Hi all,
in order..
SC,
The
02 is a baddie, it's the Blazefind/Search Relevancy BHO.. although this is just an orphaned registry entry..
When you said I could "bugger up programs if you delete critical files from them", would the mistake be easily noticable? Or is it a case of it may or may not affect a programme in a bad way? Also is it an easy thing to restore a file from Config | Backups in HJT?
To restore the entry, go to the backup section as described earlier, and put a tick in the box of the relevant entry, and click on
Restore.. job done. For deleting a file from a program.. you may not notice. If you do, then a new install of the program will do it. It's for this reason (but mainly in case of corruption from other factors) that I download every program that I get, into a folder on the desktop called
Desktop.exe before installation. That way, if I need to, a double click of the right setup file, and I'm back in business in minutes. (if you have a program disc, then it's obviously a simple enough problem to sort out).
Also, using castlecops to decipher 04 entries, what part of a record exactly do you type in on the search line? Deep C mentioned in another post about an 04 entry of "CWINDOWS\SYSTEM\FLBRGY.EXE" being one to fix, but I can't seem to find an answer for this with Castlecops, where am i going wrong?
Type in (I copy/paste to save time, and ensure accuracy) either the filename (with or without the file extension), or use the description in the [***] box at the beginning..
O4 - HKLM\..\Run:
[CARPService] carpserv.exe
As was mentioned later on.. if you can't find the file via Google, then fix it.. by now if it's not appeared on Google, it's a random filename. Remember though, with a 5 character filename, there are only so many combinations that can be used as a filename. You will sometimes get other occurences of the same random names, simply because of the amount of computers out there, and the fact that there are only around 12 million different variables to choose from.
You can also submit the file, for either your own or someone elses machine by following another of my handy C&Ps..
Go to
here ..and click in the little box that has browse beside it and paste this line into it,
C
WINDOWS\SYSTEM\*****.exe
then press submit.
That sends a copy of the file to their virus checker to see if it is viral or not.
The asterixes are substitued for the filename in question, and I change the filepath as well if necessary.
One other question if you have time, you've mentioned to others about running in safe mode, and finding certain folders and either deleting the entire folder or just it contents, where do you come up with the info to tell you where to find these folders and what exactly to do with them.
I pull that info straight from the part of the log that I've asked the patient to fix. I then take out the extras to leave just the complete filepath from root. To determine whether the offending article is a file or a complete folder depends on a couple of things. Anything in the
System(32) folder, is (almost) certainly gouing to be a file, where as from
Program Files is almost always going to be a folder.. but then it's more a matter of experience than anything else, and is entirely dependant on what particular entry it is. You may fix just the single file, that controls adware in WildTangent for instance (see
here) without needing to delete the entire program.
Deep C,
As I mentioned above, you are indeed correct..
Binos,
Firstly post up a log, and I'll have a look..
AdControl
ServeAd
and SynchroAd is also a baddie, probably WinUpdates related as well.
The reason that I use safe mode to delete files, is that it stops pretty much all but essential OS services from running. If you can delete them without safemode, then fine.
Cheers
Liam