Page 1 of 1
Could this be a virus?? HELP!
Posted: 22 Feb 2007, 16:41
by Hybrid_Halogen
On the laptop. I lost all means of connections to the internet. I can't dial up because its been greyed out in the "add a new connections" tab. Windows takes roughly 5 minutes to start (after logging in, it stays on the backfround with nothing popping up)
I used to use my home lan to access internet with the laptop, but that is out as well....can't pick anything up. My Kaspersky says some proctection service couldn't start, but its updated yesterday, so definitions should be pretty new. The only new program I downloaded and installed was a boot screen from themexp.org, which had some spyware Kaspersky warned called NewDotCom....
Please, if someone know this symtom and have a solution, please let me know.
HH
Posted: 22 Feb 2007, 16:44
by Anthro
Do me a favour, install and rund this application quickly:
Hijackthis
Then post the log here.. then we can see if we can help
*edit* also maybe change the proportions of your signature.
Posted: 22 Feb 2007, 16:45
by Sojourn
ouch - I would need the laptop in front of me to be of any help. Sorry I can't post anything useful to you.
s
Posted: 22 Feb 2007, 17:19
by Hybrid_Halogen
Log file from HIJACKTHIS
Logfile of HijackThis v1.99.1
Scan saved at 17:15:11, on 2007-2-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Temp\HijackThis.exe
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O8 - Extra context menu item: ???QQ?? - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: ???QQ???? - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: ???QQ????? - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: ?QQ??????? - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP chain gap (#4 in chain of 4 missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFB3CFF7-F648-44CF-8DAA-C3749E1E2473}: NameServer = 196.44.128.146,196.44.136.162
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
Posted: 22 Feb 2007, 17:35
by PsyCLown
wow...all I can say is that once Windows has reached a level like that...the only thing which can save it (IMO) is a format.
So thats what I would do. Iv had that happen to me quite often when I use using dodgy things.
Also after a format, dont install Kaspersky, try Avast (PRO preferably). I installed Kaspersky last night and all and all I can say is that I dont trust it!
Also ZoneAlarm is a very good firewall..use it! (the free one or Pro) also dont get the BETA ZoneAlarms
Posted: 22 Feb 2007, 17:37
by WiK1d
PsyCLown wrote:the only thing which can save it (IMO) is a format.
or a 10 pound hammer
Posted: 22 Feb 2007, 17:56
by hamin_aus
O10 - Broken Internet access because of LSP chain gap (#4 in chain of 4 missing)
Thats why you cant connect.
Download and run
LSPFix and see if that doesn't help.
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
You might also want to download AdAware and sort this out...
Posted: 22 Feb 2007, 18:27
by Hybrid_Halogen
......while waiting for the replies, I repair installed windows.....still don't work :'(
I'll try the LSPFix
Posted: 22 Feb 2007, 18:42
by Hybrid_Halogen
LSPFix rocks!!!! It actually did it ^_^ Just run it and restarted the PC
Btw I really like Kaspersky....so gonna reinstall that and NEVER EVER download stuff from themexp.org again!!!!!!!!!!!!!
Oh another thing, what you looking at is a very recent installation of windows + I got nothing on it that is useless.....its a laptop for work
Posted: 22 Feb 2007, 19:00
by hamin_aus
Hybrid_Halogen wrote:LSPFix rocks!!!! It actually did it ^_^ Just run it and restarted the PC
Posted: 23 Feb 2007, 08:03
by Anthro
Happy to hear You got you r problem sorted mate !!
Also, Happy new Chinese year !! ?
Posted: 23 Feb 2007, 09:20
by Hybrid_Halogen
Hey thx buddy ^_^
Ya it was Chinese New Year last Sunday ^_^
