So far, two of my pcs have had some kinda problem that has hit them. Im not sure whats infected on them, but norton doesn't fix it. The problem im gettin is that if i try to drop to a command prompt and release or renew my ips (which was working before) its telling me some kinda socket error. Right now im posting from this POS p2. I got someone mailing all my software cds up to me, hopefully they get here soon. Cause if i can't figure out whats wrong by the time they get here, im just gonna format. On my machine, i found a virus with norton called trojan horse. I'm pretty sure i cleaned it up, but still not able to access the internet. Anyone that can help would be greatly appreciated, cause i hate reformating.

ive been having problems with the W32.HLLW.GOABOT virus latley. Do you have the latest virus definitions from the website? The virus that i was dealing with disabled IE from going to symantec's website and from connecting to the update server, so you might have to goto another computer dl the virus definitions onto a cd and install them on your pc then do a system scan. See if it can tell you what kind of virus it is and check the websites for a removal tool or instructions on how to get ride of it.

Drax, a Trojan horse is the same thing as a Trojan. USUALLY, its just leeches off your data and/or private info. Viruses and worms are what you really have to worry about...

Talk with Drax...that sounds like the same thing he's been fighting for a couple days...

Okay... download this first http://www.spychecker.com/download/download_hijackthis.html

Then, run the program and click 'Scan.' You should have a big list of things, then click 'Save Log' to a file. Open the file you saved, copy+paste it to this thread.

Talk with Drax...that sounds like the same thing he's been fighting for a couple days...


ummmm....who would you be referring to? ....er....Drax?

erm...yeah. Sorry there. I was half asleep and didn't realize that it was Drax that posted that to begin with. Proof positive that posting when you first wake up is a no-no.

any idea what this is? my in-laws PC had the same exact thing Drax is describing. I ended up just formating and re-installing everything.

Drax what is the exact error that you are getting when you try to release and renew your ip address.

also, Have you tried to ping any websites (by ip and url) and what responses did you get back? Do you have a router, can you ping your router? What error do you get when you try to pull up a webpage?

ok soso, heres the log file

Logfile of HijackThis v1.97.7
Scan saved at 10:43:12 AM, on 9/22/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\devldr32.exe
C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
C:\WINNT\system32\RUNDLL32.exe
C:\WINNT\system32\RUNDLL32.exe
C:\Documents and Settings\Justin Blanchard.JUSTIN\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=144940
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - (no file)
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINNT\systb.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A2B92B4-7858-410F-917D-AC59AC87F093} - C:\WINNT\ztxa.dll
O2 - BHO: (no name) - {23AD6976-8A75-407D-814A-DE7E838EBCF8} - C:\WINNT\yqccc.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINNT\wsem302.dll
O2 - BHO: (no name) - {BCF96FB4-5F1B-497B-AECC-910304A55011} - C:\WINNT\neti.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C5941EE5-6DFA-11D8-86B0-0002441A9695} - C:\WINNT\3_0_1browserhelper3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [Steam] "d:\games\steam\steam.exe" -silent
O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min
O4 - HKCU\..\Run: [SearchSetter] C:\WINNT\system32\searchsetter[1].exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ATI TV (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: PartyPoker.com (HKLM)
O9 - Extra 'Tools' menuitem: PartyPoker.com (HKLM)
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaInitialSetup1.0.0.8.exe
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cab
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.systemsoap.com/ssoap/pptproactauthsmakamai/systemsoappro.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38026.540625
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/mmed.cab

Wow dude, u have trojans all over the place. Run the program again and 'check' these items, then click 'FIX.'

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_...count_id=144940
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - (no file)
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINNT\systb.dll (file missing)
O2 - BHO: (no name) - {0A2B92B4-7858-410F-917D-AC59AC87F093} - C:\WINNT\ztxa.dll
O2 - BHO: (no name) - {23AD6976-8A75-407D-814A-DE7E838EBCF8} - C:\WINNT\yqccc.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINNT\wsem302.dll
O2 - BHO: (no name) - {BCF96FB4-5F1B-497B-AECC-910304A55011} - C:\WINNT\neti.dll
O2 - BHO: (no name) - {C5941EE5-6DFA-11D8-86B0-0002441A9695} - C:\WINNT\3_0_1browserhelper3.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKCU\..\Run: [SearchSetter] C:\WINNT\system32\searchsetter[1].exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.exe
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softw.../0006_adult.cab
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.systemsoap.com/s...stemsoappro.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.c...AB?38026.540625
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/mmed.cab



BE VERY CAREFUL HERE!!!1!!1oneone!1!!!

After you fix, reboot and scan again, post the stuff you have here.

well its a pain for me to post em again, cause i have to go up to school to post anything since i can't get on the internet at my house. Hopefully this will fix that...if so, me lub you long time npor.

Awww... poor Draxie!!! Me miss you on the server!! :kiss

I really don't think you should remove any of those lines. I doubt they have anything to do with your problem.

Drax, a Trojan horse is the same thing as a Trojan. USUALLY, its just leeches off your data and/or private info. Viruses and worms are what you really have to worry about...


ive got worms because i didnt have any trojans. LOL sorry i just couldnt hold back. Swedish=dirty minded

I'm with toby here - I don't think anything that you found in Hijack this would cause the problems you are having - stuff in there would just screw w/ IE, not stop you from getting an IP address...

As was asked before, what is the EXACT error you're getting when you renew your IP?

okies, heres the errors...

when i go to a commmand prompt, and type ipconfig...the top line and the bottom line are missing.

if i type ipconfig /release *, i get all adapters bound to dhcp do not have dhcp addresses. The addresses were automatically configured and can not be released.

if i type ipconfig /renew, i get The following error occured when renewing adapter local area connection 3: an operation was attempted on something that is not a socket.


Removing those lines that soso said, seems to have made my computer go faster, like the virus scans and such aren't taking near as long, but i still have the same problem as before.

Anyways, for soso, heres my log again
Logfile of HijackThis v1.97.7
Scan saved at 10:37:43 AM, on 9/23/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\devldr32.exe
C:\WINNT\system32\RUNDLL32.exe
C:\WINNT\system32\RUNDLL32.exe
C:\Documents and Settings\Justin Blanchard.JUSTIN\Desktop\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [Steam] "d:\games\steam\steam.exe" -silent
O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ATI TV (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: PartyPoker.com (HKLM)
O9 - Extra 'Tools' menuitem: PartyPoker.com (HKLM)
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

As i said before, when my other pc was having this problem, on my machine, i could drop and renew my ip just fine. I have a dsl modem, which i believe is also a router. Before when it was just the other computer, i could set an ip on it, and i could ping my computer. Hopefully this will help somemore. Also i run windows 2000, not XP on my machine. The other one is running XP.

somebody...please....help

somebody...please....help


It's too late for help..........you are too far gone! lol Give us a call if ew can help....and not after 10pm! LOL

That's the same error I got on the ipconfig /renew command on my in-law's PC. A format and re-install cured it.

Try this program - I use it a lot at work for computers w/ the same symptoms, and it seems to do the trick most times.

http://www.snapfiles.com/get/winsockxpfix.html

Often your problem is caused by adware/spyware that has broken your Winsock and TCP/IP stacks usually during removal.

gonna try it max, will let you know if it works...

cool deal.

ok, ran the program, didn't work...BUT...i did a few other things, unistalled my network card and reinstalled it. and OMFG, i can post from my own pc now.

ok, ran the program, didn't work...BUT...i did a few other things, unistalled my network card and reinstalled it. and OMFG, i can post from my own pc now.

WOOHOO!!! We will have the pleasure of your presence on the server once again!! :wig

Well, atleast your computer isn't an electrified collection of crap ^^