• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 198
  • Last Modified:

highjackthis log showing new nameserver and TCpip with ip address ??

I found Ihave a new entry in my highjackthis log that I dont know what it is, it seems to be an IP address, when I delete it I then cannot connect to the net, it has only appeared since this morning , and I have just donwloaded the newest updates from microsoft. I include the log below, would be grateful for any help.

the log is below, this is the entry I am confused about

O17 - HKLM\System\CCS\Services\Tcpip\..\{70B11096-99D7-40A9-BA03-7A34A27AADBE}: NameServer =

see the IP address I have not a clue why????

Logfile of HijackThis v1.98.2
Scan saved at 10:46:23, on 16/09/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\edit pad\EditPad.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Topo\My Documents\hijack\HijackThis.exe

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O17 - HKLM\System\CCS\Services\Tcpip\..\{70B11096-99D7-40A9-BA03-7A34A27AADBE}: NameServer =


1 Solution
Your internet connection, it's through a modem,...?
I dont think so that this IP entry is BAD,,,,, i mean its looking like a Valid IP !!
are u on network, or have u contacted ur ISP, it can be from them also !!

Im also getting an IP entry in my LOG and i know its from my ISP, almost all of us get those IPs entries, it will be considered as BAD only if its from a JUNK sites,,, as mentioned here >> http://aumha.org/a/hjttutor.php#o17

So just confirm it from ur ISP and u will be satisfied :)
and BTW here is a site which is called Automatic Analyse site, it can analyse ur hijakchtis logs for BAD entires.... if u want u can analyse ur above log here to confirm if its showing this IP entry as NASTY or GOOD :)

Good Luck =)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now