Win7 DNS redirect help

My problem is... My friend took a laptop to fix... He's not IT-ppl.. Asks help all the time... He send logs to me, which I analyze... The computer in question seems to be quite clean, no browser hijacks, toolbars or viruses.. But on HijackThis log I found that there is some software which overules net settings and sets DNS to Israel ( [Optimedia Electronic Publishing] and [GREENTEAM-NET]...

HijackThis shows:
O17 - HKLM\System\CCS\Services\Tcpip\..\{87E93D51-F4CE-4AEA-A21F-08B7B43C3F2E}: NameServer =,
O17 - HKLM\System\CS1\Services\Tcpip\..\{87E93D51-F4CE-4AEA-A21F-08B7B43C3F2E}: NameServer =,

ID shows there, any programs to backtrack that ID to software which installed it?

I suspect Iobit software changing that, but dunno... could be malware which is not recognised by 8 AV-software, I've worked on comps with infections, but that DNS redirection is new...

This is from a computer from unknown company... they let my friend to work on it, friend is not allowed to give that laptop to me, due to "privacy"... The same laptop is used w/ company for business clients, billing intra use AND for use local clients web etc. activities.. no AV, no nothing... I've given help to IT-security, but that company won't listen to my advise
... Oh well... still curious which software redirects those dns calls...
Any help?

10 Posts
Problem solved... after removing Iobit Advanced System Care and rewriting DNS settings on net settings, Hijack this shows different software ID:s and don't redirect TCP/IP communications anymore.. Teemu

10 Posts
the two IP addresses have been used by an adware, DNS Unlocker. Might be worth to check if there is the software installed. If it is DNS unlocker, it also adds root certificate in the trusted chain. footq

1 Posts
TY for your response... that DNS Unlocker is new to me, I'll check more info about it.. I'd loved to had that comp for inspection, but I could only consult the friend of mine about that comp.. No more problems found about DNS-redirect, It's out of my hands.. I'll check all available logs from that workstation if I could find anything interesting.

EDIT: Friend of mine run Malwarebytes anti-malware on that workstation.. he remembers seeing that DNS Unlocker on screen, but he failed to send me logs what was found and removed... at least that dns-override hadn't happened since...

10 Posts

Sign Up for Free or Log In to start participating in the conversation!