Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

"dname" nameserver hi jack, cannot remove.


  • This topic is locked This topic is locked

#1
oppressed

oppressed

    New Member

  • Member
  • Pip
  • 1 posts
Hey, I have been working on this problem for a while now, everytime I connect to the Internet via Windows Dial Up something is adding its own nameserver to redirect me to [bleep], casino and search sites. The culprit in the below Hi Jack This log is #017. It recreates it self everytime I dial into the Internet. If i delete the key while connected to the net I can't resolve any domain names. I even tried connecting to the Internet via NetZero Account & NetZero dial up software, when I ran HJT while connected with NetZero's software the 017 entry displayed NetZero's correct nameservers but the redirects still happened. So I am really confused on this one.

Any help would be greats, Thanks

Shawn

Logfile of HijackThis v1.99.1
Scan saved at 5:09:21 PM, on 20/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Network\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tools\ProcessGuard\dcsuserprot.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\Program Files\Hardware\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hardware\Logitech\iTouch\iTouch.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Hardware\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Hardware\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\essspk.exe
C:\Program Files\Tools\ProcessGuard\pgaccount.exe
C:\Program Files\Stardock\CursorXP\CursorXP.exe
C:\Program Files\Tools\ProcessGuard\procguard.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\OPPressed\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\notepad.exe

O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\Utilities\GetRight\xx2gr.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Hardware\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Hardware\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Network\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -off
O4 - HKLM\..\Run: [!1_pgaccount] "C:\Program Files\Tools\ProcessGuard\pgaccount.exe"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\Stardock\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [!1_ProcessGuard_Startup] "C:\Program Files\Tools\ProcessGuard\procguard.exe" -minimize
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - C:\Program Files\Utilities\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\Utilities\GetRight\GRbrowse.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Network\Yahoo Messenger\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Network\Yahoo Messenger\YPager.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B79E2AC-58D5-4DB4-BC50-C965AE96BD56}: NameServer = 69.50.184.86 85.255.112.9
O20 - AppInit_DLLs: wbsys.dll MsgPlusLoader.dll
O20 - Winlogon Notify: iexplore - C:\WINDOWS\SYSTEM32\2l20a.dll
O20 - Winlogon Notify: reset5 - C:\WINDOWS\SYSTEM32\reset5.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DiamondCS Process Guard Service v3.000 (DCSPGSRV) - DiamondCS - C:\Program Files\Tools\ProcessGuard\dcsuserprot.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel - C:\Program Files\Hardware\Intel Application Accelerator\iaantmon.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: Reset 5 - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Network\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\System32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\System32\vmnat.exe

Edited by oppressed, 20 August 2005 - 03:26 PM.

  • 0

Advertisements


#2
therock247uk

therock247uk

    Expert

  • Expert
  • 14,671 posts
  • MVP
There are processes running on your computer that show me you have an illegal copy of Windows. While I understand that you may not have known that your copy was illegal, I unfortunately cannot help you any further. It is against our policy to help anyone who does not have a valid copy of Windows. Thank you for understanding, and for your cooperation.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP