this is what happened. i first got a virus that caused the remote procedure call to restart my computer.

then after a while i cant connect to the internet although my other computer on the network is able to.

so i try to fix this, but when i try to run my norton antivirus, it closes after about 10 seconds. this happens with Trojan Defence Suite too. and when i run msconfig, it closes by itself also.

i've also ran adaware, spybot, and spysweeper.

i need a way to get rid of this virus but i dont know how since i cant scan for it anymore with norton, and obviously i cant use any online virus scans.

i can run a norton scan in safe mode but my virus definitioms havent been updated yet since i installed norton.

could anyone do something with this hijackthis log??

Logfile of HijackThis v1.96.4
Scan saved at 1:28:27 AM, on 1/11/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\WINNT\System32\devldr32.exe
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\WINNT\System32\svchos1.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Documents and Settings\fgfg\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://groupboard.com/demo
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://groupboard.com/demo
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://msn.com/
R3 - URLSearchHook: Assistant - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - C:\PROGRA~1\3721\Assist\assist.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\fgfg\Application Data\Mozilla\Profiles\default\qh1wcyjd.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\fgfg\Application Data\Mozilla\Profiles\default\qh1wcyjd.slt\prefs.js)
O1 - Hosts: 203.161.127.141 www.dcsresearch.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Assistant - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - C:\PROGRA~1\3721\Assist\assist.dll
O2 - BHO: (no name) - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINNT\System32\IETie.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Assistant - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - C:\PROGRA~1\3721\Assist\assist.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Configuration Loading] svchos1.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\RunServices: [Configuration Loading] svchos1.exe
O8 - Extra context menu item: Open Frame in &New Window - C:\WINNT\WEB\frm2new.htm
O8 - Extra context menu item: Zoom &In - C:\WINNT\WEB\zoomin.htm
O8 - Extra context menu item: Zoom &Out - C:\WINNT\WEB\zoomout.htm
O9 - Extra button: AIM (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojanscan.com/trojanscan/TDECntrl.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {59131903-4A33-40D5-80C2-5242DD365AB3} (MS3DViewerOCX Control) - http://www.swissquake.ch/chumbalum-soft/files/MS3DViewerOCX.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/d052c1d7d32ead/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37990.7133680556
O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.org/lsacd_xmlwebservices/Http/OIFActiveX/ofmctl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

thanks

and before, i had some problems with copy& paste being disabled.

thats all

thanks

ok i found out what it was and quarantined it its gaobot.gen

I too, am experiencing the same symptoms, on two different computers in two different locations. I see you mentioned gaobot.gen, but what procedure did you use to get rid of it.?

Frustrated,
Angelo

AngeloP, See if the info at the link below is of any help.

W32.HLLW.Gaobot.gen Removal Instructions

Tufenuf

FYI - You're using an out of date version of hijackthis. You should update it before you try to "fix" anything with it. The current version is 1.97.7. Open hijackthis, click on "config", "misc tools", "check for update online".