O17 - HKLM\System\CCS\Services\Tcpip\..\{712C727D-4E9B-49A0-B810-D5CC8A999B87}: NameServer = 66.38.0.240 66.38.0.241
Junior Member
O17 - HKLM\System\CCS\Services\Tcpip\..\{712C727D-4E9B-49A0-B810-D5CC8A999B87}: NameServer = 66.38.0.240 66.38.0.241
Senior Member
Hi and welcome.
It can be your Internet Service Provider.
But..post your Hjt log and a Log expert will check it.
Click on the Do a system scan and save a logfile button.
It will scan and the log should open in notepad.
Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
Junior Member
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:12:33 PM, on 8/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG8\avgwdsvc.exe
C:\WINDOWS\LTMSG.exe
C:\PROGRA~1\AVG8\avgrsx.exe
C:\WINDOWS\System32\dllhost.exe
c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG8\avgssie.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1196187860921
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1196619660562
O17 - HKLM\System\CCS\Services\Tcpip\..\{712C727D-4E9B-49A0-B810-D5CC8A999B87}: NameServer = 66.38.0.240 66.38.0.241
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware\aawservice.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG8\avgwdsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 2560 bytes
I'm new at this
Thanks
High-Voltage Messiah
Agreed. Is the below your ISP?Originally Posted by S Templar
OrgName: Bluegrass Network LLC
OrgID: BLUE
Address: 2902 Ring Road
City: Elizabethtown
StateProv: KY
PostalCode: 42701
Country: US
ReferralServer: rwhois://rwhois.blue.net:4321
NetRange: 66.38.0.0 - 66.38.127.255
CIDR: 66.38.0.0/17
NetName: BLUEGRASS-1
NetHandle: NET-66-38-0-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.BLUE.NET
NameServer: NS2.BLUE.NET
NameServer: NS3.BLUE.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2000-10-24
Updated: 2004-11-11
RTechHandle: NA175-ARIN
RTechName: Network Administrator
RTechPhone: +1-270-769-0339
RTechEmail: adminblue@blue.net
OrgTechHandle: NA175-ARIN
OrgTechName: Network Administrator
OrgTechPhone: +1-270-769-0339
OrgTechEmail: adminblue@blue.net
For more info:
http://www.howstuffworks.com/dns.htm
http://en.wikipedia.org/wiki/Domain_Name_System
I do not see anything particularly evil in your HJT log. If you like, you can fix these with HJT:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
* Are you having problems? Do you suspect malware?
PP
Last edited by PhilliePhan; 08-07-2008 at 01:43 PM.
Junior Member
Yes ISP is Bluegrass Network. No problems, just curious.
Thanks to All for help
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote
