Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Weird Popup.


  • This topic is locked This topic is locked
3 replies to this topic

#1 Dazarooni

Dazarooni

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 03 September 2006 - 01:35 PM

Hi. I restored my laptop to it's factory settings as windows decided it didnt want to work anymore.

I have installed AVG free and downloaded the security updates from the Microsoft homepage.

But when I turn on the laptop and the desktop opens up, I keep getting a strange pop up that says "Software/microsoft/windows/currentversion/run" in a grey box that only allows me to click on ok.

It seems really weird.

here is my hijackthis log, any help and advice would be greatly appreciated. Thank you :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 19:27:38, on 03/09/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\necmfk\necmfk.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\rws.exe
C:\dihd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Daryl\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueyonder.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.packardbell.co.uk/center
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NECMFK] C:\Program Files\necmfk\necmfk.exe
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
O4 - HKLM\..\Run: [Windows Update] host.exe
O4 - HKLM\..\Run: [RPC Service] rws.exe
O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINDOWS\System32\firewall.exe
O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\dihd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MRT] "C:\WINDOWS\System32\MRT.exe" /R
O4 - HKLM\..\RunServices: [Windows Update] host.exe
O4 - HKLM\..\RunServices: [RPC Service] rws.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\blueyonder-istconfig.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=www.packardbell.co.uk/center
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1157302161511
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1157302654464
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

:flowers:

BC AdBot (Login to Remove)

 


#2 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 04 September 2006 - 10:04 AM

Hello Dazarooni,

We are currently studying your log and will be back to you as soon as possible. Thank you for your patience.

Regards,

Rosty.
Posted Image
Proud member of ASAP since 2007

#3 Dazarooni

Dazarooni
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 04 September 2006 - 12:08 PM

Hi again.

After restoring the computer to its original settings on saturday and then going online via a dial-up connection to download the latest drivers for my cable modem, I picked up a few viruses as I didn't have any anti-virus software. By the time I got the drivers and the cable modem up and running, the laptop took a turn for the worse as the internet connection was dreadfully slow and 9 out of 10 times after I would type a web address and hit enter, I would get a broken link, and even when a page was found, it took about 3 mins to load.

I then downloaded AVG free and it detected numerous viruses but wasn't able to remove them all.

So I deleted everything and reinstalled windows again, managed to find the CD that the cable modem drivers were on, installed it, got connected to the internet, downloaded AVG free and Avast anti-virus software, went to the microsoft site to get updated and downloaded Service Pack 2 and everything is working fine now.

Just did 2 scans on with AVG free and Avast, with Avast first picking up on a malware threat in the system volume area and was able to sort it out. Then did a scan with AVG and my computer is healthy. The internet connection is working just the way you would expect a 2 mb connection to work.

Everything is working fine now so there's no need for any more help here.

Special mention to Grinler who, about 2-3 years ago helped me with a nasty web browser hijack that just wouldn't go away and it was with me for 3 weeks or so, and that was when I found this site and with Grinler's help I got it fixed. Still am very thankful for that, this is an excellent place with many helpful people.

Keep up the good work :thumbsup:

#4 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 04 September 2006 - 10:16 PM

Ok Dazarooni, thanks for letting us know. :thumbsup:

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Reagards,

Rosty.
Posted Image
Proud member of ASAP since 2007




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users