Something wants to access his net connection...

[NightshadowUK]

Friend o' mine gets the above popping up whenever he turns his PC on and 'firefox.exe' stays under Processes, re-appearing whenever he ends it.

He's run a full virus scan (AntiVir) as well as CWShredder but they come up with nothing, so as the name of this here forum goes, HELP!

[ExceededGoku]

visit the site? Sounds liek spyware to me...

[alistairheeley]

Seriously, help me!

[NightshadowUK]

Ad-aware picks up squat so I guess that rules out spyware, unless anyone knows of a more thorough scanner?

[EllTheGamer]

First thing to do is to try to simply remove it from startup using msconfig.exe, if you could go startmenu>run>(type in and launch) msconfig and tell me in detail what it lists (maybe using screenshots) under the services and startup tabs making sure to tick the box that says "hide all microsoft....."
If you do that i will lookup all the tasks you have that are suspicious or known to be bad.

[alistairheeley]

Right (it's me having the problems in case you hadn't gathered, I'm a friend of Tony's, just don't use this very often), run msconfig, the list in Startup is as follows:

cli
zlclient
Winampa
NeroCheck
avgnt
iTunesHelper
qttask
Adobe Gamma Loader
Adobe Reader something
ATI Catalyst
DSLMON (my ADSL modem)

So I'm no genius, granted, but that looks fine to me, it's all stuff that I've knowingly installed.

In my task manager processes, there are 2 instances of firefox.exe - this one and the one that's trying to access rantaplan.hopto.org (apparently, can't find anything for that URL at all), it changes if I change my default browser to I.E., so it's just something using my browser. The system hangs if I try to update Adaware or AntiVir, but I think that's because my firewall, Zone Alarm, pops up a permissions window. If I enable windows firewall and disable Zone Alarm I can update no problem. Same with running the new Messenger, I tried to sign in and it just hung, I think because it'd never asked for permission before, again turning ZoneAlarm off fixed this. It's incredibly annoying, whenever I want to do something Internet-related it just hangs up, pleeeeeease figure out what it is. Everything I've tried comes back negative! Thanks!

[Hottentot]

Try running HijackThis and post your log.
Also un-install zone alarm for now as it is complicating the picture (plus its C**P).

[alistairheeley]

Uninstalled ZoneAlarm and run HiJack This, the log is as follows:

Logfile of HijackThis v1.99.1
Scan saved at 14:39:56, on 20/07/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\SAGEM\SAGEM F@st800\DSLMON.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ALISTA~1\LOCALS~1\Temp\Rar$EX00.453\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st800\DSLMON.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE137C7D-E2CC-4366-AA97-C0B94698BC59}: NameServer = 80.225.252.178 80.225.252.186
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

???

[alistairheeley]

I also ran another program I found whilst looking for HiJack This called StartUp list, which apparently is better than msconfig. Anyways, I ran it and it showed the running processes, one of which was firefox.exe when the browser was closed (I ended the process numerous times, it just kept coming back) and showed me some other stuff:

There are a couple other options, something about copying nodes but I'm not really sure what that means so...

[EllTheGamer]

Im gonna let hottenhot deal with this one for now i have some stuff to do.

[alistairheeley]

Yeah I'm stuck too, no worries. I hope the other dude can help me. Thanks anyway

[EllTheGamer]

I can deal with spyware, adware and viruses if i have direct access to the pc otherwise im just no good at explaining things so ill let hottenhot do it but if he cant then pm me ill come back and have a proper go.

[alistairheeley]

Yeah me too usually, I don't post often and spend all my money on fans with blue LEDs in but it doesn't mean I'm incompetant, I've already done most of the things suggested to me, there seriously is no explaination for it. I have a link to the file I downloaded that I believe has caused this if anyone feels like they could scan it or something. I don't really know why anyone would knowingly download some spyware or a virus just for the hell of it, but hey, if anyone wants to...

[NightshadowUK]

and spend all my money on fans with blue LEDs in

You'd need to buy rather a lot of fans to manage that...

[alistairheeley]

You'd need to buy rather a lot of fans to manage that...

Bite me, Tony. I just signed in to see what the new reply was, and it was this. P.S. Are you coming out tonight or what?

[NightshadowUK]

SPAM... SPAAAAAAM!

Also un-install zone alarm for now as it is complicating the picture (plus its C**P).

What's wrong with Zone Alarm anyways?