# Solved: Internet explorer keeps opening pages by itself



## mazaprin (Aug 20, 2007)

I use IE 7 on my Pc and about the beginning od May IE went crazy for no apparent reason, it starts opening webpages by itself (or refreshing the same webpage), if you close it , after a few seconds the same webpage will open again. They are blank pages at first and then once they have loaded they are just the original page Ive opened up.

It only happens in IE (Firefox, msn, yahoo and chrome are OK) and also from within AOL, it will open IE and go to the page I was trying to browse in AOL and keep opening up tab after tab and after a few tabs a blank page tab opens then it goes back to opening up the page I was trying to browse. Whats interesting after closing it with Task Manager after a few seconds IE will reopen on its own and continue where it left off. This is maddening.
The only way to stop it is to reboot the PC. I have Trend Micro Internet Security 2010, Spybot Search and Destroy and SuperantiSpyware and I have scanned my entire computer with each and they did not find any troyans or malwares or viruses at all.

This is the first time in ten years that I have been using different versions of IE that I see this strange issue. Many other people are posting the same complain in other forums and to date nobody have found a solution. Some say it could be some virus named vundu or the conflickr, other say it could be some bug due to a bad recent microsoft update for IE7 (some people even says that IE8 is having the same problem), others say that they are Chinese hackers. Nobody knows. Trend Micro even provided me with link to download their HiJackThis and I ran it and sent them the Log and they only found 2 or 3 suspicious hidden files but I clarified to them that these were valid files from legit applications that I have, so they could not find anything related to a virus or malware and they finally suggested me to contact Microsoft Tech Support since IE belongs to them.

I would very much appreciate that If you have found the reason of this IE problem, or the culprit or the solution or fix, please share it with me.


----------



## Cheeseball81 (Mar 3, 2004)

Would you mind posting the HijackThis log here?

I had a similar problem awhile ago....and it occurred with IE when I'd be browsing through AOL. It would just keep opening blank pages like the computer was possessed. I'd have to turn the computer off.

It did stop happening after I upgraded to IE8 oddly enough.


----------



## mazaprin (Aug 20, 2007)

Hi and thanks for your reply. I am enclosing the HijackThis Log from may 19 done in SAFE MODE. I also scanned my PC in safe mode and trend micro did not find anything, Spybot found like 7 spywares and removed them and malwarebytes found 2 infections and removed them and i thought these were the culprits BUT... IE is still opening pages.

Regarding upgrade to IE8 that would be a last resort because I have heard horror stories about IE8 like crashing too frequently, not opening some webpages or that it still has some bugs that should be fixed by microsoft (according to others) and I am not sure if I would be able to uninstall it later if I don't like it.


----------



## Cheeseball81 (Mar 3, 2004)

There's a lot of toolbars....none bad....just a lot.

And many DNS entries. Where are you located? That IP came up in looks to be Kansas.


----------



## mazaprin (Aug 20, 2007)

Hi, I have several toolbars on IE but I don't use them actively I only have them there hidden just for eventual use and they are all legitimate toolbars that I have had for years without any conflicts with IE. I am located in Miami, Florida.


----------



## RAGGSTAR (Apr 24, 2010)

Hi there,
I had the same problem except in firefox and IE (not sure if it was a IE8 though)
Just download SuperAntiSpyWareFREE EDITION (google it) and it solved it for me!


----------



## mazaprin (Aug 20, 2007)

Hi, I also have Auoperantispyware and i have scanned with all of them including Spybot, Malwarebytes, etc in normal and safe modes and all they found were some tracking cookies. 
I have used Acronis True Image for years and i do a full system backup image every week (stored on an external HD) and since nobody have found a solution to this issue (that with me started around May 1st, I decided to restore mny system to an image from April 11 and I did it yesterday and I am in the proccess of updating the PC (a few security updates, java,etc) and up to now I have not seen IE opening pages by itself but it is too early to tell.

I will try to use IE and AOL more to see if the issue is gone (maybe it was some malware I catched after April 11 that is new and they still have not discovered it), but I remember that my probklems with IE started at the beginning of May.

I will keep you posted and take advantage of this to recommend everybody to get Acronis True Image Home 2010 which is the top of the line and it has saved me many times in the npast years when my system had crashes (not even booting) and do yourselves a big favor and do a full system backup to an external USB HD every week or so and when you have your computer going crazy or whatever problem you are not able to solve fast, just restore your complete system to the last backup image saved and ... VOILA!!! in less than 30 minutes you are up and going again!.

go to www.acronis.com and inform yourselves about this wonderful software.


----------



## Cheeseball81 (Mar 3, 2004)

Sorry I missed your previous response, This thread got lost in my subscriptions. I am glad the problem got resolved (so far anywway)


----------



## mazaprin (Aug 20, 2007)

Hello, sorry guys ths issue is still alive and quicking!...I am sure that I did not have this issue before May 1st (and I use IE very often) and this time I have noticed that when I go directly to IE and start browsing from there nothing happens but when I start browsing AOL (AOL uses her own configured version of IE) and I am taken to some IE webpage thru AOL (like one of
these entertainment pages), when I close the page IE (the real oneIE not the AOL version) starts refreshing that same page again and again. 

I use AOL for free and I have also noticed that from a big while ago AOL is getting worse and worse (too slow to open pages and frequent freezes, etc). I am going to call AOL to see if their techs know something about this issue.

On the other Forum tey suggested that I reset IE and I already did and I am waiting to see if that solves the problem.
I will keep you posted.


----------



## Cheeseball81 (Mar 3, 2004)

This really sounds like what happened to me. I would use IE to check my AOL email. And when I was done and closing out the window, a thousand IE windows would start opening. I couldn't stop them and just ended up turning off my PC.

Sorry to say that upgrading to IE8 actually stopped it from happening. At least for me. I would be curious what the AOL techs had to say about it.


----------



## mazaprin (Aug 20, 2007)

Hi guys, I am glad to inform yiou that I have solved the problem. The BBS Forum have been helping me to run several tests and scans for malware and viruses but they did not found any infection and I noticed that almost all the time the problems with IE opening infinite pages (or refreshing that page) were happening while I was browsing with AOL (which also openes some pages in IE format) but did not happen when I browsed directly with the orifinal IE7.

Two days ago I received an automatic AOL software update and after that update I was not having the issue and could not re-create it anymore, so all that issue with IE was due to some BUG on the AOL browser and I hope that you who are experiencing the same problem may have already goten that update to fix it. Since I have been using the AOL browser for FREE for years when I called AOL support two weeks ago to get some help or input from them regarding the issue (I did not know by that time that AOL browser was the culprit) and if there were complaints about the issue, they responded me that since I was using AOL for free that I would have to pay for the tech support (and I did not accept that offer because I was not sure that the issue originated within the AOL browser at that time)

I am posting here the link to my post at the BBS Forums where you can read all the tests and scans we did with different tools as a learning experience and to help others that are having the same issue (there are 3 pages on that post):

http://www.windowsbbs.com/malware-virus-removal/93337-active-ie7-keeps-opening-pages-itself.html


----------



## Phantom010 (Mar 9, 2009)

Do you still have all those OpenDNS entries in your HijackThis log (O17 entries)? Why so many?

*How to Configure OpenDNS*


----------



## mazaprin (Aug 20, 2007)

Hi, responding your question, I was using Open DNS server to try to improve my browsing and/or speed of the internet.
You can use any DNS server that you wish (Comcast, Google, Earthlink, Open, etc) and I have been trying one after another as a personal research but then recently i found a little and extremely useful application called DNS Bench (does not requiere installation you just open it and run it) that tests all available DNS servers and compare one with another and gives you their addresses so you can use them. here is the link to download:

http://www.grc.com/dns/benchmark.htm

Also i don't understand what you are trying to say about "so many (017) entries"??? I don't understand very weel the HijackThis Log as to why there are so many 017 entries or why is that of concern since I was using Open DNS server I guess there should be many instances when I connecting. Could you explain to me why did you ask that question? I recently changed to the Google DNS server (8.8.8.8 and 8.8.4.4) according to the DNSBench and it seems to be working good (and better than the Open DNS Server)


----------



## Phantom010 (Mar 9, 2009)

I understand but your OpenDNS configuration isn't standard. Mine gives a single O17 HijackThis entry. Yours show 32!!! Something went definitely wrong! Possibly the reason for your problems?


----------



## Phantom010 (Mar 9, 2009)

OK, just found the problem. Your log dates back to 05/19/10.

Can you post a fresh new HijackThis log?

Simply copy and paste it in your next post.


----------



## mazaprin (Aug 20, 2007)

I don't know why there are 32 entries for open DNS, I am not a computer expert. Here is a fresh HijackThis log and althought the Open DNS is still shown there is also the 4.2.2.1 and 4.2.2.2 Server and also the Google Server (8.8.8.8 and 8.8.4.4) that I am presently using. I don't know why these Open Dns entries are still there since I am not using it anymore but despite of that I am not having the IE issue anymore. Here is the Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:15:29 PM, on 6/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\intelxpv_v103\wdm\STacSV.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
D:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
D:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\ThreatFire\TFService.exe
D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\alg.exe
D:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe
D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\Explorer.EXE
D:\PROGRA~1\CLIPBO~1\CLIPBO~1.EXE
D:\Program Files\AOL 9.5\waol.exe
D:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\AccountLogon\AccountLogon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
D:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Common Files\AOL\1262479731\ee\AOLSoftware.exe
D:\Program Files\Weather Watcher Live\ww.exe
D:\Program Files\WinDates\WinDates.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\AOL 9.5\shellmon.exe
D:\Program Files\WallMaster\wallmast.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.supportforyourpc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - D:\Program Files\Norton Security Suite\Engine\4.2.0.12\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - D:\Program Files\Norton Security Suite\Engine\4.2.0.12\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files\Norton Security Suite\Engine\4.2.0.12\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartupFaster] "D:\Program Files\Startup Faster\startuploader.exe" -run SFAURUN SFCURUN SFAUSTARTUP SFCUSTARTUP
O4 - HKCU\..\Run: [AOL Fast Start] "D:\Program Files\AOL 9.5\AOL.EXE" -b
O4 - HKCU\..\Run: [Clipboard Buddy] D:\PROGRA~1\CLIPBO~1\CLIPBO~1.EXE
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AccountLogon] D:\Program Files\AccountLogon\AccountLogon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'Default user')
O4 - Startup: StartupFaster
O4 - Global Startup: StartupFaster
O8 - Extra context menu item: AccountLogon - C:\WINDOWS\al-popup-heriberto maza.html
O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-heriberto maza.html (HKCU)
O9 - Extra 'Tools' menuitem: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-heriberto maza.html (HKCU)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {116D4961-37BF-4A0A-919E-673A1B2D89A0} (CSDVRS) - http://www.csdvrs.com/CSDVRS.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - 
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{2901AB08-6F1C-4708-8E65-A82BCEA72071}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS103\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS105\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS106\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS107\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS108\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS109\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS110\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS111\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS112\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS113\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS114\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS115\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS116\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS117\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS118\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS119\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS120\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS121\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS122\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS123\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS124\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS125\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS126\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS127\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS128\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS129\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS130\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS131\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS132\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS133\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS134\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS135\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS142\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 4.2.2.1,4.2.2.2
O17 - HKLM\System\CS143\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS144\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS145\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 8.8.8.8,8.8.4.4
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Update Service (gupdate1c9dd7a8df5dcfe) (gupdate1c9dd7a8df5dcfe) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - D:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\intelxpv_v103\wdm\STacSV.exe
O23 - Service: ThreatFire - PC Tools - D:\Program Files\ThreatFire\TFService.exe
O23 - Service: TomTomHOMEService - TomTom - D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - D:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 19174 bytes


----------



## Phantom010 (Mar 9, 2009)

I could have you delete the OpenDNS entries in the registry but I'll leave it to *Cheeseball81*. She'll have you do it the easy way...


----------



## mazaprin (Aug 20, 2007)

well thanks but I think the HijackThis Utility can also delete all the entries that I check automatically


----------



## Phantom010 (Mar 9, 2009)

I'm not permitted to advise you to do that. You should wait for proper assistance from a Gold or Green Shield. Fixing (deleting) the wrong entries can be dangerous...

You can even send a PM to *Cheeseball81*.


----------



## Cheeseball81 (Mar 3, 2004)

Rescan with Hijack This.
Close all browser windows except Hijack This.
Put a check mark beside these entries and click "Fix Checked".

*O17 - HKLM\System\CS103\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS105\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS106\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS107\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS108\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS109\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS110\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS111\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS112\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS113\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS114\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS115\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS116\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS117\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS118\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS119\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS120\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS121\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS122\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS123\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS124\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS125\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS126\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS127\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS128\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS129\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS130\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS131\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS132\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS133\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS134\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS135\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220*

Close HijackThis and restart your computer. Post a new log afterwards.


----------



## mazaprin (Aug 20, 2007)

Hi, I deleted all the 017 referred to that Open Server and here is the new log. I am currently using the google DNS Server 
(8.8.8.8 and 8.8.4.4) and before that I was using the 4.2.2.1 and 4.2.2.2. I don't know why the google DNS Server is repeating now.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:16:48 AM, on 6/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\intelxpv_v103\wdm\STacSV.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
D:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
D:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\ThreatFire\TFService.exe
D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\alg.exe
D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
D:\PROGRA~1\CLIPBO~1\CLIPBO~1.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\AccountLogon\AccountLogon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
D:\Program Files\AOL 9.5\waol.exe
D:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe
D:\Program Files\Internet Download Manager\IDMan.exe
D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
D:\Program Files\Internet Download Manager\IEMonitor.exe
D:\Program Files\WinDates\WinDates.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
D:\Program Files\Weather Watcher Live\ww.exe
D:\Program Files\WallMaster\wallmast.exe
D:\Program Files\ThreatFire\TFTray.exe
D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\AOL\1262479731\ee\AOLSoftware.exe
D:\Program Files\AOL 9.5\shellmon.exe
D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.supportforyourpc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - D:\Program Files\Norton Security Suite\Engine\4.2.0.12\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - D:\Program Files\Norton Security Suite\Engine\4.2.0.12\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files\Norton Security Suite\Engine\4.2.0.12\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartupFaster] "D:\Program Files\Startup Faster\startuploader.exe" -run SFAURUN SFCURUN SFAUSTARTUP SFCUSTARTUP
O4 - HKCU\..\Run: [AOL Fast Start] "D:\Program Files\AOL 9.5\AOL.EXE" -b
O4 - HKCU\..\Run: [Clipboard Buddy] D:\PROGRA~1\CLIPBO~1\CLIPBO~1.EXE
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AccountLogon] D:\Program Files\AccountLogon\AccountLogon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'Default user')
O4 - Startup: StartupFaster
O4 - Global Startup: StartupFaster
O8 - Extra context menu item: AccountLogon - C:\WINDOWS\al-popup-heriberto maza.html
O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-heriberto maza.html (HKCU)
O9 - Extra 'Tools' menuitem: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-heriberto maza.html (HKCU)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {116D4961-37BF-4A0A-919E-673A1B2D89A0} (CSDVRS) - http://www.csdvrs.com/CSDVRS.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - 
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{2901AB08-6F1C-4708-8E65-A82BCEA72071}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS142\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 4.2.2.1,4.2.2.2
O17 - HKLM\System\CS143\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS144\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS145\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS146\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 8.8.8.8,8.8.4.4
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Update Service (gupdate1c9dd7a8df5dcfe) (gupdate1c9dd7a8df5dcfe) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - D:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\intelxpv_v103\wdm\STacSV.exe
O23 - Service: ThreatFire - PC Tools - D:\Program Files\ThreatFire\TFService.exe
O23 - Service: TomTomHOMEService - TomTom - D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - D:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 15313 bytes


----------



## Cheeseball81 (Mar 3, 2004)

Did you want to remove the 4.2.2.1 and 4.2.2.2 entries too?


----------



## mazaprin (Aug 20, 2007)

I could remove these entries 4.2.2.1 and 4.2.2.2 but I guess they won't do any harm by being there unless you think they may conflict with the other 8.8.8.8 and 8.8.4.4,


----------

