this is what happened. i first got a virus that caused the remote procedure call to restart my computer. then after a while i cant connect to the internet although my other computer on the network is able to. so i try to fix this, but when i try to run my norton antivirus, it closes after about 10 seconds. this happens with Trojan Defence Suite too. and when i run msconfig, it closes by itself also. i've also ran adaware, spybot, and spysweeper. i need a way to get rid of this virus but i dont know how since i cant scan for it anymore with norton, and obviously i cant use any online virus scans. i can run a norton scan in safe mode but my virus definitioms havent been updated yet since i installed norton. could anyone do something with this hijackthis log?? Logfile of HijackThis v1.96.4 Scan saved at 1:28:27 AM, on 1/11/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\SYSTEM32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\Explorer.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe C:\WINNT\System32\devldr32.exe C:\WINNT\System32\drivers\CDAC11BA.exe C:\WINNT\System32\DRIVERS\CDANTSRV.exe C:\WINNT\System32\svchos1.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\Documents and Settings\fgfg\My Documents\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://groupboard.com/demo R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://groupboard.com/demo R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://msn.com/ R3 - URLSearchHook: Assistant - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - C:\PROGRA~1\3721\Assist\assist.dll N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\fgfg\Application Data\Mozilla\Profiles\default\qh1wcyjd.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\fgfg\Application Data\Mozilla\Profiles\default\qh1wcyjd.slt\prefs.js) O1 - Hosts: 203.161.127.141 www.dcsresearch.com O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Assistant - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - C:\PROGRA~1\3721\Assist\assist.dll O2 - BHO: (no name) - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINNT\System32\IETie.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Assistant - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - C:\PROGRA~1\3721\Assist\assist.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [MSConfig] C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [Configuration Loading] svchos1.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\RunServices: [Configuration Loading] svchos1.exe O8 - Extra context menu item: Open Frame in &New Window - C:\WINNT\WEB\frm2new.htm O8 - Extra context menu item: Zoom &In - C:\WINNT\WEB\zoomin.htm O8 - Extra context menu item: Zoom &Out - C:\WINNT\WEB\zoomout.htm O9 - Extra button: AIM (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojanscan.com/trojanscan/TDECntrl.CAB O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe O16 - DPF: {59131903-4A33-40D5-80C2-5242DD365AB3} (MS3DViewerOCX Control) - http://www.swissquake.ch/chumbalum-soft/files/MS3DViewerOCX.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/d052c1d7d32ead/housecall.antivirus.com/housecall/xscan53.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37990.7133680556 O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.org/lsacd_xmlwebservices/Http/OIFActiveX/ofmctl.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab thanks

and before, i had some problems with copy& paste being disabled. thats all thanks

ok i found out what it was and quarantined it its gaobot.gen

I too, am experiencing the same symptoms, on two different computers in two different locations. I see you mentioned gaobot.gen, but what procedure did you use to get rid of it.? Frustrated, Angelo

AngeloP, See if the info at the link below is of any help. W32.HLLW.Gaobot.gen Removal Instructions Tufenuf

FYI - You're using an out of date version of hijackthis. You should update it before you try to "fix" anything with it. The current version is 1.97.7. Open hijackthis, click on "config", "misc tools", "check for update online".