?
Solved

highjackthis log showing new nameserver and TCpip with ip address ??

Posted on 2004-09-16
4
Medium Priority
?
191 Views
Last Modified: 2010-04-11
Hello,
I found Ihave a new entry in my highjackthis log that I dont know what it is, it seems to be an IP address, when I delete it I then cannot connect to the net, it has only appeared since this morning , and I have just donwloaded the newest updates from microsoft. I include the log below, would be grateful for any help.


the log is below, this is the entry I am confused about

O17 - HKLM\System\CCS\Services\Tcpip\..\{70B11096-99D7-40A9-BA03-7A34A27AADBE}: NameServer = 158.152.1.43 158.152.1.58

see the IP address I have not a clue why????







Logfile of HijackThis v1.98.2
Scan saved at 10:46:23, on 16/09/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\edit pad\EditPad.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Topo\My Documents\hijack\HijackThis.exe

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O17 - HKLM\System\CCS\Services\Tcpip\..\{70B11096-99D7-40A9-BA03-7A34A27AADBE}: NameServer = 158.152.1.43 158.152.1.58





regards

Kenny
0
Comment
Question by:thatelvis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 21

Expert Comment

by:jvuz
ID: 12074074
Your internet connection, it's through a modem,...?
0
 
LVL 65

Accepted Solution

by:
SheharyaarSaahil earned 1000 total points
ID: 12074090
I dont think so that this IP entry is BAD,,,,, i mean its looking like a Valid IP !!
are u on network, or have u contacted ur ISP, it can be from them also !!

Im also getting an IP entry in my LOG and i know its from my ISP, almost all of us get those IPs entries, it will be considered as BAD only if its from a JUNK sites,,, as mentioned here >> http://aumha.org/a/hjttutor.php#o17

So just confirm it from ur ISP and u will be satisfied :)
and BTW here is a site which is called Automatic Analyse site, it can analyse ur hijakchtis logs for BAD entires.... if u want u can analyse ur above log here to confirm if its showing this IP entry as NASTY or GOOD :)
http://www.hijackthis.de/index.php?langselect=english

Good Luck =)
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
Make the most of your online learning experience.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question