Can I delete entries with no name and file like this?
Code:
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
What about entries that say missing file like this?
Code:
O23 - Service:@%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
I know that spoolsv.exe is not a virus.
Thanks
Missing file may simply mean that the program is in use, I think.
It also may be for past programs you have had installed that have not deleted their registry values, I think.
These lines are harmless though, so you might as well leave them alone.
Yea i know they're harmless, but I'm a curious kid
It's weird because almost half of my "O23 - Service" section says (file missing) and most of them are all Windows processes. You must be right about them being in use.
It is the same for my computer when I run an HJT log.
Nemmyy, could you link me to the tutorials you've been reading? Thanks.
Support, you may also want to learn what each 'O' means and take a look through your own HJT log.
One thing to remember is, when looking at files to see if they are safe or not, make sure the location of the file is correct. You can easily have a virus called java.exe but not be in the correct java folder.
If you just google the process name you will find a few sites that explain what the file is used for, where the standard location of the file is, and what its rating is.
I think one good site is called processlibrary
(04-28-2010, 03:44 PM)daneasaur Wrote: [ -> ]I think one good site is called processlibrary
Yea, i use that a lot. But since we're analyzing our own computers it's easier because we know what we put on their and what should be there.
That is true but for any future use and if you comes across a file which you haven't heard of before, it can be helpful.
I know for one, my ATI graphics card drivers call themselves very weird names, if it wasn't for searching what they were, I would have had no idea.