TeaTimer log entry: "{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}"

Discussion in 'other anti-malware software' started by Close_Hauled, Sep 19, 2005.

Thread Status:
Not open for further replies.
  1. Close_Hauled

    Close_Hauled Registered Member

    Joined:
    Apr 24, 2004
    Posts:
    1,015
    Location:
    California
    This entry is in the TeaTimer log file of a PC that I am working on. I cannot figure out the toolbar is that is trying to add itself to IE. I Google'd the registry entry:

    http://www.google.com/search?q={C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}&hl=en&lr=&start=90&sa=N

    And found some references to FilesNamedMRU.

    I ran Spybot and Adaware, and they both said the system was clean. Does anyone have a definitive answer as to what this is?

    I also found this (in German):

    http://support.microsoft.com/kb/829964/DE/

    Could someone please translate?
     
    Close_Hauled, Sep 19, 2005
    #1
  2. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    It does not appear as a Toolbar in my registry. It says it is the CLSID for the File and Folders Search ActiveX Control. I reckon the question would be what change is causing TeaTimer to alert ?

    Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
     
    Bubba, Sep 19, 2005
    #2
  3. Close_Hauled

    Close_Hauled Registered Member

    Joined:
    Apr 24, 2004
    Posts:
    1,015
    Location:
    California
    I don't know what told me it was a toolbar. I will have to go back and look. I will also look at the registry entry. I will let you know what I find.
     
    Close_Hauled, Sep 19, 2005
    #3
  4. Close_Hauled

    Close_Hauled Registered Member

    Joined:
    Apr 24, 2004
    Posts:
    1,015
    Location:
    California
    I found it in the registry in these places:

    HKEY_CLASSES_ROOT\Shell.FileSearchBand\CLSID

    HKEY_CLASSES_ROOT\Shell.FileSearchBand.1\CLSID

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
    (This is from me doing a Google search)

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Shell.FileSearchBand\CLSID

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Shell.FileSearchBand.1\CLSID

    HKEY_USERS\S-1-5-21-1922572264-1926592902-1995393151-500\Software\Microsoft\Internet Explorer\TypedURLs
    (This is from me doing a Google search)

    TeaTime did not prompt me this time to allow or deny the entry during my second look at the computer. Odd, because I denied it 3 times when I used it before.

    I will go look on another computer and see if it there as well.
     
    Close_Hauled, Sep 19, 2005
    #4
  5. Close_Hauled

    Close_Hauled Registered Member

    Joined:
    Apr 24, 2004
    Posts:
    1,015
    Location:
    California
    It looks like my other machines have these entries, so I don't think that they are malicious. But I am still curious as to what inserted them.
     
    Close_Hauled, Sep 21, 2005
    #5
  6. Close_Hauled

    Close_Hauled Registered Member

    Joined:
    Apr 24, 2004
    Posts:
    1,015
    Location:
    California
    Close_Hauled, Sep 21, 2005
    #6
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...