Computer Issues / Hijackthis log attached

Welcome to Majorgeeks!

Please attach the two requested logs from step 6 of the READ & RUN ME.

Since your Panda security suite also contains an antispyware application, you should uninstall Windows Defender to avoid the excess use of system resource (I'm sure Panda is already using a bunch) and to avoid conflicts.

You do not have you Home page set to anything. Is this on purpose?

And do you mean the popup you are getting is like below:

 

Not according to HijackThis. It says:

Or are you using a browser other than Internet Explorer?


You may be getting that popup due to certain files being in your folders that need access to MSN. When exactly does the popup occur? What folders are you accessing?

 

Which folder exactly in C:\Documents and Settings or do you mean the base of C:\Documents and Settings ?

If the base, what files are in this folder? Give the full filenames. Make sure you have enabled viewing of hidden files, system files and extensions for known file types per the READ & RUN ME.

Normally there are no files in the base of the folder. There should only be user account named folders like Administrator, All Users, LocalService, DefaultUser, and other user account names you have.


Shutdown any protection software (like Panda and Windows Defender) and do the below.


Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

After clicking Fix, exit HJT.:

Now we need to Reset Web Settings (use www.majorgeeks.com for now! You can switch to google later!):

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log.

 

I see nothing strange in that folder (meaning not reason why a connect to MSN should occur).


Your home page now shows correct as:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.majorgeeks.com/

Now change it to www.google.com (or whatever you wanted) and that R0 line should change to whatever you use.


Let's get a Startup List with HijaakThis.

Generating Startup Lists with HijackThis

• Run HijackThis, click Open the Misc Tools section
• Put a check in the List also minor sections (full) check box.
• Now click the Generate StartupList Log button.
• This will create a file named startuplist.txt in the same folder that HijackThis is installed into.
• Also a notepad file will open with this startuplist in it.
• Attach the startuplist.txt file to your next message.

Let's get an installed programs list from HijackThis too!

• Run HijackThis, click Open the Misc Tools section
• Click Open Uninstall Manager
• Click Save List (generates uninstall_list.txt)
• Click Save, to save it to a file where you can find it.
• Attach the uninstall_list.txt file to your next message.

 

Note something I just noticed is that you have both Panda and Symantec antivirus software installed. You must uninstall one. It looks like you maybe tried to uninstall Symantec and it did not work properly. You should neve install a new antivirus application if the previous one is still installed.

 

Let's try something. Locat the below file using Windows Explorer:

C:\Program Files\Common Files\Microsoft Shared\Web Folders\Msonsext.dll

Right click on it and select Rename. Change the name to Msonsext.dll.old

Then reboot your PC and let me know if you are still having problems and also makes sure everything else seems to work properly.

Did you enable encryption in your wireless network to block others from gaining access to it?

Goto Add/Remove programs and uninstall the below old version of Sun Java:
J2SE Runtime Environment 5.0 Update 5

 

This is not a malware problem. It is more of an adminstration problem with your hardware and your network. You may want to check out the below programs:

myWIFIzone

and also maybe:

Retina WiFi Scanner - Windows Version

 

Still does not sound like malware.

Are you saying you only get this Wi-Fi intruder message when you open the
C:\Douments and Settings\ Admininistrator.Matt folder? Does it happen when opening any other folders? If you shut down your Wi-Fi connection, do you still get the popup. Are you sure your encryption key is set? How many PCs are you connecting to your wi-fi network?

 

Sounds like it has something to do with your network then. You may want to try posting a message in the Networking Forum to see if anyone knows anything about this. Is this a home network or are you at a school?

 

Read this: http://www.pandasoftware.com/download/documents/help/Titanium/2006/KO/38.htm

Seems to agree with what I was saying about the WiFI network not being properly encrypted.

For additional education reading, see the below:

http://www.usatoday.com/tech/news/computersecurity/infotheft/2004-11-09-fed-weakest-link_x.htm

http://www.theage.com.au/news/The-Edge/Psst-someones-prying-in-your-wifi/2004/12/08/1102182304144.html