Hjt log hijacked domain? please help

[chazilla]

View attachment 28752123456

 

[chazilla]

I've never used a forum before, so I hope I'm posting correctly and not stepping over my boundaries or on anyone's toes.
Apparently my domain has been hijacked, however, I haven't a domain. I cannot get rid of the "NameServer = 216.163.120.19,216.163.120.21" without disrupting my connection to the internet. I appreciate any and all help you kind souls can give me. Thank you very much.

 

[techflame23]

yes your hijack this logs shows two files that have the same "domain" as this.
They are both in your registr ch shows you have downloaded them or opened a trojan somewhere along the line.
Please go to windows seach (start menu right side) and search under all files and folders the following, one at a time. When yu find them, delete them.

HKLM\System\CCS\Services\Tcpip\..\{A5B43D64-4B33-4A12-A740-C65ABF1DEB3D}: NameServer = 216.163.120.19,216.163.120.21

HKLM\System\CS1\Services\Tcpip\..\{A5B43D64-4B33-4A12-A740-C65ABF1DEB3D}: NameServer = 216.163.120.19,216.163.120.21

(NOTE: You may want to copy these and paste them into the search box. CTRL+C for copy, CTRL+V for paste, you have to highlight the piece you want to copy)

 

[DelJo63]

post your result from
run->cmd /k ipconfig /all
the DNS will be shown there

the HKLM\System\CCS and HKLM\System\CS1 entries are HJT abbreviations for

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet and
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001​

respectively

the real DNS address will be found at
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters DhcpNameServer (a list of two)

suggest you confirm that your router has UPnP disabled and a non-defaulted admin password

 

[techflame23]

thanks for pointing that out jobeard