DNS settings change automatically

[moserbr]

Vista home premium SP 2, 64 bit.

Every few minutes, my DNS settings (under Internet Protocal Version 4) in the properties tab, changes automatically from "obtain automatically," to 198.31.193.211 -- it's the same address it changes to every time.

Any help would be awesome. I've attached a hijack this file. Thank you very much

---------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:46:45 PM, on 9/2/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\MHotKey.exe
C:\Windows\ChiFuncExt.exe
C:\Windows\vVX3000.exe
C:\Program Files (x86)\The Maxifier\The Maxifier.exe
C:\Program Files (x86)\SafeConnect\scClient.exe
C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
C:\Windows\CNYHKey.exe
C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe
C:\Program Files (x86)\DeskPins\DeskPins.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Users\Brian\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
C:\Windows\ModLedKey.exe
C:\Program Files (x86)\SafeConnect\scClient.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx...09&m=lx6810-01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx...09&m=lx6810-01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx...09&m=lx6810-01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx...09&m=lx6810-01
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 198.163.152.229:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [LchDrvKey] LchDrvKey.exe
O4 - HKLM\..\Run: [LedKey] CNYHKey.exe
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStart Menu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector"

UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu. exe" "C:\Program Files (x86)\CyberLink\Power2Go"

UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [The Maxifier] "C:\Program Files (x86)\The Maxifier\The Maxifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: DeskPins.lnk = C:\Program Files (x86)\DeskPins\DeskPins.exe
O4 - Startup: MLB.TV NexDef Plug-in.lnk = C:\Users\Brian\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
O4 - Global Startup: SafeConnect.lnk = ?
O4 - Global Startup: SmartCopy.lnk = C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
O4 - Global Startup: SmartLauncher.lnk = C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows

Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} (Domino Web Access 8 Control) - https://unkmail2.unk.edu/dwa8W.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{878476A2-ADC8-4CB2-BD18-092E59348990}: NameServer = 198.31.193.211
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3B0ADF0-63F5-443D-94E9-6B3106289A0B}: NameServer = 198.31.193.211
O17 - HKLM\System\CS1\Services\Tcpip\..\{878476A2-ADC8-4CB2-BD18-092E59348990}: NameServer = 198.31.193.211
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Users\Brian\AppData\Local\Microsoft\Windows

Sidebar\Gadgets\SkypeGadget1.3.gadget\wrapper\Skyp e4COM.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt. exe
O23 - Service: Google Update Service (gupdate1ca20eba55e5c8f) (gupdate1ca20eba55e5c8f) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\Windows\runservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files (x86)\WinPcap\rpcapd.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SafeConnect Manager (SCManager) - Unknown owner - C:\Program Files (x86)\SafeConnect\scManager.sys servicestart (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe

(file missing)
O23 - Service: Zune Wireless Configuration Service (ZuneWlanCfgSvc) - Unknown owner - c:\Windows\system32\ZuneWlanCfgSvc.exe (file missing)

--
End of file - 10982 bytes

[AnnMarie]

Does this computer belong to you moserbr?

[moserbr]

Quote:

Originally Posted by AnnMarie

Does this computer belong to you moserbr?

yes. It's a personal desktop computer connected to a college dorm ethernet internet source.

[AnnMarie]

Ok. Please recheck your instructions for connecting to the college network and bypassing the proxy. They will probably be similar to this. You have your network adaptor configured to use that addy. See below.

Quote:

O17 - HKLM\System\CCS\Services\Tcpip\..\{878476A2-ADC8-4CB2-BD18-092E59348990}: NameServer = 198.31.193.211
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3B0ADF0-63F5-443D-94E9-6B3106289A0B}: NameServer = 198.31.193.211
O17 - HKLM\System\CS1\Services\Tcpip\..\{878476A2-ADC8-4CB2-BD18-092E59348990}: NameServer = 198.31.193.211

[moserbr]

Quote:

Originally Posted by AnnMarie

Ok. Please recheck your instructions for connecting to the college network and bypassing the proxy. They will probably be similar to this. You have your network adaptor configured to use that addy. See below.

Hmmm... I don't know. I guess I'm concerned that something is wrong, since not matter how many times I switch the settings back to "automatic" or to something else, within just a couple minutes it's switched back to 198.31.193.211 -- like some sort of DNS trojan, which I've been trying to read about online, but I'm not seeing any answers.

I've tried setting up my computer as though I was connecting to the school network for the first time, and nothing changes unfortunately.

I really appreciate the help.
brian.

[AnnMarie]

It's not a hijack. Can you post a link to the instructions your IT Dept have issued and tell me what browser you are using.

[moserbr]

Quote:

Originally Posted by AnnMarie

It's not a hijack. Can you post a link to the instructions your IT Dept have issued and tell me what browser you are using.

how embarrassing

I got it figured out.

I still have no idea how it got messed up in the first place, but the reason my attempts to reconnect were failing was . . . a wrong password

Thank you very much for keeping me searching down the right path, and sorry about the trouble over a fairly simple issue.

[AnnMarie]

You are welcome moserbr and you have nothing to be embarassed about, we all make mistakes.