Solved

highjackthis log showing new nameserver and TCpip with ip address ??

Posted on 2004-09-16
4
187 Views
Last Modified: 2010-04-11
Hello,
I found Ihave a new entry in my highjackthis log that I dont know what it is, it seems to be an IP address, when I delete it I then cannot connect to the net, it has only appeared since this morning , and I have just donwloaded the newest updates from microsoft. I include the log below, would be grateful for any help.


the log is below, this is the entry I am confused about

O17 - HKLM\System\CCS\Services\Tcpip\..\{70B11096-99D7-40A9-BA03-7A34A27AADBE}: NameServer = 158.152.1.43 158.152.1.58

see the IP address I have not a clue why????







Logfile of HijackThis v1.98.2
Scan saved at 10:46:23, on 16/09/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\edit pad\EditPad.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Topo\My Documents\hijack\HijackThis.exe

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O17 - HKLM\System\CCS\Services\Tcpip\..\{70B11096-99D7-40A9-BA03-7A34A27AADBE}: NameServer = 158.152.1.43 158.152.1.58





regards

Kenny
0
Comment
Question by:thatelvis
4 Comments
 
LVL 21

Expert Comment

by:jvuz
ID: 12074074
Your internet connection, it's through a modem,...?
0
 
LVL 65

Accepted Solution

by:
SheharyaarSaahil earned 250 total points
ID: 12074090
I dont think so that this IP entry is BAD,,,,, i mean its looking like a Valid IP !!
are u on network, or have u contacted ur ISP, it can be from them also !!

Im also getting an IP entry in my LOG and i know its from my ISP, almost all of us get those IPs entries, it will be considered as BAD only if its from a JUNK sites,,, as mentioned here >> http://aumha.org/a/hjttutor.php#o17

So just confirm it from ur ISP and u will be satisfied :)
and BTW here is a site which is called Automatic Analyse site, it can analyse ur hijakchtis logs for BAD entires.... if u want u can analyse ur above log here to confirm if its showing this IP entry as NASTY or GOOD :)
http://www.hijackthis.de/index.php?langselect=english

Good Luck =)
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The new Gmail Phishing Scam going around is surprising even the savviest of users with its sophisticated techniques.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question