Bear with me: I'm operating at the edge of my knowledge of networks. My computer is making literally thousands of DNS queries every day for two domains: logmein.com and patch.everquest.com. Neither are installed on my computer. I'm trying to understand what is happening here. My computer is not infected and my wireless network is not hacked. (Anyway, why would someone want to use my computer to make DNS queries?) The DNS queries use seemingly random port numbers above 50000. Is it possible that what I am seeing is harmless behavior? (But why logmein.com and patch.everquest.com?) Or is it more likely that I really am hacked, despite the findings of many malware scanners?

Pending further research on my part, I just added the domains in question my Hosts file.

Hi, I suspect this problem is caused by some third party software. I suggest that you may use Network Monitor to find which process accessed these site. 1) Download NetMon3.4 from the following website and install it on the computer http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=983b941d-06cb-4658-b7f6-3088333d062f 2) Launch NetMon3.4 on the machine. 3) In the Microsoft Network Monitor 3.4 window, click Create a new capture tab … 4) In the new tab, select all the Network Adapters in the Select Networks window. 5) Then, switch to Network Monitor, press F5 to start NetMon. 6) Try to repro this problem.() 7) Go back to the NetMon window and press F7 to stop the NetMon. 8) Press Ctrl+S to save the Netmon file named test. Repro the steps above, access the folder use the shortcut and produce another log file. 9) Click the process in the left panel, and check which process is accessing these site. Or upload the files via SkyDrive ,and post a link here. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

A simple way to analyze this would be to use Sysinternal's TCPView. Just download this nifty little utility from here: http://technet.microsoft.com/en-us/sysinternals/bb897437 See for processes that have or are trying to establish connection with Remote Address 'logmein.com or patch.everquest.com' (or their equivalent resolved IP addresses). Then figure out if you can identify those applications. If you think they are applications doing real work, then let them stay there. If not, right-click and end those processes and get them uninstalled. If you find an executable that you're not sure if it's malware, upload it here - http://www.virustotal.com/. If most anti-malware engines flag it red, then you should get it out as soon as possible. Just to be sure, I also visited "everquest.com" and it looks to be a Sony Online Entertainment website. So this is probably trying to patch a game or something that you may have installed, not sure though. And logmein.com looks like a genuine Device Sync utility. Please revert back here is this does not answer your query. Hope it helps!Kunal D Mehta - a Windows Server Enthusiast.

Sincere thanks to you both. I will try both applications and report back when I have a solution. For now this brief update: Adding the domains in question to my hosts file was ineffective, as my computer was still trying to contact these servers more than 100,000 times a day. Fortunately, my router has the ability to stop outbound access to specified domains, and this seems to be working. As an aside: This situation has given me the opportunity to become more educated in how networks operate, so I suppose something good will come from all this. :-)

Hi, I know you add these domains in host file in order to redirect this address to a certain address. But DNS queries search the result from DNS cache before host file. So I suggest that you may clear DNS cache first. The command is : Ipconfig /flushdns Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Many thanks for all the help I am receiving. 1- Even after adding the domains to my hosts file and flushing the DNS cache, my computer continues to contact severs at logmein.com and patch.everquest.com. 2- I also blocked access to these domains in my router. This slowed the pace of requests somewhat, but my computer is still trying to access these servers. 3- Microsoft Network Monitor is a fascinating tool, but it's not showing me the name of the process or the PID that is initiating the requests. Of course, it's possible that the explanation for all this is somewhere in the data and I am just not educated enough to see it. But it's also possible that I am seeing the activity of some malicious exploit that is affecting my computer. I am seeking advice elsewhere on malware. Thanks again for your time.

" Microsoft Network Monitor is a fascinating tool, but it's not showing me the name of the process or the PID that is initiating the requests." Have you used TCPView? It shows the exact processes name and you also have an option to end those processes from within the console.Kunal D Mehta - a Windows Server Enthusiast.

SOLVED Thanks once again for the advice I have been receiving. The problems are solved. 1- Thousands of DNS lookups for LogMeIn servers (but never any attempt to actually contact those servers) are due to the LogMeIn plug-in for Firefox. I did install LogMeIn briefly, months ago, and uninstalled it shortly afterwards. Apparently, it did not uninstall cleanly (an issue known to LogMeIn users); also the LogMeIn plug-in for Firefox can be wonky (another issue known to Firefox users). Rooting out remaining bits of LogMeIn and a clean install of Firefox solved that problem. 2- Thousands of DNS lookups for the Everquest patch server came courtesy of Dell and/or nVidia, which installed basic support for Everquest 2 on my PC. Rooting out the remaining bits of nVidia software solved that problem. (I switched to an AMD video card a while back.) No detection by malware scanners, since neither LogMeIn and EverQuest 2 are malicious.