Another request for HiJack log support

Status
Not open for further replies.
Earlier this week I was having problems with what I thought was my modem. It would simply stop transmitting. Sometimes the Internet light on the modem would go out, sometimes not, but it simply stopped retrieving pages. At first I disenabled/enabled the LAN, then I started rebooted the modem every 10 or 15 mins. It would work for a time, then stop again. I went around with my DSL provider, tweaked various config setting on the ethernet, etc. They ended up sending me a new modem. All happy, it installed the new one (including changing out the ethernet cable and the jack in the wall, just in case). It worked a charm -- for about 2 hours -- then did exactly the same thing.

I ran Hijack This and that's when I noticed "go.microsoft.com" and realized it was a virus.

Have done all your diagnostics -- what great instructions here - THANK YOU!! -- I downloaded and ran Malware, ATF and SuperAntispyware. Several times. Kept deleting the instances of the "go" virus (using "fix" in HJT), and it kept coming back on reboot or even spontaneously.

Avira found a trojan thingy that reappeared and I deleted twice.

I just rebooted after running SAnti and again I am getting the warning from Google toolbar that someone is trying to force IE as the default browser, so I believe it's still there. Attached are the logs for SAnti, AVScan, Malware and the HiJack logs both when "clean" and then with the reappearance of go.microsoft.com 20 mins later.

Running XPSP2, 2.00 Ghz, 448 RAM, Athlon Dual core 64. I do not keep an ignore list in HJT.

I have lost 3.5 days on this little fricker. You have already been incredibly helpful, but I'm not out of the woods! Thanks in advance for your help. You have my deepest appreciation.

Note: Modem and internet connection are fine. To wit: this wireless card is great, and I can FTP on the affected desktop.

Could this bug be messing with resolving IP stuff? No browser works.

Thought - could I FTP and install Opera or some damn thing? Getting desperate. Trying to remain calm. Thanks, angels.

Just remembered after that last post that I had indeed downloaded Opera like, a year ago. Just installed and launched and was thrilled when it came up! I went to the home page, Google.com - and there it was, shining like a new bicycle.

THEN! Poof! "Couldn't locate remote server." This bug is crawling around all my browsers. Damn it!!!
 
Please somebody help. The HJT fix is not holding - reappearances of the 6 or 7 go.microsoft.com and the norman\Nvc\BIN\nipsvc.exe continues.

NOW I CAN'T CONNECT AT ALL TO THE INTERNET. Am typing on another machine - my old (!) laptop with a wireless card. This is excruciating.
 
Your log results here;

Thanks, tw0rld, but I actually ran the parse program and cleaned them all. Since then the Norman and the go.microsoft.com ones keep reappearing.

This is the first time ever that Hijack This has been unable to clear up something.

I've done this 10 times through, start to finish today. Still this stuff keeps reappearing. Thoughts?

And thanks.
 
(go.microsoft.com) - This is not a threat. This is Internet explorers default start page, as a matter of fact i would recommend that you reset IE settings. The fact that is appearing is a good thing.

I suggest that you update IE to Version 7; http://www.microsoft.com/downloads/details.aspx?FamilyId=9AE91EBE-3385-447C-8A30-081805B2F90B&displaylang=en

I woukd also suggest that you update windows with Sp3 ; http://update.microsoft.com/windowsupdate/v6/default.aspx

Gee, thanks, T. I'll try to remember that when I can ACCESS THE INTERNET AGAIN. Sheesh.

Anyone else?
 
Could you post a fresh hijackthis log from that system?
Also, please download Combofix and run a scan from HERE. Attach the logs in your next reply.
 
Status
Not open for further replies.
Back