Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Can no longer connect to wireless

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Can no longer connect to wireless

Unread postby Chris A » November 26th, 2006, 3:03 pm

Ok about 3 days ago my sons computer could no longer connect to the net. I can connect to the router. Signal strength is very good. I cant get any web sites to come up though. It acts as though there is a firewall in the way. IE explorer crashes when you try to connect. Firefox will not show any web sites either.

When I open up a command screen and ping Google or Yahoo I get a return. I was hoping that there was something in the Hijack log that might just jump out at some one.

Here is a copy of a HJT log. done today after a fresh boot.

Logfile of HijackThis v1.99.1
Scan saved at 10:51:40 AM, on 11/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\aniServ.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\shea\Desktop\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Automation
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7442011856
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Airgo Networks NIC Service (ANISERVICE) - Airgo Networks, Inc. - C:\WINDOWS\System32\aniServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
Chris A
Active Member
 
Posts: 4
Joined: November 26th, 2006, 2:57 pm
Advertisement
Register to Remove

Unread postby Chris A » November 26th, 2006, 3:13 pm

One other thing. Before when his computer would boot it would load you straight into the desktop. Currently it has made it so you have to choose your name before you can get to the desktop. Only one name on the computer.
Chris A
Active Member
 
Posts: 4
Joined: November 26th, 2006, 2:57 pm

Unread postby Chris A » November 26th, 2006, 7:10 pm

Also have a thread started here. http://forums.techguy.org/54-security/
Chris A
Active Member
 
Posts: 4
Joined: November 26th, 2006, 2:57 pm

Unread postby martin750 » November 28th, 2006, 4:28 am

Hi

This is very similar to the problem i have.

That log on scree that appears when u start up i think is just an automatic update loaded from windows?? :? As i guess u have already figured u just press Ok insted of entering a password and it loads. Don't know why it does it though as the "Martin 750 technical department" is constantly closed for business !! :lol:

My wireless often shows a good strengh and it appears to be 'talking' to the PC" but like u the isp just 'timesout' !!?? i am with orange maybe its an isp problem?

Anyway hope u get a 'proper' :D answer soon and ill keep a look out on this thread for any replies. Maybe u want to do the same with mine as we could have the same problem.

cheers
martin
martin750
Active Member
 
Posts: 4
Joined: November 27th, 2006, 4:48 am

Unread postby Chris A » November 28th, 2006, 7:37 pm

Mine has Turned out to be some kind of Virus that has trashed my networking on his computer.

I assume that I have not had many replies here because my HJT log looks pretty clean. I have read here countless stories of people here getting helped out so I am sure that if there was something there I would have had it solved already.

Here is some places that helped me out with the networking part of it.

http://forums.anandtech.com/messageview ... erthread=y

http://forums.techguy.org/networking/52 ... oblem.html

One thing I learned Martin 750 that might help.(Posted in my thread)

SP2 has all the functionality you need to reset the stack.

TCP/IP stack repair options for use with Windows XP with SP2.

For these commands, Start, Run, CMD to open a command prompt.

Reset WINSOCK entries to installation defaults: netsh winsock reset catalog

Reset TCP/IP stack to installation defaults. netsh int ip reset reset.log
Chris A
Active Member
 
Posts: 4
Joined: November 26th, 2006, 2:57 pm

Unread postby NonSuch » December 24th, 2006, 5:34 am

I am sorry that your log has been overlooked. It is unfortunate, but this often happens when multiple replies are posted by the original poster, or other people who are adding comments. That type of activity makes it appear that the original poster is already being helped. This is because the HijackThis helpers, on this as well as most other forums, are looking for logs that have 0 replies. Once a log topic has received one or more replies, it is no longer shown on the 0 reply list.

If you have not received help with your log elsewhere, then please post a fresh log in this same forum, but do not post a reply to it until you have received a response from a HijackThis helper.

This topic is now closed.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 500 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware