Login

Nemmyy · 04-28-2010, 03:15 PM

Can I delete entries with no name and file like this?

Code:
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

What about entries that say missing file like this?

Code:
O23 - Service:@%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

I know that spoolsv.exe is not a virus.

Thanks

daneasaur · 04-28-2010, 03:19 PM

Missing file may simply mean that the program is in use, I think.
It also may be for past programs you have had installed that have not deleted their registry values, I think.

These lines are harmless though, so you might as well leave them alone.

Nemmyy · 04-28-2010, 03:23 PM

Yea i know they're harmless, but I'm a curious kid Big Grin

It's weird because almost half of my "O23 - Service" section says (file missing) and most of them are all Windows processes. You must be right about them being in use.

daneasaur · 04-28-2010, 03:26 PM

It is the same for my computer when I run an HJT log.

Nemmyy · 04-28-2010, 03:28 PM

ok, thanks

Support · 04-28-2010, 03:31 PM

Nemmyy, could you link me to the tutorials you've been reading? Thanks.

Nemmyy · 04-28-2010, 03:37 PM

Have fun, theres a crapload
http://www.hackforums.net/showthread.php?tid=93500

daneasaur · 04-28-2010, 03:44 PM

Support, you may also want to learn what each 'O' means and take a look through your own HJT log.

One thing to remember is, when looking at files to see if they are safe or not, make sure the location of the file is correct. You can easily have a virus called java.exe but not be in the correct java folder.

If you just google the process name you will find a few sites that explain what the file is used for, where the standard location of the file is, and what its rating is.

I think one good site is called processlibrary

Nemmyy · 04-28-2010, 03:47 PM

(04-28-2010, 03:44 PM)daneasaur Wrote: I think one good site is called processlibrary

Yea, i use that a lot. But since we're analyzing our own computers it's easier because we know what we put on their and what should be there.

daneasaur · 04-28-2010, 03:57 PM

That is true but for any future use and if you comes across a file which you haven't heard of before, it can be helpful.

I know for one, my ATI graphics card drivers call themselves very weird names, if it wasn't for searching what they were, I would have had no idea.

Login
Username:
Password:	Lost Password?
	Remember me

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	Active HJT Graduate/Malware Remover now	Brandenx781	2	1,711	02-19-2012, 05:38 PM Last Post: Retribute
	[HJT Log] Suspected virus.	TheGeniusism	7	5,000	11-21-2010, 02:34 AM Last Post: Quintus
	Please check my HJT logs	Firetech	3	1,747	11-17-2010, 08:44 AM Last Post: Quintus
	I am looking for a HJT teacher.	ktmrider530	33	9,056	10-16-2010, 09:42 AM Last Post: Solidus
	[HJT] Help	Smed	14	7,679	10-02-2010, 02:25 AM Last Post: Review