Solved

highjackthis log showing new nameserver and TCpip with ip address ??

Posted on 2004-09-16
4
185 Views
Last Modified: 2010-04-11
Hello,
I found Ihave a new entry in my highjackthis log that I dont know what it is, it seems to be an IP address, when I delete it I then cannot connect to the net, it has only appeared since this morning , and I have just donwloaded the newest updates from microsoft. I include the log below, would be grateful for any help.


the log is below, this is the entry I am confused about

O17 - HKLM\System\CCS\Services\Tcpip\..\{70B11096-99D7-40A9-BA03-7A34A27AADBE}: NameServer = 158.152.1.43 158.152.1.58

see the IP address I have not a clue why????







Logfile of HijackThis v1.98.2
Scan saved at 10:46:23, on 16/09/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\edit pad\EditPad.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Topo\My Documents\hijack\HijackThis.exe

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O17 - HKLM\System\CCS\Services\Tcpip\..\{70B11096-99D7-40A9-BA03-7A34A27AADBE}: NameServer = 158.152.1.43 158.152.1.58





regards

Kenny
0
Comment
Question by:thatelvis
4 Comments
 
LVL 21

Expert Comment

by:jvuz
ID: 12074074
Your internet connection, it's through a modem,...?
0
 
LVL 65

Accepted Solution

by:
SheharyaarSaahil earned 250 total points
ID: 12074090
I dont think so that this IP entry is BAD,,,,, i mean its looking like a Valid IP !!
are u on network, or have u contacted ur ISP, it can be from them also !!

Im also getting an IP entry in my LOG and i know its from my ISP, almost all of us get those IPs entries, it will be considered as BAD only if its from a JUNK sites,,, as mentioned here >> http://aumha.org/a/hjttutor.php#o17

So just confirm it from ur ISP and u will be satisfied :)
and BTW here is a site which is called Automatic Analyse site, it can analyse ur hijakchtis logs for BAD entires.... if u want u can analyse ur above log here to confirm if its showing this IP entry as NASTY or GOOD :)
http://www.hijackthis.de/index.php?langselect=english

Good Luck =)
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
By this time the large percentage of day-to-day transactions have shifted to mobile banking; here are some overriding areas QAs must investigate while testing mobile banking apps.  
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now