1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Altnet, PSGuard, CoolWebSearch

Discussion in 'Virus & Other Malware Removal' started by simonelliott, Jul 29, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. simonelliott

    simonelliott Thread Starter

    Joined:
    Jul 27, 2006
    Messages:
    18
    Hiya
    Having checked out some of the posts on this forum, i tried to remove the 3 adware above (Only taken 2 days so far!) Although my system seems to be working fine now, i have some leftover thingumies as follows:

    Ewido finds Altnet, PSGuard & CoolWebSearch (but can't remove any of them).
    AVG finds nothing.
    Housecall (online) finds Altnet (then claims to remove, but doesn't).
    CWSShredder finds nothing.
    AdAware finds AltnetBDE (but can't remove) - it gives the registry entry HKEY_LOCAL_MACHINE:SOFTWARE\Altnet, which though empty, Regedit will not let me delete.

    The HJT log is below, but apart from R1, nothing jumps out at me.
    BTW this is my 1st post to any forum anywhere and, being in Uganda i have power every other day or 3, so pls bear with any delays in my replies.
    Th x in advance.
    Cheers

    Logfile of HijackThis v1.99.1
    Scan saved at 12:53:11 PM, on 29/7/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
    C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    C:\toshiba\ivp\ism\pinger.exe
    C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
    C:\WINDOWS\system32\ezSP_Px.exe
    C:\Program Files\Lexmark 3100 Series\lxbrcmon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\ZoneLabs\MINILOG.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Security\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshiba.com/
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {2A831707-7708-0351-CA1A-63D057092ABD} - (no file)
    O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
    O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
    O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
    O4 - HKLM\..\Run: [TkBellExe] ;"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5C682CC6-12DA-477E-BB5C-373C3DEC1540}: NameServer = 217.113.72.21,217.113.72.20
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: TrueVector Basic Logging Client (minilog) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\minilog.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,223
    First Name:
    Derek
    please post teh ewido log so we can see what it found & couldn't fix
     
  3. simonelliott

    simonelliott Thread Starter

    Joined:
    Jul 27, 2006
    Messages:
    18
    Here it is, thx.

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 11:15:38 AM 29/7/2006

    + Scan result:



    HKLM\SOFTWARE\Altnet -> Adware.Altnet : Error during cleaning.
    HKLM\SOFTWARE\Altnet\Dashboard -> Adware.Altnet : Error during cleaning.
    HKLM\SOFTWARE\Altnet\Dashboard\Messages -> Adware.Altnet : Error during cleaning.
    HKU\S-1-5-21-2761765271-2845148464-2948605393-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A831707-7708-0351-CA1A-63D057092ABD} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\ShudderLTD -> Adware.PSGuard : Error during cleaning.
    HKLM\SOFTWARE\ShudderLTD\PSGuard -> Adware.PSGuard : Error during cleaning.
    HKLM\SOFTWARE\ShudderLTD\PSGuard\PSGuard -> Adware.PSGuard : Error during cleaning.
    HKLM\SOFTWARE\ShudderLTD\PSGuard\PSGuard\License -> Adware.PSGuard : Cleaned with backup (quarantined).
    :mozilla.41:C:\Documents and Settings\simon\Application Data\Mozilla\Firefox\Profiles\rr02jkyb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.81:C:\Documents and Settings\simon\Application Data\Mozilla\Firefox\Profiles\rr02jkyb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\simon\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.



    ::Report end
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,223
    First Name:
    Derek
    I've seen that a few times and the entries are actually quite harmless and don't start or load anything so I tend to ignore them

    you can try starting in safe mode & delete all teh subkeys for altnet before the main key & the same for psguard
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/487441

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice