Hello Everyone,

Recently I noticed my computer was acting a little strange. Whenever I use Internet Explorer and go to webpages, new IE windows will open on their own and they will be of sites I do not want them to go to. For example the sites are of pch.com, ManiaTV, and various pages for Windows Spyware Cleaners. It is getting frustrating. It always seems to be the same few pages loading whenever I go on the web. I tried running programs such as Spysweeper, AVG Antivirus, Ad-Aware, & Spybot S&D. All found items that needed cleaning but none seemed to solve my problem. So, I followed the steps as written in the "Viruses/Spyware/Malware, preliminary removal instructions" post. I ran HiJackthis, AVG Anti-Spyware, ComboFix, Vundofix, Look2me-destroyer, Smitfraudfix, Virtumundobegone, ccleaner, and AVG Anti-Rootkit beta (which found nothing). I followed each step one at a time and it took a while but I got the log files and I have attached them. So far I have been online and I haven't seen any new windows open yet. Hopefully the problem has been solved. Can someone please look at the log files and see if there is any other questionable items for my issue or other items which shouldn't be there and help me fix them. I would really appreciate it a lot. Thanks in advance!

Hello and welcome to Techspot.

Very well done on following the instructions properly.

We still have some work to do to get your system clean.

Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Delete all files in AVG Antispyware quarantine.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

ALCXMNTR.EXE
hcryj.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: (no name) - {73B06F36-3C58-49BA-B747-E1EBE201E457} - C:\WINDOWS\system32\pkxojdhl.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet /keeploaded

O4 - HKLM\..\Run: [hcryj] C:\WINDOWS\hcryj.exe

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\koqeakva.dll",setvm

O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)

O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)

O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)

O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?

O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06071909/qsp2ie06071909.cab

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\windows\ALCXMNTR.EXE
C:\WINDOWS\hcryj.exe

Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted. If your computer doesn`t automatically restart, restart it manually.

This is the filepath you need to enter into killbox.

C:\WINDOWS\system32\koqeakva.dll

Once your system has rebooted, rehide your protected OS files.

Post a fresh HJT log.

Regards Howard :wave: :wave:

This thread is for the use of nitemere only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

New Hijackthis Log file!

Thanks for the Help Howard.

I did everything you asked and I am including the new Hijackthis Log File.

NiteMere

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

Viewpoint
Viewpoint Manager
AWS
WeatherBug

Close control panel.

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

Viewpoint Manager Service

Close the services window.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

ViewpointService.exe
ViewMgr.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\Viewpoint<Delete the entire folder.
C:\Program Files\AWS<Delete the entire folder.

Reboot into normal mode and rehide your protected OS files.

Post what will hopefully be your final HJT log.

Regards Howard

This thread is for the use of nitemere only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

Newest Hijackthis Log File!

Thanks again for the Help Howard.

I did everything you asked and I am including the newest Hijackthis Log File. Hopefully this will be the final one!

NiteMere

Your HJT log is clean.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of nitemere only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

Thanks for everything Howard!!!

Nitemere

You might like to avoid some known-yet bad ActiveX programs using
Spywareblaster