Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Deleting Orphaned Files


  • Please log in to reply
11 replies to this topic

#1 deango

deango

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 22 April 2005 - 10:47 AM

Hi. Didn't see a FAQ forum as I'm sure this is one every newcomer asks.

Now that I have found several instances of an obsolete program using RegSearch, what is the procedure for removing them from the registry. And would it be the same for each key.
I use a registry backup utility called ERUNT, so I wouldn't need to know how to backup each key individually. I just need to know the step by step process for deleting these little buggers.
I have tried to remove these items with AdAware,Spybot,BHO Demon and HiJack This. They keep reappearing on each reboot. I am using WinXP Home on an Dell 4300 if that matters.
Thank you for any help you can offer, I have learned a lot so far, just reading people's questions..........deango

BC AdBot (Login to Remove)

 


#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:06:13 AM

Posted 22 April 2005 - 11:50 AM

What do you mean by "several instances of an obsolete program"?
Are these Spyware/Malware programs?
If so, you should post a HijackThis log to be examined.
HJT is is a program that should only be used by someone who is trained to do so.

Read the pinned post in the HijackThis forum, here
Please read, and follow, all directions carefully.

Then, run a log, and post it in the HJT forum, at this link. Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
It may take a while to get a response, because the HJT Team are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.

NOTE:
Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#3 deango

deango
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 23 April 2005 - 09:33 PM

Hello again.
My HiJack This log has already been analyzed by the Spyware Info forum.
They identified the file as AdShield which was an old prorgram I deleted long ago.
Spyware Info sent me here to use the RegSearch utility to find where and how many instances of AdShield were still on my machine. I did this and here is the result.
REGEDIT4

; Registry Search by Bobbi Flekman
; Version: 1.0.1.4

; Results at 4/21/2005 12:17:32 PM for strings:
; '7559b76e-0222-4d77-9499-cce9eb4edc2f'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7559B76E-0222-4d77-9499-CCE9EB4EDC2F}]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7559B76E-0222-4D77-9499-CCE9EB4EDC2F}]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7559B76E-0222-4D77-9499-CCE9EB4EDC2F}\iexplore]

[HKEY_USERS\S-1-5-21-1482476501-515967899-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7559B76E-0222-4D77-9499-CCE9EB4EDC2F}]

[HKEY_USERS\S-1-5-21-1482476501-515967899-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7559B76E-0222-4D77-9499-CCE9EB4EDC2F}\iexplore]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7559B76E-0222-4D77-9499-CCE9EB4EDC2F}]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7559B76E-0222-4D77-9499-CCE9EB4EDC2F}\iexplore]

; End Of The Log...

Now I need to know the proper steps to delete them from the registry. Thanks again. deango

#4 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:06:13 AM

Posted 23 April 2005 - 10:16 PM

I'm not familiar with ERUNT, but this is what I do:

Right click the key you want to delete
Chose Export
Send it to your Desktop (as a backup, in case deleting it causes problems)
Right click the key again, and chose Delete

If no problems after 2-3 weeks, I delete them.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#5 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:07:13 AM

Posted 23 April 2005 - 10:27 PM

Hi deango and welcome to BC

Make sure that System Restore is turned on so you have a backup of your registry.

Turn on System Restore

To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.


The easy way to do this is to go to Start>Run and type in Regedit. Make sure Computer is highlighted at the top and go to Edit>Find and type in 7559B76E. The Find function will take you right to the first key, albeit a little slowly. When it stops, look at the bottom of the Regedit window and make sure this is one of the keys you want and if it is just right click the key in the right pane (it should be highlighted) and click delete. Press F3 to find the next one.

If removing these keys should cause a problem (and I don't see any reason it should) reboot while continually pressing F8 until you stop at a menu (the one with safe mode) and select Last Known Good Configuguration.

Edited by Leurgy, 23 April 2005 - 10:29 PM.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#6 deango

deango
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 24 April 2005 - 03:36 PM

THANKS FOLKS! NOTHING LIKE A CLEAN MACHINE TO KEEP YOUR SPIRITS UP!
YOU HAVE ALL BEEN VERY HELPFUL....I HOPE I CAN PASS ALONG YOUR SITE TO MY LESS FORTUNATE FRIENDS! DEANGO

#7 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:07:13 AM

Posted 24 April 2005 - 03:56 PM

Great news deango. By all means tell your friends. Thanks for posting back.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#8 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:06:13 AM

Posted 24 April 2005 - 05:03 PM

Your welcome deango, and as Leurgy said, by all means tell your friends.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#9 deango

deango
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 25 April 2005 - 09:42 AM

Hi deango and welcome to BC

Make sure that System Restore is turned on so you have a backup of your registry.

Turn on System Restore

To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.


The easy way to do this is to go to Start>Run and type in Regedit. Make sure Computer is highlighted at the top and go to Edit>Find and type in 7559B76E. The Find function will take you right to the first key, albeit a little slowly. When it stops, look at the bottom of the Regedit window and make sure this is one of the keys you want and if it is just right click the key in the right pane (it should be highlighted) and click delete. Press F3 to find the next one.

If removing these keys should cause a problem (and I don't see any reason it should) reboot while continually pressing F8 until you stop at a menu (the one with safe mode) and select Last Known Good Configuguration.

Hey Leurgy.
I followed your instructions to remove those keys from the Registry. But when I right click the key in the right-column and choose 'DELETE', I get a dialog box that says: "Unable to delete all specified values". And the key remains intact. (Under the Data column it says (no value set). One question. When I have highlighted 'My Computer' and select 'Find', there are four check boxes already checked, Keys,Values,Data and at the bottom 'Match String Only'. Should I be Unchecking any of those? Thanks so far, I think I'm making progress. deango

#10 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:07:13 AM

Posted 25 April 2005 - 10:27 AM

just right click the key in the right pane


Sorry about that. I just took a look (like I should have done before) and realize now that when you find that key you will be deleteing in the left hand pane. What you want to delete is the folder with the string next to it (the highlighted one) as shown below in this example:

Posted Image


Another way to get there, if your looking for the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7559B76E-0222-4d77-9499-CCE9EB4EDC2F}

would be to click the plus sign beside HKEY_LOCAL_MACHINE, then the plus sign beside SOFTWARE, then the plus sign beside Microsoft and so on until you find {7559B76E-0222-4d77-9499-CCE9EB4EDC2F} and highlight that and right click and delete.

Another thing. You should actually delete those keys, turn off System Restore (thereby deleteing the bad restore points with those registry values you just removed) and then turn System restore back on (thereby creating a good restore point without those registry values you just removed).

I see my previous post was at 10:30 PM. Should have waited to reply in the morning. :thumbsup: I'll take ten lashes with a wet noodle for that one. :flowers:

Edited by Leurgy, 25 April 2005 - 10:43 AM.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#11 deango

deango
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 28 April 2005 - 05:24 PM

TOTAL SUCCESS. All gone from HJT. I suspected it was the folder in the LEFT column. But...........one listens to the experts first......Thanks again for your patience. I like the forum a lot. deango

#12 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:07:13 AM

Posted 28 April 2005 - 09:57 PM

Good job deango. I like this forum too. Thanks for posting back and letting everybody know that worked.

Sorry about the misinformation there. Patience is rewarded around here with a post like your last one.

Next person to call me an expert around here will get my pamphlet about that great swampland in (insert place her) that I can sell you. I'm no expert, believe me.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users