TechSpot

Websites opening up on their own! Please help!! (Log Files Attcached)

By nitemere
Mar 30, 2007
  1. Hello Everyone,

    Recently I noticed my computer was acting a little strange. Whenever I use Internet Explorer and go to webpages, new IE windows will open on their own and they will be of sites I do not want them to go to. For example the sites are of pch.com, ManiaTV, and various pages for Windows Spyware Cleaners. It is getting frustrating. It always seems to be the same few pages loading whenever I go on the web. I tried running programs such as Spysweeper, AVG Antivirus, Ad-Aware, & Spybot S&D. All found items that needed cleaning but none seemed to solve my problem. So, I followed the steps as written in the "Viruses/Spyware/Malware, preliminary removal instructions" post. I ran HiJackthis, AVG Anti-Spyware, ComboFix, Vundofix, Look2me-destroyer, Smitfraudfix, Virtumundobegone, ccleaner, and AVG Anti-Rootkit beta (which found nothing). I followed each step one at a time and it took a while but I got the log files and I have attached them. So far I have been online and I haven't seen any new windows open yet. Hopefully the problem has been solved. Can someone please look at the log files and see if there is any other questionable items for my issue or other items which shouldn't be there and help me fix them. I would really appreciate it a lot. Thanks in advance!
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Very well done on following the instructions properly.

    We still have some work to do to get your system clean.

    Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Delete all files in AVG Antispyware quarantine.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    ALCXMNTR.EXE
    hcryj.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: (no name) - {73B06F36-3C58-49BA-B747-E1EBE201E457} - C:\WINDOWS\system32\pkxojdhl.dll (file missing)

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet /keeploaded

    O4 - HKLM\..\Run: [hcryj] C:\WINDOWS\hcryj.exe

    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

    O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\koqeakva.dll",setvm

    O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)

    O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)

    O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)

    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?

    O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06071909/qsp2ie06071909.cab

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\windows\ALCXMNTR.EXE
    C:\WINDOWS\hcryj.exe

    Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted. If your computer doesn`t automatically restart, restart it manually.

    This is the filepath you need to enter into killbox.

    C:\WINDOWS\system32\koqeakva.dll

    Once your system has rebooted, rehide your protected OS files.

    Post a fresh HJT log.

    Regards Howard :wave: :wave:

    This thread is for the use of nitemere only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. nitemere

    nitemere TS Rookie Topic Starter

    New Hijackthis Log file!

    Thanks for the Help Howard.

    I did everything you asked and I am including the new Hijackthis Log File.

    NiteMere
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    Viewpoint
    Viewpoint Manager
    AWS
    WeatherBug

    Close control panel.

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    Viewpoint Manager Service

    Close the services window.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    ViewpointService.exe
    ViewMgr.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\Program Files\Viewpoint<Delete the entire folder.
    C:\Program Files\AWS<Delete the entire folder.

    Reboot into normal mode and rehide your protected OS files.

    Post what will hopefully be your final HJT log.

    Regards Howard :)

    This thread is for the use of nitemere only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. nitemere

    nitemere TS Rookie Topic Starter

    Newest Hijackthis Log File!

    Thanks again for the Help Howard.

    I did everything you asked and I am including the newest Hijackthis Log File. Hopefully this will be the final one!

    NiteMere
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of nitemere only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. nitemere

    nitemere TS Rookie Topic Starter

    Thanks for everything Howard!!!

    Nitemere
     
  8. jobeard

    jobeard TS Ambassador Posts: 9,348   +622

    You might like to avoid some known-yet bad ActiveX programs using
    Spywareblaster
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...