,

I have a friend who has an adult filtering program on his computer. I get a daily email with all of the sites his computer goes to. I know that they are not visiting these sites personally, so, there has to be some malware/adware that is causing it. I also learned today that there are a number of popups, probably related to these sites.

The websites are:

msn.com yahoo.com, foxsports.com, youtube.com, yimg.com, microsoft.com, facebook.com, gamevance.com, conduitservices.com
Also - it has been running slower as of late.

Thanks for the help.

Jeremy

A:Vista Laptop - visiting certain websites automatically every day

I hate to use the word "Bump," but, I just wanted to send out a reminder....

6 more replies
Answer Match 39.9%

So today I logged on to wikipedia only to see the sopa blackout message. within two minutes my firewalls detected numerous incoming and outgoing connections. then my desktop froze followed by all commands. I then turned my computer off. waited. then turned it back on. after going to the black xp screen it reboots to the "we apologize for the inconveinice but windows.." last known config-reboots to the we apologize screen. start normal-same thing. safe mode works. I ran malwarebytes in safe mode and it found the following threats:
trojan.winlock
pup.removeWGA
exploit.drop.7

after scan and necessary reboot, my computer gets caught in the restart loop with no way to start windows except choosing safemode or safemode with networking. and the threats keep reappearing. they will not go away!

A:Computer infected after visiting wikipedia during the blackout

You need to click on the Report button (bottom left corner of your post) and request being moved to the "Am I Infected" forum.

21 more replies
Answer Match 39.9%

Hello,

I am running a P4 Q6600 with Windows XP SP2. I use Firefox, just updated to 12, and have AVG 2012 loaded
(unfortunately, it lists my current AVG Safe Search as incompatible with Firefox 12).
I went to a legitimate business website, and apparently the website has been recently hijacked because
instead of the expected content (that was in the Google cache), an illegitimate-appearing virus warning
appeared in the browser window. I closed the window, but found thereafter that when visiting google.com with Firefox,
Firefox always said it was "Connecting to 213.174.137.82...". This is my main symptom. I didn't observe
this on other intact computers, but I found others on BleepingComputer that had infections associated
with this address (such as http://www.bleepingcomputer.com/forums/topic445802.html, but with slightly different
symptoms -- Google seems to work okay for many searches in my case). I don't perceive significant slowing,
but strangely after running DDS and GMER for a while, my mouse stopped working (I plugged in another one
and it worked for a short while but also stopped) and I started getting delayed write errors. Upon rebooting, the computer
seems to work okay but it still displays the "Connecting to 213.174.137.82..." message with Firefox browsing google.com.

I visited the business website that seemed to initiate the problems again but on a Linux computer, and
I found the URL redirected to a suspicious-appearing .ru address, wher... Read more

A:"Connecting to 213.174.137.82..." appears after visiting hacked site

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At t... Read more

14 more replies
Answer Match 39.9%

OK, I'm a dummy. I let friends and family use my computer to go to letmewatchthis.com. No doubt I've got a whopper of a virus(es) and I know I should've followed my common sense and not done it. But here we are, and (as everyone is) I am DESPERATE. Can you please review this and give me an idea of where/what/how I should handle this? Thank you so much for taking some of your valuable time to help.

---------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:11:23 PM, on 9/24/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Java�... Read more

A:Constantly Getting "Low Disk Space" after visiting letmewatchthis.com

Incidentally, I should've added that I have Kaspersky as my antivirus software, and it detected nothing, but now whenever there's a scan, it freezes at 41%.

3 more replies
Answer Match 39.9%

I've been able to run a few scanners, Avast!, Spybot S&D, AVG, etc- spybot found a few things, and deleted them. The online webscanners like panda and trend micro won't allow me to goto the sites, because whatever the virus is takes me to another site/weberror even if I type it straight into the adress bar. I ran stinger and it found no errors, following is my hijackthis logfile.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:37:14 PM, on 9/15/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Analog Devices\SoundMAX\Smax4.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Spy... Read more

A:Doesn't Allow Visiting Of Anti-spyware Websites

Hello Shoyu,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

2 more replies
Answer Match 39.9%

Hello.I've suddenly started receiving "Address Blocked" messages from ESET over the last 24hours. My computer has also suffered from four or five blue screens of death. I suspected it was Malware. I have Malwarebytes installed (which found nothing after searching) but also Super Anti-Spyware which produces a BSOD as soon as I try to execute it. The errors only popup when searching in Google, no other pages.I'm using a PC, Windows 7 Ultimate. I first ran TFC, rebooted, then Malwarebytes, but it found nothing.Please advise on what to do next?Many thanks,Daniel

A:ESET blocked IPs when visiting Google (Rootkit?)

Oh yes, here's an example of the error.

7 more replies