Another request for HiJack log support

By Skippygrrl ยท 8 replies
Oct 10, 2008
  1. Earlier this week I was having problems with what I thought was my modem. It would simply stop transmitting. Sometimes the Internet light on the modem would go out, sometimes not, but it simply stopped retrieving pages. At first I disenabled/enabled the LAN, then I started rebooted the modem every 10 or 15 mins. It would work for a time, then stop again. I went around with my DSL provider, tweaked various config setting on the ethernet, etc. They ended up sending me a new modem. All happy, it installed the new one (including changing out the ethernet cable and the jack in the wall, just in case). It worked a charm -- for about 2 hours -- then did exactly the same thing.

    I ran Hijack This and that's when I noticed "" and realized it was a virus.

    Have done all your diagnostics -- what great instructions here - THANK YOU!! -- I downloaded and ran Malware, ATF and SuperAntispyware. Several times. Kept deleting the instances of the "go" virus (using "fix" in HJT), and it kept coming back on reboot or even spontaneously.

    Avira found a trojan thingy that reappeared and I deleted twice.

    I just rebooted after running SAnti and again I am getting the warning from Google toolbar that someone is trying to force IE as the default browser, so I believe it's still there. Attached are the logs for SAnti, AVScan, Malware and the HiJack logs both when "clean" and then with the reappearance of 20 mins later.

    Running XPSP2, 2.00 Ghz, 448 RAM, Athlon Dual core 64. I do not keep an ignore list in HJT.

    I have lost 3.5 days on this little fricker. You have already been incredibly helpful, but I'm not out of the woods! Thanks in advance for your help. You have my deepest appreciation.

    Note: Modem and internet connection are fine. To wit: this wireless card is great, and I can FTP on the affected desktop.

    Could this bug be messing with resolving IP stuff? No browser works.

    Thought - could I FTP and install Opera or some damn thing? Getting desperate. Trying to remain calm. Thanks, angels.

    Just remembered after that last post that I had indeed downloaded Opera like, a year ago. Just installed and launched and was thrilled when it came up! I went to the home page, - and there it was, shining like a new bicycle.

    THEN! Poof! "Couldn't locate remote server." This bug is crawling around all my browsers. Damn it!!!
  2. Skippygrrl

    Skippygrrl TS Rookie Topic Starter

    Please somebody help. The HJT fix is not holding - reappearances of the 6 or 7 and the norman\Nvc\BIN\nipsvc.exe continues.

    NOW I CAN'T CONNECT AT ALL TO THE INTERNET. Am typing on another machine - my old (!) laptop with a wireless card. This is excruciating.
  3. tw0rld

    tw0rld TS Maniac Posts: 572   +6

  4. Skippygrrl

    Skippygrrl TS Rookie Topic Starter

    Thanks, tw0rld, but I actually ran the parse program and cleaned them all. Since then the Norman and the ones keep reappearing.

    This is the first time ever that Hijack This has been unable to clear up something.

    I've done this 10 times through, start to finish today. Still this stuff keeps reappearing. Thoughts?

    And thanks.
  5. tw0rld

    tw0rld TS Maniac Posts: 572   +6

  6. Skippygrrl

    Skippygrrl TS Rookie Topic Starter

    Gee, thanks, T. I'll try to remember that when I can ACCESS THE INTERNET AGAIN. Sheesh.

    Anyone else?
  7. tw0rld

    tw0rld TS Maniac Posts: 572   +6

    Your attitude will not get your issue resolved. Good Bye!! :wave:
  8. Skippygrrl

    Skippygrrl TS Rookie Topic Starter

    Never mind. I thought I would get some help here...<sniffle>
  9. momok

    momok TS Rookie Posts: 2,265

    Could you post a fresh hijackthis log from that system?
    Also, please download Combofix and run a scan from HERE. Attach the logs in your next reply.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...