Over 1 million tech questions and answers.

Decode Office Registry Entries: HKCU\...\Data

Q: Decode Office Registry Entries: HKCU\...\Data

Can anyone point me to a reference for decoding the "toolbars", "settings", "settings word mail", and "toolbars word mail" entries in Vista 64 Registry Entry HKCU\software\microsoft\office\12\word\data

Background and Reason For Asking: For several weeks, when closing Word 2007 SP2 have been getting message "change has been made that affects the global template normal do you want to save these changes". Since I haven't done anything that should have changed it, I don't save. Googling shows that several others have a similar problem. KB291352 and other reports have information on cause and correction, none of which appear to apply in my case.

Today, while working with Microsoft tech support on another Word 2007 issue, the message went away. Some "diagnostic" activity taken by tech support included renaming three HKCU Registry Keys. Afterwards, I reversed these renames on a one-at-a-time basis and found that the HKCU\...\data key is the one that triggers the message. The new and renamed entries are made up of hexadecimal data. My assumption is that one or more of the bit settings is the trigger, and I'd like to decode them to see if the cause can be determined. - Thanks

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Decode Office Registry Entries: HKCU\...\Data

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 92.8

In my HKCU folder—the main folder itself—I have two entries which I haven't seen on other machines: HTTP11SAVED REG_DWORD 0x00000001 (1) and HTTP11SAVED_VAL REG_DWORD 0x00000000 (0). Are they good entries or bad entries?
RTG
 

A:HKCU root registry entries

Read other 6 answers
RELEVANCY SCORE 81.2

Greetings.A rogue.fakeAV and PUM.Hijack.StartMenu took over my laptop yesterday. I've isolated it in quarantine with Malwarebytes. There are 7 entries total: 4 files, 1 registry value and 2 registry data entries.I was searching for graphics when I got hit with this drive-by download. It shut down and locked me out of my apps, hid my program data files, app data files and all my shortcut links in the desktop/start menus. It used my own anti-virus software screen to try to get me to buy a "component" I "didn't have."Laptop is in safe mode currently. I'm on another computer as I type.I have kids; they constantly download junk and sometimes they get infected. I've dealt with this before; however, this particular is on my primary laptop and I need to proceed carefully. Unlike my children, I have data I can not lose without serious consequences. So here I am, seeking help.The virus executables do not produce google results like they normally do. So, has anyone heard of items:c:\programData\ZuTBB1WK8qdEiQ.exe c:\programData\HVQyGgmxOVolAC.exe c:\users\...\AppData\..\cqimjtkzynyzbmgl[1].exec:\users\...\AppData\...\NNyikPGrHVD4xG.exe.tmp?I know to prolly delete them.My main purpose here is to understand the registry entries these little buggers made on my laptop.I'm confident editing my registry. However, I'm not confident that these registry items are fake and can be d... Read more

A:? Working with Quarantined HKCU Registry Values, Data and Files

It looks like you had this virus - Smart HDDThe virus executables do not produce google results like they normally do. So, has anyone heard of items:c:\programData\ZuTBB1WK8qdEiQ.exe c:\programData\HVQyGgmxOVolAC.exe c:\users\...\AppData\..\cqimjtkzynyzbmgl[1].exec:\users\...\AppData\...\NNyikPGrHVD4xG.exe.tmpThose files look like the main virus files that installed the virus. So they need to be removed carefully.

Read other 2 answers
RELEVANCY SCORE 62.8

HKCU\software\Microsoft\windows\current version\run\Google update (sseccaZ.najorT)
 
I would be grateful if someone could help in removing this rootkit Trojan - here is the DDS Log
 
 
(Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by jacandian at 15:53:12 on 2013-12-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4044.1615 [GMT 0:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files... Read more

A:Removal of Najor T HKCU Registry

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number). Please downloadJunkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete, depending on your system's specifica... Read more

Read other 8 answers
RELEVANCY SCORE 62.8

Hi All,
I'm trying to use Message Analyzer to show captured traffic.
I see a difference with Wireshark about Base64 messages; i.e. if you analyze an http traffic with basic authentication, Wireshark show the original Base64 data and then the decoded text data.
It is possible to do the same with Message Analyzer?
Thanks

Read other answers
RELEVANCY SCORE 62.4

Whatever this infection is, it keeps recreating the following registry key value:
 
regsvr32.exe "C:\Users\llehman\AppData\Roaming\AufOmxu\WeyInba.dll
 
in the HKCU/Software/Microsoft/Windows/CurrentVersion/Run key
 
I delete it and hit F5 and it is back.  Don't know how to tell what is creating it.
 
In addition it seems to be causing Acrobat Reader to crash and a repeating occurance of WerFault.exe that will slow the computer to a crawl.  A reboot will stop the repeating werfault.exe from coming up but opening up a PDF will cause it again.  Reinstalling Acrobat reader does not fix the issue. 
 
I have run JRT and also combofix - neither has appeared to be able to handle it.
 
Here is the FRST log and I have attached the addition.txt:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:29-12-2015
Ran by llehman (administrator) on ROCK-PC3 (29-12-2015 15:06:40)
Running from C:\Users\llehman\Downloads
Loaded Profiles: llehman (Available Profiles: Admin & zylatech & llehman)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed... Read more

A:Infected with something that keeps recreating hkcu/run registry entry

Welcome to Bleeping Computer's Malware Removal Logs area. My name is Sintharius. I will assist you with your problem.Please allow me some time to review your logs and I will be back with instructions.

Read other 13 answers
RELEVANCY SCORE 62.4

I am not certain how or why these keys are there but under my HKEY_CURRENT_USER are a bunch of weird looking subkeys composed of random characters followed by an Equals sign. I have posted a screenshot to show. These keys also show up under HKEY_USERS. I have no idea how they got there and virus/spyware scans all come back clean. I am running Vista Ultimate and I am not really experiencing any problems. I am concerned because I am fairly knowledgeable about computers and the registry but I have never seen anything like this before. Typically things like this sound off my virus/worm/keylogger..etc alarms. Any ideas?

A:Strange Registry Keys located in HKCU & HKU

Hello and welcome to Bleeping Computer.

What virus/spyware scans have you used so far?

Read other 6 answers
RELEVANCY SCORE 62.4

I got some kind of mixi dj spyware with some free soft. I successfully deleted the toolbar, however there's still an entry in the registry.
HKCU \Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

I delete it, but as soon as I refresh the registry, comes back again. Tried deleting through cmd - says there's a syntax error. Deleting in safe mode won't help as well.
Any suggestions?
Thanks a lot
 

A:HKCU registry entry comes right back after I delete it

Put AdwCleaner to use.

----------------------------------------------------------
 

Read other 1 answers
RELEVANCY SCORE 62.4

What functions are performed by the keys at

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage

?

I know the "Favorites" key registers the items pinned to the Start Menu (and maybe the Taskbar too), but what do the other keys do?
Q2: is there a way to back up only one key instead of having to export/import the entire StartPage folder?

A:Functions of the HKCU\....\Explorer\StartPage registry key

Export the key you wish to back up, right click on the reg entry & select "Edit" & it will open in notepad. Delete the information you don't wish to backup. Hope this is clear enough. Good luck!

Read other 1 answers
RELEVANCY SCORE 61.6

Was wondering if anyone can help us solve a logon issue?

Our corporate logon script written in VBScript is designed to write Internet Proxy values to the users HKCU registry hive depending on the physical location of the PC being logged into. We have a number of users that travel between offices and the logon script is not able to write these registry key values to the registry like it does on everyone else in the company.

Today while one of these users was in we replaced his NTUSER.DAT file to rule out the profile but this solved nothing. We then cloned a new account from his existing account. Dispite the fact that the old account always fails, the new account worked flawlessly. Same groups same access, etc. The only differences that we can come up with is the fact that the old logonid has SID history carried over from when his account was migrated from their legacy NT domain to our new Active Directory domain. If I'm not mistaken the SID history would not carry over to the clone even though the permissions did.

So, what I would like to understand is why the new account works great and the old one fails? If it does happen to have something to do with SID history what is it that is causing the regwrites to fail and how would one fix this problem?

Any help would be appreciated.
 

A:Logon script cannot change HKCU settings in registry

Hi wchull, my bet is that you have enabled FolderRedirection for the first account - probably with a GPO. This is a known problem when applying IE proxy settings. First get your user to LOGOFF then LOGON (NOT ShutDown>Restart) do the new settings then appear? GPOs applied to the user won't make it to the Registry hive unless you give the User time to instantiate and later save the results, so when they do appear a second LOGOFF will save them to the profile.

Are you using roaming profiles?

wchull said:

Was wondering if anyone can help us solve a logon issue?

Our corporate logon script written in VBScript is designed to write Internet Proxy values to the users HKCU registry hive depending on the physical location of the PC being logged into. We have a number of users that travel between offices and the logon script is not able to write these registry key values to the registry like it does on everyone else in the company.

Today while one of these users was in we replaced his NTUSER.DAT file to rule out the profile but this solved nothing. We then cloned a new account from his existing account. Dispite the fact that the old account always fails, the new account worked flawlessly. Same groups same access, etc. The only differences that we can come up with is the fact that the old logonid has SID history carried over from when his account was migrated from their legacy NT domain to our new Active Directory domain. If I'm not mistaken the SID history would not ... Read more

Read other 1 answers
RELEVANCY SCORE 60.4

A coworker asked me to look at her laptop (Gateway Viper-SR,Vista Business SP 2) to fix a Citrix-related problem and I ran a full system scan in Safe Mode using MBAM 1.75.0.1300 for standard maintenance. It pulled up 2 entries in the Registry Values Detected section of the log:
 
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegEdit (HiJack.Regedit)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegEdit (HiJack.Regedit)
 
There were no other infections or problems detected elsewhere in the system. Her system is not slow or exhibiting any other issues that may indicate an active infection but I don't want to send the machine home until I am reasonably sure there is not a lurking rootkit,etc.
 
Is this just a false positive or a signal to do more extensive testing?

A:[Hijack.Regedit] flagged for registry keys DisableRegEdit (HKCU+HKLM)

I typically see this output from MBAM due to a GPO being in place. Do you know if your organization would have a "prevent registry editing tools" policy in place?

Read other 2 answers
RELEVANCY SCORE 55.6

I have gone inTask Manager startup as suggested as a suggested solution in a posted forum but I cannot locate this registry key in my startup?  Can it be in a different location or under another name?
Also I have previously done some changes to my sound to optomize but have since lost sound but earphones work.  I have tried everything suggested and repeated solutions but nothing works...I am at my wits end!
Thank you in advance

Read other answers
RELEVANCY SCORE 53.2

My old computer has been around the block a few times. I starts very slowly, It sometime re-starts when running certain software. I have installed and un-installed a number of programs of the years. I went and looked through the registry and found some entries that I do not even have installed anymore, but some I am not sure of. What is the best and safest program to get rid of all this extra junk?

Thanks

A:Registry entries

Registry Cleaners, while sometimes useful, can and will ultimately cause more problems than they solve. It is our policy, therefore, not to recommend their use.

Read other 1 answers
RELEVANCY SCORE 53.2

For some reason when I log in it keeps bringing up a a box with the Winnt\system32 files in startup.

I have checked the registry but can't find any startup path to c:\winnt\system32. It doesn't appear in Programs\startup either.

Can anyone help?
 

A:Registry entries

Sometimes we have also this problem. Often it's related to a bad installed / removed program.

Winnt tries to start something that isn't there anymore. You should check your RUN registries for any abnormal item (link to old program for example).

Hkey_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Run ...

Good luck,

Some ICT Nerds ...
 

Read other 1 answers
RELEVANCY SCORE 53.2

A few days ago, I wanted to try out WinAmp. So I installed it. But I decided to stick with Windows Media Player.
Now recently I noticed that (altough WinAmp is uninstalled) there are still a lot of registry entries of winamp...
I attached a screenshot to make it more clear..
Are they ok? And can I leave them there? And wont they do any harm?
Or should I remove them manually?
Or should I do something else?
Thanks

A:Registry Entries

  
Quote: Originally Posted by MiserySyndrome


A few days ago, I wanted to try out WinAmp. So I installed it. But I decided to stick with Windows Media Player.
Now recently I noticed that (altough WinAmp is uninstalled) there are still a lot of registry entries of winamp...
I attached a screenshot to make it more clear..
Are they ok? And can I leave them there? And wont they do any harm?
Or should I remove them manually?
Or should I do something else?
Thanks


Thats the problem with installing and un-installing many apps. Junk left in registry. Now there are cleaners (CCleaner) but they can cause more harm than they fix. I would leave it alone unless there is a compelling reason not to and if you intend to install something make a backup just before so if it turns out you dont like it you can restore to just before the install.
Ken J

Read other 9 answers
RELEVANCY SCORE 53.2

Hello guys, I hope you can help me with a problem that I am having with my computer. I keep getting advertising pop up’s whether I am on the internet or not. I ran the following programs in windows safe mode “spybot search & destroy, ewido, kaspersky anti-virus” and they detected and cleaned a lot but I am still getting a few pop ups. I have two registry keys that no matter what I do I cannot delete. I have included a HijackThis log file.

I hope you can advise me on how to solve this. Thanks

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Service\cmdService

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service\cmdService

HijackThis Log File

Logfile of HijackThis v1.99.1
Scan saved at 22:11:19, on 25/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ipwins\ipwins.exe
C:\Program Files\Common Files\{506C7520-05D5-2057-0625-03052303002c}\Update.e... Read more

A:Two Registry Key Entries

Hi, Welcome to TSG!!

Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "BFU"

Please download Brute Force Uninstaller to your desktop.
Right click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C:\) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not run the Uninstaller and the Remover yet.

Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:

Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
ewido will now begin the scanning process, be p... Read more

Read other 3 answers
RELEVANCY SCORE 53.2

I believe this is the reminents of MS Antispyware 2009
DDS (Ver_09-02-01.01) - NTFSx86 MINIMAL
Run by Administrator at 10:11:12.06 on Mon 03/02/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1796 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {8ed1ba2d-127b-4453-a186-8e259efbbaf0} - c:\windows\system32\avicap3.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\goog... Read more

A:4 registry entries need to go away

Deleted two files (emqsys.dll & avicap3.dll) using a DOS / NTFS boot CD, allowing removal of the registry entrys, reset perrmissions, re-applied service pack 3. Worked on this while I waited. Waited in chat room 1/2 hr before anyone answered the questions; "Is my post on the blog in the correct place? Is there something else I should post" finally someone did say my post was done properly and that I should wait. Good things come to those who wait, as the situation is resolved. Please close.

Read other 2 answers
RELEVANCY SCORE 53.2

hello, everyone
while trying to resolve dcom error, found in event manager, google for a solution, which said to delete couple of registry entries from machine/software/windows/ole, but after deleting the error was popping up more, but i resolved it using another method and now i'm wondering if i should put those entries back, if yes, i dont really now how to do it properly, i found them on microsoft site, maybe ssomeone can explain to me what to do

https://docs.microsoft.com/en-us/windows/desktop/com/defaultlaunchpermission
https://docs.microsoft.com/en-us/windows/desktop/com/machineaccessrestriction
https://docs.microsoft.com/en-us/windows/desktop/com/machinelaunchrestriction
 

Read other answers
RELEVANCY SCORE 53.2

I'm not sure if this is the correct place to post but will try...

DD was AGAIN listening to music sites yesterday and filled my computer with A LOT of garbage. Upon investigating my registry, I found a folder, which I can not verify on Google, etc., to save my life, named -
"bowskeepref with subfolder [GREYGREATBIKE]." Does anyone have ANY IDEA what this is? I'd like to know if it's safe to delete.

Thanks!

HisGirl37 <><
 

A:Registry entries...

Welcome to TSG

Go to http://www.merijn.org/files/HijackThis.exe and download 'Hijack This!'.
make sure it is placed into it's own folder, not a temporary folder. Then doubleclick the Hijackthis.exe.
Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log (in the security section)
It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.

If Merijn.org is still down due to the DDOS attack on it, the alternative download sites for Hijackthis are:
http://www.oneknight.co.uk
http://www.sherrylynn.us/HijackThis.exe
http://mjc1.com/mirror/hjt/
http://www.majorgeeks.com/downloads31.html
http://www.spywareinfo.com/~merijn/downloads.html
__________________
 

Read other 2 answers
RELEVANCY SCORE 53.2

I downloaded the free version of Registry Mechanic and was told that I have 108 bad registry entries. So I decided to do an HJT log and want to know what you folks think. Is it worth is to purchase Registry Mechanic or can I clean up my registry without it?

Also, there's a bad process running "AVENGINE.EXE." It appears to be part of a worm, but Panda can't get rid of it and it doesn't respond to End Process.

Here's the HJT log. Thanks in advance for your assistance!


Logfile of HijackThis v1.99.1
Scan saved at 6:01:49 PM, on 5/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ad... Read more

A:HJT Log - bad registry entries

Welcome to TSF.

AVENGINE = Anti Virus Engine. It belongs to Panda:
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE

Run HJT and fix the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
Download and install CleanUp!. Do NOT run it yet.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following:Empty Recycle Bins
Delete Cookies
Delete Prefetch files
Cleanup! All Users
Click on the “Temporary Files” and uncheck the box for “Scan drives for file matching” if it’s checked.

Click OK
Press the CleanUp! button to start the program. Reboot/logoff when pr... Read more

Read other 3 answers
RELEVANCY SCORE 53.2

Hello, I had noticed that my IE8 was taking too much time opening. So I decided to take a look at the registry and I saw things that actually I don't know what they are.. like stilesoft and wget....well, maybe they are nothing at all. Some people say they are harmful, others think the contrary...I come here, attaching my DDS.txt, Attach.txt and ark.log, to see if you can give them a look and tell me If I have something bad in my computer...I had previously run the combofix and it found, I think, nothing.. by he way, I will also be attaching its report here.I hope you can give me some hints and advice...best regards,rub73

A:Entries uin my XP registry

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 53.2

From time to time, I visit my registry. The following odd entries are new since I last looked. They appear to be empty and maybe even corrupt.

Are they safe to remove? Is there any program that would identify these and mark them as removable? this is XP Sp2, if that matters. Only keys like this are in this hive.

Appreciate any input. Thanks.

~Bob
 

A:Odd registry entries

Read other 7 answers
RELEVANCY SCORE 53.2

Running xp
I found the following entries with in the interface folder of my registry:
_Evidence
_IEvidenceFactory
_PermissionRequestEvidence

"In layman's term",...any idea what these are associated with?

Info would be appreciated
thanx:
 

Read other answers
RELEVANCY SCORE 53.2

Just a general question about the windows registry. I was looking at the HKEY_LOCAL_MACHINE/Software... I found some old program names taht i have deleted still there... Is it ok if i delete those entries?

Idontknowjak
 

A:Old Registry Entries

Read other 6 answers
RELEVANCY SCORE 53.2

Does anyone know what this entry in the registry does and is it needed?

A:Registry Entries (from HJT)

Hello psitsme,The following link should answer your question.http://www.bleepingcomputer.com/tutorials/...42.html#O16Diag

Read other 1 answers
RELEVANCY SCORE 53.2

Hello,
I need to find out if it is ok to delete a registry entry entitled "HKEY_LOCAL_MACHINE\SOFTWARE\Updater By SweetPacks". I followed steps provided in one of your other topics to get rid of the 'SweetPacks' virus/adware/malware. My MBAM is not finding anything which is active regarding 'SweetPacks'. Today I decided to look through the registry and found the entry listed above. It has also created a new user group called "CREATOR OWNER" with 'Special Permissions', which seems to be full control basically. The boxes to change permissions are grayed out. Is it ok to delete this entry or do I need to take supplemental steps to remove it? I may not even be able to delete it without permission.Thank you for your assistance. You site is very informative and helpful.
 
AwffKkilter 

A:Registry Entries

Yes that is an infection..If you want to play it safe this tool will do it.ADW CleanerPlease download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on adwcleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.You will be prompted to restart your computer. A text file will open after the restart.Please post the contents of that logfile with your next reply.You can find the logfile at C:\AdwCleaner[S1].txt as well..Please download Malwarebytes Anti-Malware and save it to your desktop.Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Read other 5 answers
RELEVANCY SCORE 53.2

windows 7 64 bit. Using "RegScanner" I found several bad entries in my registry. 2 questions:

1. My windows was just reinstalled, yet RegScanner showed over 100 registry entries with the word with "porno" or "sex". I thought a freshly installed windows shouldn't have those entries. Where did they come from ?

2. Can I safely remove those entries manually ? Will they come back ? And will it hurt windows ?
 

A:bad entries in registry

First of all you shouldn't be using any registry cleaners. We don't recommend their use because they often cause more harm than good.

Having said that, we'd have to know exactly which keys are being detected and their values but I suspect they are ones that are doing good in the registry by blocking access to those sites that are put there by a security program you're running.

So please give us a sample.
 

Read other 10 answers
RELEVANCY SCORE 53.2

I ran HJT and think I found a few problematic entries, but could someone take a look at it for me? I keep getting pop-ups.

Logfile of HijackThis v1.99.1
Scan saved at 2:32:50 PM, on 12/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\Utilities\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Utilities\Notebook Utilities\hptasks.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\UTILIT~1\ONE-TO~1\OneTouch.EXE
C:\windows\system\hpsysdrv.exe
C:\Windows\system32\HpSrvUI.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\ogcnjztv.exe
C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\system32\vidmon\vidmon.exe
C:\WINDOWS\system32\wltray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\m... Read more

A:Registry entries... Fix them???

Read other 6 answers
RELEVANCY SCORE 53.2

I had an "issue" that warranted a look into the registry and so I opened it up and saw a lot of "weird" entries. Now, let this be said, I've only been using Vista for about a year and I never really went in the Vista registry before, so I'm not sure what a "weird" entry is by Vista terms, but these look weird. Please take a look at the attached image and give me your opinion. Is there something wrong here? If so, what should I do?

I'm running Vista Home Premium SP2 32bit.

A:Odd Registry Entries

Originally Posted by menotyoutoo


I had an "issue" that warranted a look into the registry and so I opened it up and saw a lot of "weird" entries. Now, let this be said, I've only been using Vista for about a year and I never really went in the Vista registry before, so I'm not sure what a "weird" entry is by Vista terms, but these look weird. Please take a look at the attached image and give me your opinion. Is there something wrong here? If so, what should I do?

I'm running Vista Home Premium SP2 32bit.



Personally, I don't think it's weird. Even though I'm not an expert on the Vista registry, but I do know that you don't know what to expect when looking at your registry.

To see if you really have a registry problem or not, you should download a registry cleaner.

Read other 4 answers
RELEVANCY SCORE 53.2

I have tried to remove about 30 bad registry entries left behind by trial software, but still stuck with 2 bad registry items that I cannot!!

I tried many Registry editors, the best one of them all "jv16 Power tools" Although all of them indicated that these registries are a problem, they cannot delete it! Even when I try manually using the register editor have the same result, a window popping up ''Unable to delete''!!!

These are the offenders:
HKEY_CLASSES_ROOT\ProxyWay.3.3\DefaultIcon\@ : C:\WINDOWS\Installer\{620797B0-A022-4B57-A95E-DD7DD0321029}\main.ico,0
HKEY_LOCAL_MACHINE\Software\classes\ProxyWay.3.3\DefaultIcon\@ : C:\WINDOWS\Installer\{620797B0-A022-4B57-A95E-DD7DD0321029}\main.ico,0
I ran Hijack and Silent Runner script and they are listed here: well only Hijack as if I try to include Silent runner my post is too long!

Logfile of HijackThis v1.99.1
Scan saved at 10:19:10 PM, on 12/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv... Read more

A:XP Cannot get rid of two registry entries! PLEASE HELP!

Read other 6 answers
RELEVANCY SCORE 53.2

I am running vista on two computers, and I noticed some entries on my laptop that are not on my desktop.

KEY_CURRENT_USER\Software\PTP\LOGGER

HKEY_CURRENT_USER\Software\MimarSinan\InstallAware\Seven Zip

HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\SkyTel\General

Does anyone know if these are legit or should I be concerned. I ran a scan with Malware Bytes and Microsoft Security Essentials and found nothing. Thanks in advance for any advice.

A:Odd entries in registry

Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Read other 3 answers
RELEVANCY SCORE 53.2

Hello All

Every time I clean the Registry these show up. I delete them, but they are back again the next time I check. I know you do not advise the use of Registry cleaners, but I like to keep things tidy.
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]

"SendTo"="C:\\Documents and Settings\\NetworkService\\SendTo"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]

"Recent"="C:\\Documents and Settings\\NetworkService\\Recent"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]

"PrintHood"="C:\\Documents and Settings\\NetworkService\\PrintHood"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]

"Personal"="C:\\Documents and Settings\\NetworkService\\My Documents"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]

"NetHood"="C:\\Documents and Settings\\NetworkService\\NetHood"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]

"Favorites"="C:\\Documents and Settings\\NetworkService\\Favorites"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]

"Desktop"="C:\\Documents and Settings\\NetworkService\\Desktop"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explore... Read more

A:What are these Registry entries???

Do not try to delete those entries. They are needed!

You should avoid registry cleaners. You'll end up having to reinstall Windows.

https://technet.microsoft.com/en-us/library/cc962613.aspx

http://www.techradar.com/news/compu...e-best-kept-windows-time-saving-secret-464668
 

Read other 3 answers
RELEVANCY SCORE 53.2

Hello All

I have 50 registry entries all starting with S-1-5-90-3 etc. What do they refer to.

Regards SilverSurf
 

A:Registry Entries

You may have a hacker onboard, if that is what you suspect, go to this forum.
https://forums.techguy.org/forums/virus-other-malware-removal.54/
 

Read other 1 answers
RELEVANCY SCORE 53.2

Hello All

Have never downloaded this program so can anyone tell me why this entry appears in the Registry. There are no folders on the PC, but each time I delete the key it 's back after a restart?

HKEY_CURRENT_USER Software\Revenger inc.\CMenuExtender\fileNames
I also have approx 15 entries as below with different letters at the end. Do not remember seeing them before, maybe part of the above?. Can I delete these?

HKEY-CURRENT-USERSoftware\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CTM

Regards SilverSurf
 

Read other answers
RELEVANCY SCORE 52.4

 My PC seems to be fine but I am becoming suspicious of just about everything. I was looking through my 'Programs and Features' and noticed 'Google Toolbar'. So I uninstalled it. Once it was finished, then 'Internet Explorer Toolbar 4.7 by Sweetpacks' suddenly appeared. My intention was to completely avoid Internet Explorer, but when I uninstalled the Google Toolbar, it directed me to the 'Why are you leaving us' webpage. And, of course, it opened up in Internet Explorer. 
 
I also found a couple of registry entries which were trying to take away the ability to modify or edit my registry and to allow a program to 'cut copy and paste'. I'm not sure if that is normal or not (doesn't seem like it).
 
Thanks again for your assistance.    
 
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.25.2
Run by Tony at 23:31:30 on 2013-09-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8170.5691 [GMT -6:00]
.
AV: Microsoft Security Essentials Prerelease *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials Prerelease *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program... Read more

A:Odd Registry Entries and files

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/506938 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 2 answers
RELEVANCY SCORE 52.4

In the registry there are 'Legacy' entries which cannot be removed.

Are these needed and if no, can they be removed?
 

A:Legacy entries in Registry

Read other 16 answers
RELEVANCY SCORE 52.4

My computer was infected with Trojan.Win32.FakeAV.oq(v).

Now I selectively can't get the Malabytes Anti-Malaware (MBAM) service to install - it does not appear in services.msc nor in the services tab of msconfig. I have done everything Malabytes' instructions say to do several times.

Here is what remains in my registry after the latest round of uninstalling and running Malabytes' MBAM cleaner, which allegedly removes every trace of the program from your computer. It didn't even remove all the files.

I need to know what thse mean and whether to remove them. MBAM is not currently installed on my system. I need it clean of whatever may be blocking it from installing properly in order to reinstall and run it. Googling LEGACY_MBAMSERVICE led me to a closed discussion on this forum, so apparently there are people here who would know the answer, though unfortunately I did get the idea it might not have been the experts on the forum who finally dug up the answer.

HKEY_LOCAL_MACHINE
System
Control Set 002 (after folder for Control Set 001 w/ + in front of it)
Enum
Root

LEGACY_MBAMCHAMELEON Default REG_SZ (value not set)
NextInstance REG_DWORD 0x00000001 (1)

0000 (Default) REG_SZ (value not set)
Class " LegacyDriver
ClassGUID " {BECCO55D-047F-11D1-AS37-0000F8753ED1}
ConfigFlags REG_DWORD 0x00000000 (0)
Device Desc REG_SZ mbamchameleon
... Read more

Read other answers
RELEVANCY SCORE 52.4

While cleaning out my reg 4 old left over entries i came across duplicate entries ie HKEY_CLASSES_ROOT\AppManager followed by HKEY_CLASSES_ROOT\AppManager.1 where the only difference is in the "original entry" there is a "curver" key pointing to the second key. my question is do i bother deleting the second entry and getting rid of the "curver" key in the first entry? if so, is there a fast way to do this as there ALOT of these entries? has to be slowing down my machine thanx 4 ur help and suggestions

A:Duplicate Registry entries

I don't have a definite answer to your question but have you tried this reg tool:-

http://www.snapfiles.com/get/regseeker.html

I have found it really helpful and it may provide you with the answer you are looking for.

Read other 3 answers
RELEVANCY SCORE 52.4

I have Windows 7 Pro installed. I installed Roxio on trial a while ago and then decided to uninstall. I decided to uninstall any registry items left but found there were too many to do one at a time. I installed Reg Seeker and found 112 Roxio items. I uninstalled these from the registry and did another search. 112 items came up again. I did this several times but can't get rid of the Roxio entries.I also tried in Safemode with the same results. any ideas?
 

A:Deleting Registry Entries

Read other 15 answers
RELEVANCY SCORE 52.4

Hello,
Upon Right clicking the Desktop the upcoming contex menu doesn't list the "NEW" option, neither able to create a new foder option in file menu.
As a solution I was advised to set a new value in HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\ but three entries are missing: Background, DefaultIcon and shell, only the shellex folder shows up. See attached files.
Any advice?
Thank you
barsim











'

Read other answers
RELEVANCY SCORE 52.4

I've deleted software from my PC. I used the uninstall process that came with the software. I've had to delete the reference in my Program folder. I noticed that the registry still has at least one reference to the deleted software. How can I identify all registry references created by this software and how could I delete them?
 

A:Removing entries in the registry.

Read other 6 answers
RELEVANCY SCORE 52.4

Hello,

I have had "dumprep" and two other weird mal ware thingies ("search upgrader" and one that I don't remember the name of) in a late HJT log. Deleted them and they seem to have disappeared for now. However, there are a couple of "no name" O2 - BHO's and O16 - DPF's that keep reappearing after every laptop restart despite deleting them with HJT. Please see HJT log. Already did run mwav.exe in safe mode, but it did not show anything serious (see attached log).

Thanks heaps for taking the time,
N

___________________________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 22:16:22, on 08/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programme\Google\Gmail Notifier\gnotify.exe
C:\... Read more

A:no name registry entries keep reapearing

If you have had Spybot's TeaTimer feature enabled during your attempts at using HJT (which we don't recommend anyone without training do, BTW), that may well be what is keeping them from being truly fixed. The O16 entries are from legit programs which appear to have been uninstalled. I have highlighted in GREEN the related programs for these entries.

Before we begin the fix, we need to unload Spybot's Teatimer. To do this, right-click on the icon in the quick launch toolbar at the bottom on the screen, then select "Exit".

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm and then click OK.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Restart your computer and boot into Safe Mode by hitting the F8 key r... Read more

Read other 3 answers
RELEVANCY SCORE 52.4

After uninstalling "IncrediMail" using Revouninstaller I discovered (manually) 589 left over "IncrediMail" registry items.
(Find > next/F3 ... till my finger developed RSI .. "rather sore index")

With CCleaner I have deleted those 589 entries (one at a time to be sure of safe deletion)

Subsequently I found a plethora of allegedly infertile registry entries (using CCleaner)
Filtered to capture ... Missing Shared DLLs
ActiveX and Class Issues
Obsolete software
I still have a list of 84 questionable registry items, in these categories...
Missing Shared DLLs
ActiveX/COM Issue
Invalid firewall rule
As per this registry.txt file. -- tab delimited list created in CCleaner

I have used the portable CCleaner for first time.
Previously I have used the installed version, where I could add entries to the "Exemptions" list.

Would appreciate knowing what can be deleted ?
I am willing to grovel if necessary

Thank you

A:Dead registry entries

If you allow CCLeaner to make a backup before deleting then you should be pretty safe.
Creating a System Restore point before doing the deletions is also a good idea.

Read other 2 answers
RELEVANCY SCORE 52.4

Hello All

XP Home SP3

Have multiple entries of these: %windir%\tracing

and these:
SOFTWARE\Microsoft\Windows\CurrentVersion\App
Management\ARPCache\{2D1AC484-E516-408C-8825-ACB1C356AC

7A}

Each have different numbers/letters

Any idea what they refer to?

Regards SilverSurf
 

Read other answers
RELEVANCY SCORE 52.4

is there an easy way to delete all the "porn", "sex" "xxx" etc entries in my registry?

A:Graphic entries in registry

Actually, depending on where those entries are, you may not wish to delete them as they may protecting you from bad sites and by removing them, you lose the protection.

Orange Blossom

Read other 1 answers
RELEVANCY SCORE 52.4

Since installing Office 2007 (over Office 2000) recently, I often encounter delays in opening Office 2000 Word files. Furthermore, I am sometimes unable to open them unless I move them to a 'trusted' directory. So I defined a trusted directory, moved the file(s) there, and can work. But when I just now tried to open an Office 2000 Word file, I received a different error message, namely ' You are attempting to open a file type that is blocked by your registry policy setting.', with instructions to disable the restriction via regedit. When I looked at the registry data, there was no 'Office' tab whatsoever under the Microsoft tab beneath Policies. So I'm unable to edit the registry to 'unblock' access to such legacy files. If someone can instruct me about what to do, I'd be very appreciative. Thanks.
 

A:Registry entries missing

Read other 12 answers