TeaTimer log entry: "{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}"

Discussion in 'other anti-malware software' started by Close_Hauled, Sep 19, 2005.

Thread Status:
Not open for further replies.
  1. Close_Hauled

    Close_Hauled Registered Member

    Joined:
    Apr 24, 2004
    Posts:
    1,015
    Location:
    California
    This entry is in the TeaTimer log file of a PC that I am working on. I cannot figure out the toolbar is that is trying to add itself to IE. I Google'd the registry entry:

    http://www.google.com/search?q={C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}&hl=en&lr=&start=90&sa=N

    And found some references to FilesNamedMRU.

    I ran Spybot and Adaware, and they both said the system was clean. Does anyone have a definitive answer as to what this is?

    I also found this (in German):

    http://support.microsoft.com/kb/829964/DE/


    Could someone please translate?
     
  2. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    It does not appear as a Toolbar in my registry. It says it is the CLSID for the File and Folders Search ActiveX Control. I reckon the question would be what change is causing TeaTimer to alert ?

    Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
     
  3. Close_Hauled

    Close_Hauled Registered Member

    Joined:
    Apr 24, 2004
    Posts:
    1,015
    Location:
    California
    I don't know what told me it was a toolbar. I will have to go back and look. I will also look at the registry entry. I will let you know what I find.
     
  4. Close_Hauled

    Close_Hauled Registered Member

    Joined:
    Apr 24, 2004
    Posts:
    1,015
    Location:
    California
    I found it in the registry in these places:

    HKEY_CLASSES_ROOT\Shell.FileSearchBand\CLSID

    HKEY_CLASSES_ROOT\Shell.FileSearchBand.1\CLSID

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
    (This is from me doing a Google search)

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Shell.FileSearchBand\CLSID

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Shell.FileSearchBand.1\CLSID

    HKEY_USERS\S-1-5-21-1922572264-1926592902-1995393151-500\Software\Microsoft\Internet Explorer\TypedURLs
    (This is from me doing a Google search)

    TeaTime did not prompt me this time to allow or deny the entry during my second look at the computer. Odd, because I denied it 3 times when I used it before.

    I will go look on another computer and see if it there as well.
     
  5. Close_Hauled

    Close_Hauled Registered Member

    Joined:
    Apr 24, 2004
    Posts:
    1,015
    Location:
    California
    It looks like my other machines have these entries, so I don't think that they are malicious. But I am still curious as to what inserted them.
     
  6. Close_Hauled

    Close_Hauled Registered Member

    Joined:
    Apr 24, 2004
    Posts:
    1,015
    Location:
    California
Thread Status:
Not open for further replies.