Many pop ups, unsecure connection (Hijackthis log)

[Acetyle]

So I finally got around to using this website again after trying to use my uncle's computer. He's gone to all the no-no websites and managed to accumulate a massive amount of spyware / malware. He then told me he got hit with a pop up with a program he could download and install to remove it all. Of course he installed it and it turned out to be one of those nasty programs that only makes things worse.

You guys helped me out before with my computer in the past (I lost my original username / password - oops).

Thanks for your time.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:58:28 PM, on 8/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Dave\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.weatherstudio.com/dp/sear...9LWwvEy6h1/GgiMCeJ6VwylUivAsjpsLXpwEUwTpDgw==
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [WeatherStudio Desktop] "C:\Program Files\WeatherStudio Desktop\bin\WeatherStudio Desktop.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Help - {B18B5990-F880-46DD-9AA5-E730413E966E} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {C7C5570B-E235-4E55-8494-F1E99DA9399D} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Support - {FBD75602-BB69-42D3-A7CE-38885C603EC0} - http://www.comcastsupport.com (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 4942 bytes

 

[Crimsonite]

Besides the WeatherStudio, everything else is normal.

 

[systek]

i always get rid of any search assitant software, even if it was factory installed by a vendor like dell.

 

[Punk]

Hold on until Buzz sees your log.
He's the pro on this forum

 

[Acetyle]

Alright. Well the computer crashed just now. The damage looks fairly serious. The computer locked up and he did the old hold in the power button hard shutdown.

Now everything is pixelating, even the screen where the BIOS load. Some of the text is in English and some is in Spanish.

I fear damage is deeper than software but we'll see. Performing a system restore right now.

 

[Acetyle]

I wouldn't bother keeping this thread going. The computer is in bad shape. I can't do anything to restore it. I'm going to have to search another forum for help.

Thanks anyway.

 

[codeman0013]

Hey man first off lets start from basics here. I have started reading and learining in the hopes to help buzz. Since you are having operating system issues boot to your xp cd and do a restore option log into your c drive usually number one with a blank password. When you get to the command prompt type in chkdsk /r note the space between chkdsk and /r then we can get into your hijack this logs.

 

[Crimsonite]

Don't bother, that's NOT a software issue. The log is clean of malwares besides the questionable Weather Studio but that doesn't cause this kinda problem.

You said it's pixelating even in BIOS. That indicates his mobo is fubar'ed. My cousin's friend's rig had the same problem where it would randomly freeze either at POST, Windows startup or in Windows. It also randomly pixelates and completely unpredictable. I RMA'ed his mobo and it has been flawless for 4 months straght after the replacement.

 

[codeman0013]

Not necessarily true. Windows could be corrupt, missing files many differnt things it never ever hurts to do a chkdsk /r and check into things to see how things are checking out there is no guarentee that it is software or hardware at this point but its worth trying.

 

[Crimsonite]

Right, only that the pixelating problem occurs in even BIOS. Windows' or any OS' files do not affect BIOS and POST screens, hardware does.

 

[Crimsonite]

Right, only that the pixelating problem occurs in even BIOS. Windows' or any OS' files do not affect BIOS and POST screens, hardware does.

 

[Acetyle]

Well, I have more to add to the saga:

I appreciate everyone's input and I am a firm believer something hardware related is to blame.

The other day I decided to play with the computer. I began tapping it on the side while it was attempting to cycle through its load up and the screen started turning different colors and the pixelating would shift.

So I opened up the computer, fought an epic fight with some dust bunnies that attacked my allergies and disconnected the hard drive. I tried booting the computer up with out the hard drive attached and it gave me the expected message that an operating system could not be found.

I shut down, replugged the hard drive and booted up. It gave me the same message that an operating system could not be found.

So I booted down (again) and made sure the connections where secure (which they where) and I powered it up again. This time the computer started right up. No pixelating, no strange colors, no strange symbols. I accessed windows, backed up all my data.

The computer went back to its system restart before running windows with the pixellating screens again however. I did the SAME process as last time and now it's working again (for how long I can't say).

I'm grabbing a can of compressed air and I'm going to try cleaning it out and see what happens. Any input?

 

[Crimsonite]

I'd check all the screws make sure none of them is too tight, this includes the video card, hdd, mobo.

My cousin's friend's rig had the same problem where the pixelating was random and remote. I have tried booting the system with 1 component in at a time and it'd still occur in BIOS. It was the mobo.

But that's just my experience, your case MIGHT be different. Whatever it is, it shouldn't be far off. You certainly can try every possibility to eliminate them down the list until you hit the jackpot. Also I'd suggest try another video card see if the problem can be reproduced. If it can run 72 hours with a different card then we know the cause. Hope this contributes to some ideas...