Could this be a virus?? HELP!

Hybrid_Halogen · Post by **Hybrid_Halogen** » 22 Feb 2007, 16:41

On the laptop. I lost all means of connections to the internet. I can't dial up because its been greyed out in the "add a new connections" tab. Windows takes roughly 5 minutes to start (after logging in, it stays on the backfround with nothing popping up)

I used to use my home lan to access internet with the laptop, but that is out as well....can't pick anything up. My Kaspersky says some proctection service couldn't start, but its updated yesterday, so definitions should be pretty new. The only new program I downloaded and installed was a boot screen from themexp.org, which had some spyware Kaspersky warned called NewDotCom....

Please, if someone know this symtom and have a solution, please let me know.

HH

Post by **Anthro** » 22 Feb 2007, 16:44

Do me a favour, install and rund this application quickly:
Hijackthis
Then post the log here.. then we can see if we can help
*edit* also maybe change the proportions of your signature.

Sojourn · Post by **Sojourn** » 22 Feb 2007, 16:45

ouch - I would need the laptop in front of me to be of any help. Sorry I can't post anything useful to you.

s

Hybrid_Halogen · Post by **Hybrid_Halogen** » 22 Feb 2007, 17:19

Log file from HIJACKTHIS

Logfile of HijackThis v1.99.1
Scan saved at 17:15:11, on 2007-2-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Temp\HijackThis.exe

O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O8 - Extra context menu item: ???QQ?? - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: ???QQ???? - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: ???QQ????? - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: ?QQ??????? - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP chain gap (#4 in chain of 4 missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFB3CFF7-F648-44CF-8DAA-C3749E1E2473}: NameServer = 196.44.128.146,196.44.136.162
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

PsyCLown · Post by **PsyCLown** » 22 Feb 2007, 17:35

wow...all I can say is that once Windows has reached a level like that...the only thing which can save it (IMO) is a format.
So thats what I would do. Iv had that happen to me quite often when I use using dodgy things.

Also after a format, dont install Kaspersky, try Avast (PRO preferably). I installed Kaspersky last night and all and all I can say is that I dont trust it!

Also ZoneAlarm is a very good firewall..use it! (the free one or Pro) also dont get the BETA ZoneAlarms

WiK1d · Post by **WiK1d** » 22 Feb 2007, 17:37

PsyCLown wrote:the only thing which can save it (IMO) is a format.

or a 10 pound hammer

Website · Post by **hamin_aus** » 22 Feb 2007, 17:56

O10 - Broken Internet access because of LSP chain gap (#4 in chain of 4 missing)

Thats why you cant connect.
Download and run LSPFix and see if that doesn't help.

O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

You might also want to download AdAware and sort this out...

Hybrid_Halogen · Post by **Hybrid_Halogen** » 22 Feb 2007, 18:27

......while waiting for the replies, I repair installed windows.....still don't work :'(

I'll try the LSPFix

Hybrid_Halogen · Post by **Hybrid_Halogen** » 22 Feb 2007, 18:42

LSPFix rocks!!!! It actually did it ^_^ Just run it and restarted the PC

Btw I really like Kaspersky....so gonna reinstall that and NEVER EVER download stuff from themexp.org again!!!!!!!!!!!!!

Oh another thing, what you looking at is a very recent installation of windows + I got nothing on it that is useless.....its a laptop for work

Website · Post by **hamin_aus** » 22 Feb 2007, 19:00

Hybrid_Halogen wrote:LSPFix rocks!!!! It actually did it ^_^ Just run it and restarted the PC

Post by **Anthro** » 23 Feb 2007, 08:03

Happy to hear You got you r problem sorted mate !!
Also, Happy new Chinese year !! ?

Hybrid_Halogen · Post by **Hybrid_Halogen** » 23 Feb 2007, 09:20

Hey thx buddy ^_^

Ya it was Chinese New Year last Sunday ^_^