Wat can i safely delete?

Discussion in 'adware, spyware & hijack cleaning' started by ronny, Mar 28, 2004.

Thread Status:
Not open for further replies.
  1. ronny

    ronny Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    231
    Location:
    Belgium
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - Default URLSearchHook is missing
    O1 - Hosts: 203.161.127.141 www.dcsresearch.com

    Can i delete this 2? What are they? o_O

    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
    O2 - BHO: (no name) - {2F2FBF0D-254F-11D5-B1E5-0050DAD7AF62} - (no file)


    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\System32\nzdd.dll

    Thank you very much for the help!
     
  2. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    please post a full hijackthis log, we cannot advise on little bits and pieces, it is more likely to cause problems to your computer that way
     
  3. ronny

    ronny Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    231
    Location:
    Belgium
    ok ,i'm sorry. :oops: I just wasn't sure if it is safe to post complete log. I guess it is if you said so. So here is the complete log:

    [ after i got the advice,see response, i removed it, because i feel safer this way and because there were all legitimate entries.I hope i don't offend anyone or any principles.]
     
  4. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    Run hijackthis, tick these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked

    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
    O2 - BHO: (no name) - {2F2FBF0D-254F-11D5-B1E5-0050DAD7AF62} - (no file)

    This is optional it's the real player downloader, if you use it OK leave it, otherwise fix it as well
    O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\System32\nzdd.dll

    all the others appear toi be legitimate programs and applications.
     
  5. ronny

    ronny Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    231
    Location:
    Belgium
    Thank you very much dvk01!
    I also found it ,thanks to your link:
    www.thespykiller.co.uk They were "acrobat reader" and the other was "anonymizer".

    That site was just the thing i needed.Fantastic ! :).

    Can i give a cookie for that o_O....i think so ;) Too bad i also can't give one to Merijn and TonyK.
    (Hey ,it is fun to give cookies :D )
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    But you can. :)
    http://www.wilderssecurity.com/index.php?board=;action=viewprofile;user=TonyKlein

    http://www.wilderssecurity.com/index.php?board=;action=viewprofile;user=Merijn
     
  7. ronny

    ronny Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    231
    Location:
    Belgium
    and guess what... i just did :D

    It seems Wilderssecurity is a good place to hang out if you want to know and learn from all THE Experts :cool:
     
Thread Status:
Not open for further replies.