Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

"dname" nameserver hi jack, cannot remove.

Started by oppressed , Aug 20 2005 03:17 PM

  • This topic is locked This topic is locked

#1
oppressed
Posted 20 August 2005 - 03:17 PM

oppressed

    New Member

  • Member
  • Pip
  • 1 posts
Hey, I have been working on this problem for a while now, everytime I connect to the Internet via Windows Dial Up something is adding its own nameserver to redirect me to [bleep], casino and search sites. The culprit in the below Hi Jack This log is #017. It recreates it self everytime I dial into the Internet. If i delete the key while connected to the net I can't resolve any domain names. I even tried connecting to the Internet via NetZero Account & NetZero dial up software, when I ran HJT while connected with NetZero's software the 017 entry displayed NetZero's correct nameservers but the redirects still happened. So I am really confused on this one.

Any help would be greats, Thanks

Shawn

Logfile of HijackThis v1.99.1
Scan saved at 5:09:21 PM, on 20/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Network\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tools\ProcessGuard\dcsuserprot.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\Program Files\Hardware\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hardware\Logitech\iTouch\iTouch.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Hardware\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Hardware\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\essspk.exe
C:\Program Files\Tools\ProcessGuard\pgaccount.exe
C:\Program Files\Stardock\CursorXP\CursorXP.exe
C:\Program Files\Tools\ProcessGuard\procguard.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\OPPressed\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\notepad.exe

O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\Utilities\GetRight\xx2gr.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Hardware\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Hardware\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Network\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -off
O4 - HKLM\..\Run: [!1_pgaccount] "C:\Program Files\Tools\ProcessGuard\pgaccount.exe"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\Stardock\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [!1_ProcessGuard_Startup] "C:\Program Files\Tools\ProcessGuard\procguard.exe" -minimize
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - C:\Program Files\Utilities\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\Utilities\GetRight\GRbrowse.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Network\Yahoo Messenger\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Network\Yahoo Messenger\YPager.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B79E2AC-58D5-4DB4-BC50-C965AE96BD56}: NameServer = 69.50.184.86 85.255.112.9
O20 - AppInit_DLLs: wbsys.dll MsgPlusLoader.dll
O20 - Winlogon Notify: iexplore - C:\WINDOWS\SYSTEM32\2l20a.dll
O20 - Winlogon Notify: reset5 - C:\WINDOWS\SYSTEM32\reset5.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DiamondCS Process Guard Service v3.000 (DCSPGSRV) - DiamondCS - C:\Program Files\Tools\ProcessGuard\dcsuserprot.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel - C:\Program Files\Hardware\Intel Application Accelerator\iaantmon.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: Reset 5 - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Network\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\System32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\System32\vmnat.exe

Edited by oppressed, 20 August 2005 - 03:26 PM.

  • 0

Advertisements

#2
therock247uk
Posted 20 August 2005 - 03:38 PM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
There are processes running on your computer that show me you have an illegal copy of Windows. While I understand that you may not have known that your copy was illegal, I unfortunately cannot help you any further. It is against our policy to help anyone who does not have a valid copy of Windows. Thank you for understanding, and for your cooperation.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP