It may not directly relate to your ISP, if they 1) are a third party provider for a larger company, 2) their connection servers are different from their web site/portal. You could forward the 017 entries of the IPs and see what they make of them.
Ensure that you are off-line first and if you are using IE close all browser windows.
Run HJT, tick the box on the left of the 017 entries and click Fix checked button, this will make a backup so they can be restored if needed. Then try to connect to the internet, if you can’t these IPs somehow are connected to your ISP.
I too have a single 017 entry and the "HKLM\System\CCS\Services\Tcpip.." part is the same, the string after that and the IP address are obviously different and if I fix it I can’t connect. When I checked my IP it didn’t match my ISP directly as they were a third party provider, effectively a reseller for a larger company, but I knew that company and the IP corresponded to their servers.
I tried to scan with microworld and here are the results:
Object “AltNet Spyware/Adware” found in File System! Action Taken: No Action Taken.
Entry “HKCR\CLSID{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}” refers to invalid object “fde.dll”. Action Taken: No Action Taken.
Entry “HKCR\CLSID{92FA2C24-253C-11d2-90FB-006008A1F441}” refers to invalid object “a3dapi.dll”. Action Taken: No Action Taken.
File D:\mirc616.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
I also have the log file saved up if that needs to be examined as well.
I have no idea why if you selected the entries (ticked the box) and selected Fix checked, they should be gone, unless express56 is restoring them (I have no idea what express56 is).
If the techie doesn’t know the IP address of their servers that you connect to then I would say they don’t deserve to be called techies (technical support), they are obviously just reading PC screens of common FAQs. I mean they can do a reverse whois lookup just like I did and should recognise the result as either their or a partners servers?
AdAware should be able to remove AltNet Spyware/adware.
If you haven’t already got this software (freeware), download, install, update and run it.
Having looked at the ccleaner ‘issues’ I would have though it would have been ok, but if those points you mentioned before are still there, then it doesn’t.
I use a freeware program called RegSeeker, it is a good tool but the user interface is poor and there is no help file. So you need to know a little about the registry to start with otherwise you can screw ok the registry.
I have also used a program called RegVac which is shareware with a 30 trial (I think) and that has a much friendlier Novice/Experienced user interface.
Tried using Regseeker and couldn’t find anything relating to altnet (tried a path found from google search, then just tried “altnet” on the search) seeing as how HJT and Adaware aren’t picking up anything either, this may not be anything. I’ll try another online scan with Kapersky later.
You could always manually delete the entries, (HKCR = HKey_Current_User), safest to export the key befor deleting so it can be restored (imported/run) if any untoward actions noticed.
Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{92FA2C24-253C-11d2-90FB-006008A1F441}" refers to invalid object "a3dapi.dll". Action Taken: No Action Taken.
Well this is interesting, I punched in CLSID{88E729D6-BDC1-11D1-BD2A-00C04FB9603F} and CLSID{92FA2C24-253C-11d2-90FB-006008A1F441} in the search bar and nothing showed up. Mayhaps a false report?
The problem he had are similiar to what I’m experianceing. It seems the fella had dso exploits and found them using spysubtract. I’m going to try this and see if anything shows. BTW Kapersky didn’t turn up anything.
edit: Nothing, all well it was worth a shot anyways.
Sigh Question, do you need BITS to get window updates or is there another way around? I’m verging on reformat, I mean I don’t want to get window updates and find 800 mb of files in my temp folder.
I have the BITS service set to Manual (not disabled, otherwise no updates), that way it can be started when required and I have no problems with windows update.
I have also never seen a bit##.temp file either.
Reformatting I doubt would resolve this issue because installation would still require BITS service.
Updates may well be put into temp folders until they are installed, but then they should be cleared (I believe) on successful completion.
Minor update. The initial file (Bit8f.tmp or whatever it is, name is at page one of this thread) is related to bits rather then the internet, so if I disable bits then I can safely remove the file.
Found this file thanks to a little help from google:
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\75b98e091afc44f68b7feade98642d15\bit218.tmp
It’s also hidden and it’s smaller compared to the others (466 KB). My first guess is that this is a new file getting ready to be formed but it does have one more # to it. Thoughts? Oh and the file that this is in was created today, there’s also another folder that was created in the temp called bit2.tmp.