C:\WINDOWS\ALCMTR.EXE

General Topics
1

Hi,

Hijackthis log says:
running process. (ALCMTR.EXE)
Realtek AC97 Audio - Event Monitor. “Sypware” file used surreptitiously monitor ones actions. It is not a sinister one, like remote control programs, but it is being used by Realtek to gather data about customers
This is a nasty process! You should fix it and try to delete it manually!

O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE
Realtek AC97 Audio - Event Monitor. “Sypware” file used surreptitiously monitor ones actions. It is not a sinister one, like remote control programs, but it is being used by Realtek to gather data about customers
Must be fixed!

I need to remove this could someone help me remove it manually please? And if I remove it will the Realtek High Definition sound work properly? :\

Cheers!

2

Run HijackThis! again and tick the box next to this entry, then click ‘fix’.

The process is not essential to the running of your hardware.

3

Ok thanks alot!

4

Err now I got this:

O17 - HKLM\System\CCS\Services\Tcpip..{585C21F5-91F0-4229-B28A-9ECB125FBDC4}: NameServer = 202.55.145.2 202.55.145.10
If this Domain does not belong to your ISP, or your firms network, these entries should be fixed. ‘SearchList’ entries should be fixed too.
Do you know the IP or Domain ‘202.55.145.2 202.55.145.10’? If not, fix this entry.

How do I find out what my IP adress is?

5

I think by doing a WHOIS search. Not really my field of expertise, but I tried and got this:

OrgName: Asia Pacific Network Information Centre OrgID: APNIC Address: PO Box 2131 City: Milton StateProv: QLD PostalCode: 4064 Country: AU

Looks fairly legit. Unless someone with more knowledge tells you otherwise, I should leave it.

6

Looks legit does this ring any bells ?

Checking IP: 202.55.145.10... Name: dnr2.transact.net.au IP: 202.55.145.10 Domain: transact.net.au

A simple test tick fix it, make sure that you have the ‘Make Backups before fixing items’ box ticked (in the Config… section), it is by default. If you can’t connect it is your ISP and you would have to restore the fixed item. A touch risky so exercise due care, but if you don’t recognise the above domain it is a way to test.

7

David posted one of them and here is the other below. Henryjl, if I remember correctly, you are in Australia and so this may be your own ISP. Make sure of that before you do anything.

inetnum: 202.55.144.0 - 202.55.159.255
netname: TRANSACTSDN
descr: Service Delivery Network

Name: dnr1.transact.net.au
IP Address: 202.55.145.2
Location: CANBERRA (35.250S, 149.133E)
Network: TRANSACTSDN

Registrant: TRANSACT COMMUNICATIONS PTY. LIMITED
Registrant ID: ABN 32091752297

EDIT :

If you would like to try this yourself, you can try the free version of a program at the below link …

http://www.d3tr.de/

8

If you happen to use WinPatrole, you could try the following:

http://img509.imageshack.us/img509/3994/alc6lz.jpg

9

Guys thanks for your help! ;D ;D

I removed the thing with HijackThis and it made a backup folder on the desktop with the file on it and my sound still works properly ;D