While trying to download NORTON on a 26k Dial up, I have gotten infected. When dialing in the modem shows constant use incoming and outgoing. I cannot install Norton it says the file is corrupt. If I try to run any new EXE files to test with, they become corrupt, unless I go to SAFE MODE. Since I cannot plug in my Jump drive to download the HJT file I had to print it then scan on another computer with OCR. I have tried to correct all OCR errors.
I have read many of the HJT forums and tried all the software. I have removed
the Backdoor.RBot.ABG
the W32/SdBot.worm.GEN.j
the Trojan ASKEMAIL.EXE Trojandownloader.GYX.100
and found the file SYNCOR which is supposed to be the W32.HLLW.GAOBOT.EE but I ended up removing this in RegEdit manually.
One problem is I can do no updates on the downloaded help programs due to the modem locked up busy. I have to do everything from a remote computer and then come back. I did get updates on the ones that were available.
Spybot has been corrupted and cannot be run or removed .
But I have finally given up and am asking for help.
About Buster is clean.
HELP!!!!!!!!!!
Sorry, I attached the HJT log instead of pasting it.
Logfile of HijackThis v1.99.1
Scan saved at 10:25:07 AM, on 9/14/2005
platform: windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 Sp1 (6.00.2800.1106)
Running processes:
C:\WINOOWs\system32\smss.exe
C:\WINOOWs\system32\winlogon.exe
C:\WINDOWs\system32\services.exe
C:\WINOOWs\system32\lsass.exe
C:\WINOOWs\system32\svchost.exe
C:\WINDOWs\system32\svchost.exe
C:\WINOOWS\Explorer.EXE
C:\EXE2\HiJackThis\HijackThis1991.exe
C:\EXE2\HiJackThis\HijackThis1991.exe
RO - HKLM\Software\Microsoft\Internet Explorer\search,searchAssistant = http://www.earthlink...ton/search.html
RO - HKCU\software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\software\Microsoft\Internet connection wizard,shellNext = http://www.symantec....error=6 e=English&product=NAV&version=11.0.9
RO - HKCU\software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default uRLSearchHook is missing
02 - BHO: AcroIEHlprobj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BEOB3} - c:\program files\Adobe\Acrobat Reader 5\Reader\ActiveX\AcroIEHelper.ocx
02 - BHO: (no name) - {53707962-6F74-2D53-2644-20607942484F} - c:\program Files\spybot - Search & Destroy\SDHelper.dll
02 - BHO: NAV Helper - {BDF3E430-B101-42ADD-A544-FADC6B084872} - C:\Program Files\Norton Antivirus\NavshExt.dll
03 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00AOC9082467} ¬C:\WINDOWs\system32\msdxm.ocx
03 - Toolbar: Norton Antivirus - {42CDD1BF-3FFB-4238-8ADl-7859DFOOB1D6} - c:\Program Files\Norton Antivirus\NavshExt.dll
04 - HKlM\..\Run: [smapp] c:\Program Files\Analog oevices\soundMAX\smtray.exe
04 - HKlM\..\Run: [NvCploaemon] RUNOll32.EXE C:\WINOOWS\System32\NvCpl.dll,NvStartup
04 - HKlM\..\Run: [nwiz] nwiz.exe /install
04 - HKlM\..\Run: [monitr32] c:\Program Files\canon\MultiPAsS4\monitr32.exe
04 - HKlM\..\Run: [MPTBOX] c:\Program Files\canon\MultiPASS4\MPTBox.exe
04 - HKlM\..\Run: [Iomega Automatic Backup 1.0.1] c:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
04 - HKlM\..\Run: [ADuserMon] c:\Program Files\Iomega\AutoDisk\ADuserMon.exe
04 - HKlM\..\Run: [Iomega Drive Icons] c:\Program Files\Iomega\oriveIcons\Imglcon.exe
04 - HKlM\..\Run: [oeskup] c:\Program Files\Iomega\Drivelcons\deskup.exe /IMGSTART
04 - HKlM\..\Run: [.svchost] C:\WINOOWs\system\CSRSS.EXE
04 - HKlM\..\Run: [CCApp] "C:\Program Files\Common Files\Symantec shared\ccApp.exe"
04 - HKlM\..\Run: [SsC_userprompt] c:\Program Files\common Files\symantec Shared\security Center\usrprmpt.exe
04 - HKlM\.. \Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
04 - HKCU\..\Run: [E6Taskpanel] "C:\Program Files\Earthlink
TotalAccess\Taskpanl.exe" -noauth
04 - Global Startup: Hotsync Manager.lnk = c:\Program Files\sony Handheld\HOTSYNC.EXE
04 - Global startup: Microsoft Office.lnk = c:\Program Files\Microsoft office\office10\OSA.EXE
04 - Global startup: QuickBooks update Agent.lnk = c:\program Files\common Files\Intuit\QuickBOoks\QBupdate\qbupdate.exe
09 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MsMSGS.EXE
09 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} ¬c:\Program Files\Messenger\MSMSGS.ExE
012 - plugin for .spop: c:\program Files\Internet Explorer\plugins\NPDoCBOX.dll
page 1
023 - service: Symantec Event Manager (CcEvtMgr) - Symantec corporation - c:\Program
Files\common Files\Symantec shared\ccEvtMgr.exe
023 - service: symantec Password validation (ccPwdSvc) - symantec corporation c:\Program Files\common Files\symantec Shared\ccPwdsvc.exe
023 - Service: symantec settings Manager (ccSetMgr) - symantec Corporation c:\Program Files\common Files\symantec shared\ccSetMgr.exe
023 - service: ewido security suite control - ewido networks - c:\Program Files\ewido\security suite\ewidoctrl.exe
023 - Service: ewido security suite guard - ewido networks - c:\Program Files\ewido\security suite\ewidoguard.exe
023 - Service: Iomega App Services - Iomega corporation C:\PROGRA 1\Iomega\system32\Appservices.exe
023 - Service: Mpservice - Canon Inc - c:\Program Files\canon\MultiPASS4\MPSERVIC.EXE
023 - Service: Norton Antivirus Auto-Protect service (navapsvc) - symantec corporation - C:\Program Files\Norton Antivirus\navapsvc.exe
023 - service: Norton AntiVirus Firewall Monitor service (NPFMntor) - symantec corporation - c:\Program Files\Norton Antivirus\IWP\NPFMntor.exe
023 - service: NVIDIA Display Driver Service (NVSvC) - NVIDIA corporation C:\WINDOWs\System32\nvsvc32.exe
023 - Service: scriptBlocking service (sBservice) - symantec corporation C:\PROGRA l\COMMON l\SYMANT l\SCRIPT l\SBServ.exe
023 - Service: Symantec Network Drivers Service (SNDSrvc) - symantec corporation c:\Program Files\Common Files\symantec shared\sNDSrvc.exe
023 - Service: SoundMAX Agent service (SoundMAX Agent service (default)) - Analog Devices, Inc. - c:\Program Files\Analog Devices\soundMAX\SMAgent.exe
023 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec corporation - c:\Program Files\common Files\symantec shared\SPBBC\SPBBCsvc.exe
023 - service: spywarecleanerservice - unknown owner - c:\program Files\spyware cleaner\Scservice.exe (file missing)
023 - service: ups - APC powerChute plus (ups) - APC - c:\Program Files\Pwrchute\ups.exe
023 - service: Iomega Active Disk (_IOMEGA-ACTIVE_DISK_SERVICE_) - Iomega corporation - c:\program Files\Iomega\AutoDisk\ADservice.exe
Page 2
Attached Files
Edited by Gishmonster, 15 September 2005 - 07:02 AM.