Solved

highjackthis log showing new nameserver and TCpip with ip address ??

Posted on 2004-09-16
4
189 Views
Last Modified: 2010-04-11
Hello,
I found Ihave a new entry in my highjackthis log that I dont know what it is, it seems to be an IP address, when I delete it I then cannot connect to the net, it has only appeared since this morning , and I have just donwloaded the newest updates from microsoft. I include the log below, would be grateful for any help.


the log is below, this is the entry I am confused about

O17 - HKLM\System\CCS\Services\Tcpip\..\{70B11096-99D7-40A9-BA03-7A34A27AADBE}: NameServer = 158.152.1.43 158.152.1.58

see the IP address I have not a clue why????







Logfile of HijackThis v1.98.2
Scan saved at 10:46:23, on 16/09/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\edit pad\EditPad.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Topo\My Documents\hijack\HijackThis.exe

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O17 - HKLM\System\CCS\Services\Tcpip\..\{70B11096-99D7-40A9-BA03-7A34A27AADBE}: NameServer = 158.152.1.43 158.152.1.58





regards

Kenny
0
Comment
Question by:thatelvis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 21

Expert Comment

by:jvuz
ID: 12074074
Your internet connection, it's through a modem,...?
0
 
LVL 65

Accepted Solution

by:
SheharyaarSaahil earned 250 total points
ID: 12074090
I dont think so that this IP entry is BAD,,,,, i mean its looking like a Valid IP !!
are u on network, or have u contacted ur ISP, it can be from them also !!

Im also getting an IP entry in my LOG and i know its from my ISP, almost all of us get those IPs entries, it will be considered as BAD only if its from a JUNK sites,,, as mentioned here >> http://aumha.org/a/hjttutor.php#o17

So just confirm it from ur ISP and u will be satisfied :)
and BTW here is a site which is called Automatic Analyse site, it can analyse ur hijakchtis logs for BAD entires.... if u want u can analyse ur above log here to confirm if its showing this IP entry as NASTY or GOOD :)
http://www.hijackthis.de/index.php?langselect=english

Good Luck =)
0

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Do you know what to look for when considering cloud computing? Should you hire someone or try to do it yourself? I'll be covering these questions and looking at the best options for you and your business.
No single Antivirus application (despite claims by manufacturers) will catch or protect you from all Virus / Malware or Spyware threats. That doesn't stop you from further protecting yourself however - and this article is to show you how.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question