Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT log shows O24 - Desktop Component 0: (no name) - (no file)


  • This topic is locked This topic is locked
9 replies to this topic

#1 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:06:31 AM

Posted 09 December 2009 - 07:09 AM

Acquired this machine from deceased family member about 6 mos ago w/many infections/malware/adware/bad stuff present. No trace of infection or malware presently, use Avira free & MBAM scans & definition updates regularly, machine running smoothly after self-cleaning (infected w/ trojans, rootkits, MBR, etc) Secunia PSI to update out of date & patched progs, updating drivers, unloading all the Dell bloatware & unneeded progs & files, registry cleaning w/RegSearch & CCleaner, etc, etc... But this entry has me stumped. :( Also, Autoruns shows several "file not found" entries which appear in the DDS log (I think?) which I have highlighted in bold print, and lastly the ldb.sys entry in the services/ drivers section shows up in Autoruns' scan as "file not found", I believe this is leftover from uninstalling Ad-Aware???, can I just delete this entry from the registry safely?

I am quite sure that you fine folks @ BC can and will help me to clear these minor annoyances up. Thank you in advance.

Edit to add: Could this (024 entry in HJT) be related to Secunia PSI??? I recall having a desktop shortcut icon when I first installed it, and then deleting the shortcut, I think???

DDS.txt Log:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Nick at 5:57:33.45 on Wed 12/09/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.252 [GMT -5:00]

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Nick\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
TB: {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3334504D-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File
LSA: Notification Packages = :\WINDOW

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-12-7 11608]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-9-2 55656]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
S4 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-12-7 108289]
S4 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-12-7 185089]

=============== Created Last 30 ================

2009-12-09 10:03:30 0 d-----w- c:\program files\Defraggler
2009-12-09 06:56:41 0 d-----w- c:\windows\system32\wbem\Repository
2009-12-09 06:56:08 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes(2)
2009-12-09 06:56:08 0 d-----w- c:\docume~1\alluse~1\applic~1\BitDefender
2009-12-07 20:06:22 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-12-07 20:06:22 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2009-12-07 19:42:29 48128 ----a-w- c:\windows\system32\dllcache\61883.sys
2009-12-07 19:42:29 12288 ----a-w- c:\windows\system32\dllcache\4mmdat.sys
2009-12-07 19:42:26 53376 ----a-w- c:\windows\system32\dllcache\1394bus.sys
2009-12-07 15:22:19 0 d-----w- c:\program files\Trend Micro
2009-12-07 07:33:19 0 d-----w- c:\program files\Avira
2009-12-07 07:33:19 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2009-12-07 03:39:19 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-07 01:19:05 0 d-----w- c:\docume~1\nick\applic~1\Malwarebytes
2009-12-07 01:19:05 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-06 17:34:34 0 d-----w- c:\docume~1\nick\applic~1\Malwarebytes(2)
2009-12-06 17:34:28 0 d-----w- c:\program files\Malwarebytes' Anti-Malware(2)
2009-12-03 13:27:18 1374 ----a-w- c:\windows\imsins.BAK
2009-12-02 03:06:09 0 d-----w- c:\program files\MSXML 4.0
2009-12-01 23:40:52 0 d-----w- c:\docume~1\nick\applic~1\Logs
2009-12-01 23:40:52 0 d-----w- c:\docume~1\nick\applic~1\IObit

==================== Find3M ====================

2009-12-09 09:43:53 398470 ----a-w- c:\windows\system32\JCS6_B103.exe
2009-12-03 21:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 21:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-21 15:51:04 471552 ----a-w- c:\windows\system32\dllcache\aclayers.dll
2009-11-15 13:45:32 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2009-11-04 23:59:07 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-31 05:00:35 153104 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-10-29 23:03:05 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-28 14:40:47 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 16:20:16 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys
2009-10-17 00:35:09 5 ----a-w- c:\windows\system32\drivers\DELL_INS_2200.MRK
2009-10-17 00:35:09 5 ----a-w- c:\windows\system32\drivers\1028_DELL_INS_2200.MRK
2009-10-15 09:17:55 27656 ----a-w- c:\windows\system32\drivers\pxsec.sys
2009-10-15 09:17:55 22024 ----a-w- c:\windows\system32\drivers\pxscan.sys
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-13 10:30:16 270336 ------w- c:\windows\system32\dllcache\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:19 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:38:18 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2009-10-08 18:57:02 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 18:57:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 18:57:00 220160 ------w- c:\windows\system32\dllcache\oleacc.dll
2009-10-08 18:56:56 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-08 18:56:56 20480 ----a-w- c:\windows\system32\dllcache\oleaccrc.dll
2009-10-08 03:00:11 578560 ----a-w- c:\windows\system32\dllcache\user32.dll
2009-10-05 11:17:11 81984 ----a-w- c:\windows\system32\bdod.bin
2009-10-02 04:44:07 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2006-10-30 22:17:41 56 -csh--r- c:\windows\system32\8B21EB3623.sys
2006-04-02 20:16:38 56 -csh--r- c:\windows\system32\B1A7C6D46A.sys
2006-10-30 22:17:42 4496 -csha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 5:58:06.09 ===============

[attachment=39415:Attach.zip]
[attachment=39416:RootRepe...6_10_52_.zip]

Edited by I'mlosthere, 09 December 2009 - 07:30 AM.


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:31 PM

Posted 21 December 2009 - 05:59 AM

Hi Union_Thug,

Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem if the issue is not resolved.

In case the issue is still not resolved please do the following:

Please run Hijackthis. Click Do a system scan and save a logfile then copy and paste the content of the log to your reply.

#3 Union_Thug

Union_Thug

    Bleeps with the fishes...

  • Topic Starter

  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:06:31 AM

Posted 21 December 2009 - 06:56 AM

Hi farbar :(

I've deleted this entry from the DDS scan without noticing any ill effect to my machine:
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

Here's the HJT logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:42:34 AM, on 12/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Nick\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Joe's Internet Browser
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 1761 bytes

Edit: Ran DDS scan to show changes since my OP:

=============== Created Last 30 ================

2009-12-20 12:53:37 0 d-----w- c:\program files\Belarc
2009-12-20 12:22:02 21312 ----a-w- c:\windows\choice.exe
2009-12-18 12:56:38 0 d-----w- c:\docume~1\nick\applic~1\aignes
2009-12-18 12:52:39 0 d-----w- c:\program files\AM-DeadLink
2009-12-18 10:52:06 0 d-----w- c:\docume~1\nick\applic~1\Auslogics
2009-12-18 10:51:56 0 d-----w- c:\program files\Auslogics
2009-12-16 21:27:27 0 d-----w- c:\windows\system32\wbem\Repository
2009-12-16 14:25:37 13893632 ----a-w- c:\documents and settings\nick\ntuser.bak
2009-12-16 03:32:18 0 d-----w- c:\docume~1\nick\applic~1\OnlineArmor
2009-12-16 03:32:18 0 d-----w- c:\docume~1\alluse~1\applic~1\OnlineArmor
2009-12-16 03:24:56 24656 ----a-w- c:\windows\system32\drivers\OAmon.sys
2009-12-16 03:24:55 29776 ----a-w- c:\windows\system32\drivers\OAnet.sys
2009-12-16 03:24:55 223312 ----a-w- c:\windows\system32\drivers\OADriver.sys
2009-12-15 06:47:26 0 d-----w- c:\program files\support.com
2009-12-15 06:06:04 0 d-----w- c:\program files\Malwarebytes' Anti-Malware(2)
2009-12-15 06:06:04 0 d-----w- c:\docume~1\nick\applic~1\Malwarebytes(2)
2009-12-15 06:06:04 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes(2)
2009-12-15 05:40:59 0 d-----w- c:\windows\system32\Logs
2009-12-15 04:38:36 1902 ------w- c:\windows\system32\SetupBD.din
2009-12-14 01:58:44 0 d-----w- c:\program files\Everything
2009-12-13 05:52:20 0 d-----w- c:\program files\SpywareBlaster
2009-12-13 02:33:10 0 d-----w- c:\documents and settings\nick\DoctorWeb
2009-12-12 12:51:55 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2009-12-12 12:34:49 0 d-----w- c:\windows\Logs
2009-12-12 02:55:58 0 d-----w- c:\program files\Tall Emu
2009-12-11 20:36:14 0 d-----w- c:\program files\Avira
2009-12-11 20:36:14 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2009-12-11 17:17:11 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BB36BADD-522D-4988-B24C-0D9C7F8078A1}
2009-12-11 06:26:22 98816 ----a-w- c:\windows\sed.exe
2009-12-11 06:26:22 77312 ----a-w- c:\windows\MBR.exe
2009-12-11 06:26:22 261632 ----a-w- c:\windows\PEV.exe
2009-12-11 06:26:22 161792 ----a-w- c:\windows\SWREG.exe
2009-12-10 23:20:03 0 d-----w- c:\program files\Registrar Registry Manager
2009-12-09 12:24:05 0 d-----w- c:\program files\ieSpell
2009-12-07 20:06:22 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-12-07 20:06:22 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2009-12-07 19:42:29 48128 ----a-w- c:\windows\system32\dllcache\61883.sys
2009-12-07 19:42:29 12288 ----a-w- c:\windows\system32\dllcache\4mmdat.sys
2009-12-07 19:42:26 53376 ----a-w- c:\windows\system32\dllcache\1394bus.sys
2009-12-07 03:39:19 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-07 01:19:05 0 d-----w- c:\docume~1\nick\applic~1\Malwarebytes
2009-12-07 01:19:05 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-02 03:06:09 0 d-----w- c:\program files\MSXML 4.0
2009-12-01 23:40:52 0 d-----w- c:\docume~1\nick\applic~1\Logs
2009-12-01 23:40:52 0 d-----w- c:\docume~1\nick\applic~1\IObit

Edited by Union_Thug, 21 December 2009 - 07:07 AM.


#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:31 PM

Posted 21 December 2009 - 12:00 PM

Lbd.sys entry was just a leftover from Ad-Aware.

It seems you have used autoruns to remove the Windows default desktop entry which is an empty file.
It does no harm but to restore the default you can do the following:

Open a notepad (Start > Run and type in Notepad ) make sure the wordwrap under Format menu is not selected.
Copy and paste the text in code box into it.


Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
  00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
  ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
  00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"=hex(7):73,00,63,00,65,00,63,00,6c,00,69,00,00,00,00,00
  • Save the file to the desktop as regfix.reg
  • Make sure the Save as type field says All files.
  • Locate regfix.reg on the desktop and double-click on it and confirm.
  • A window pops up asking if you are sure to add the file to the registry. Click Yes.
  • You get another window popup saying that regfix.reg successfully added to the registry.
Note: You have to turn off any registry protector software you have in order the changes to be taken place.

You may run Hijackthis again and check if the entry is gone.

Happy Computing Union_Thug,

#5 Union_Thug

Union_Thug

    Bleeps with the fishes...

  • Topic Starter

  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:06:31 AM

Posted 21 December 2009 - 04:57 PM

Thank you farbar, it's gone! :(

Is there anything to be done or any cause for concern regarding these 5 entries from the DDS scan in my OP?

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
TB: {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File


Are they related to the "Autoruns" missing files I mentionedi? I found this thread on BC that references these files: http://www.bleepingcomputer.com/forums/ind...rt=#entry762878

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:31 PM

Posted 21 December 2009 - 05:08 PM

They have once been Internet Explorer toolbar, because they don't have any file to point at now, they are just registry clutters and could be removed.

Open a notepad (Start > Run and type in Notepad ) make sure the wordwrap under Format menu is not selected.
Copy and paste the text in code box into it.

REGEDIT4 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"D7F30B62-8269-41AF-9539-B2697FA7D77E"=-

[-HKEY_CLASSES_ROOT\CLSID\{D7F30B62-8269-41AF-9539-B2697FA7D77E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"EF99BD32-C1FB-11D2-892F-0090271D4F88"=-

[-HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7"=-

[-HKEY_CLASSES_ROOT\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"C4069E3A-68F1-403E-B40E-20066696354B"=-

[-HKEY_CLASSES_ROOT\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}]
  • Save the file to the desktop as regfix.reg
  • Make sure the Save as type field says All files.
  • Locate regfix.reg on the desktop and double-click on it and confirm.
  • A window pops up asking if you are sure to add the file to the registry. Click Yes.
  • You get another window popup saying that regfix.reg successfully added to the registry.
Note: You have to turn off any registry protector software you have in order the changes to be taken place.

#7 Union_Thug

Union_Thug

    Bleeps with the fishes...

  • Topic Starter

  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:06:31 AM

Posted 21 December 2009 - 06:02 PM

Hi farbar

I ran the script, they still show up in DDS scan. However, if there's no cause for concern here, I guess I can live with a little "clutter"---Thanks again for your assistance! :(

"Thuggie" :(

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:31 PM

Posted 21 December 2009 - 06:24 PM

They are indeed clutters. They are from Earthlink Pop-Up blocker, Yahoo! Companion and the last three belong to Norton Internet Security.
When those programs are properly uninstalled, they should go. They don't don't look to cause any harm do them?

And you are most welcome. :(

#9 Union_Thug

Union_Thug

    Bleeps with the fishes...

  • Topic Starter

  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:06:31 AM

Posted 21 December 2009 - 08:21 PM

Hello again farbar :(

They don't don't look to cause any harm do them?


Nothing that I've noticed, machine is running smoothly.

I guess you can close this topic, unless you noticed anything on any of my scan logfiles that can be easily cleaned up and/or tweaked.

Thank you again and keep up the good work, this is a great site.

"Thuggie" :(

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:31 PM

Posted 22 December 2009 - 03:48 AM

You are very welcome Thuggie. :(

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a PM and I will reopen it for you.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users