Baffled by an error message box

In the past few days when I use internet explorer (road runner cable connection) I occasionally when pulling up a web site will get a message box that says "Dial-up Connection (new line) Connect to Broadband Connection (new line) User name (new line) Password" then it gives me three optins, connect, settings, work off-line. We don't use a dial-up so I X out of it and I find that I am now off line and have to go up to "file" and unclick the work off-line option. I can't quite figured out a consistant pattern as to when it does this it doesn't happen all the time. I'm not doing anything differently. I just tried an experiment. When I put "ebay" on the address line the message box came up. When I put "www.ebay" it came up when I put "www.ebay.com" I was able to go to the site. Now I know I have been able to pull e-bay up all three ways in the past. This just started happening. Has a setting that I am un aware of get changed? Is this some kind of glitch in my system or do I have an intruder that's causing it. If you have any idea why the sudden change please let me know. The computer seems to be working great out side of this but it is an irritant. Any ideas?

 

Sandra

Did you do the protection that we asked after fixing you last time? How to Protect yourself from malware! Let's take a look at a HJT file and see if possibly you have a dialer. Go ahead and submit it.

 

Sandra

Also go to Start, control panel, network connections, and see what is showing. Is there a dial up and cable connection for your internet showing.

 

After I (you) fixed my kids computer I made sure I ran all the cleaning tools on my computer as well. Even though I wasn't experiencing any problems. I trying to decide if this message box started after that or not. Anyway, I guess I was hoping that my computer was pretty clean.

I checked Network connection, it says: Broadband connection Disconnected, firewalled - Wan Miniport (PPPOE)
Lan or High-Speed Internet 1394 connection -- connected, firewalled -- 1394 Net Adapter
Local Area Connection Connected, Firewalled -- NVIDIA nForce MCP Networking Con...

I've attached a HJT log

Thanks again

 

Sandra

I see you have weatherbug again. Did you D/L this for a reason. We got rid of it last time. Remember that ALL browsers MUST be closed when running HJT. You had IE open.
C:\Program Files\Internet Explorer\iexplore.exe

Also, I am not sure about this file:
C:\WINDOWS\ALCXMNTR.EXE
I am getting mixed results about it and I am going to wait to get you an answer for it.

Please print out these instructions so that you can operate with ALL Browser Windows CLOSED.
Please make sure System Restore is OFF and the Viewing of Hidden Files is Enabled as per the tutorial.

Please look in Add or Remove Programs for the following and Uninstall them if found:

Weatherbug

NOW:
Please look in Task Manager (ctrl-alt-del)and try to END the following running processes, if found:

Weather.exe

Now scan with HijackThis and Check the Boxes for the following:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
We recommend not to have trusted zones so I will delete this but I guess ultimate choice is yours
O15 - Trusted Zone: http://www.leapfrog.com

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files Enabled and navigate to and DELETE the following and folder if it should remain:

C:\Program Files\AWS---The Folder

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again.

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.

Now we need to Reset Web Settings:
1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to what you want or www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to what you want or something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Reboot to Normal Windows and Scan with HijackThis and attach that log.
Let me know how your computer is running now and if you had trouble with the above instructions.

Good luck

 

Also Sandra I would suggest you use Firefox as your Browser. Less vulnerable than IE.

 

Sandra

regarding
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
This means you need to reinstall Spybot or download the SDHelper.dll file from Merijn's to replace what was possibly deleted.

For now we will not fix C:\WINDOWS\ALCXMNTR.EXE.
If one of the mods suggests that you should then of course do it. It is a very mild case of spyware and should not be fixed unless having a problem with it.
alcxmntr.exe is installed alongside hardware drivers for the Realtek AC97 audio device. This program is a non-essential system process, but should not be terminated unless suspected to be causing problems.

 

Ok, I think I have taken care of everything. I have attached a new log. Things seem to be back to normal. Let me know how things look so I can turn system restore back on. Do you have a link for firefox? Thanks again, now we have two clean computers in the house. This is a truly great service that you provide!

 

Sandra.

You look pretty good. There are a few 023 with missing files but I am not going to mess with them since they are for avast.

Step #8 in this link has Mozilla Firefox. It's the browser I and my daughter use. Alot less spyware since then.
How to Protect yourself from malware!

Let us know if there are any other problems. I'll see if PP or Chas can take one last look at it to see if I missed anything important.

 

Sandra

PP agrees with me that your log looks clean again. Congratulations. Go ahead and turn system restore back on. You may want to reinstall Avast again. I would rather not see those two files missing.