# how to check registry entries??



## REMA (Mar 25, 2006)

not sure if this is right place to post ..
Running XP pro 32 bit
I recently had Aware.Vundo Variant/Rel that was detected by SUPERAntiSpyware ..it had been some time since I'd run this...silly me been building my first self-build PC with the help of these forums  so got distracted
( I also run Malwarebytes, SpywareBlaster and Mcafee Anti-virus. I have Microsoft Internet Explorer 8 set to ask if we want to use Active X controls which I allow on known sites...also it asks if I want to D/L cookies....it's amazing how many cookies you block and the sites still work.

SuperAntiSpyware seems to have cleared things up. I had no sign of this except that the PC was very slow on shutting down and saving settings...the Hard disk is bloated though of 229 GB being available only 32.2 GB is free so I need to burn then deletre some game patches etc etc

*Whilst in regedit I saw this entry at
HKEY_LOCAL_MACHINE SOFTWARE Microsoftindows (note no "w" as in windows
CurrntVersion Exorer Browser Hlper Objects then a Hex number string

This may be a legitimate entry..I search microsoft site but found nothing.
* Also is there a good tool for SAFELY (as possible anyway) to clean the registry as I note there are entries there for games and programmes we deleted long ago OR is it best to leave well alone.

Thanks for any advice 
have a good weekend


----------



## lorjack (Nov 15, 2007)

Safely? Probably not, as a small mistake can tank the system but you can prevent that easily. Always make a backup of the registry before you modify it. I like to use CCleaner to clean up the registry, i have never had it screw anything up before.

However, you should verify that the system is clean first. Go here and start the process of cleaning out your system. 
http://www.techsupportforum.com/f50...-posting-for-malware-removal-help-305963.html


----------



## REMA (Mar 25, 2006)

Hello can I just check one thing....Do you suspect that the above registry entry is suspicious ? I just find it odd when there is an entry very similar to the correct entry...but on the other hand if I was writing a trojan or virus etc...I would probably name it something totally unrelated to help to avoid detection. Note Malwarebytes, SpywareBlaster and Mcafee Anti-virus are not reporting anything.

I have tried to run the GMER programme twice but it fails after sveral hours and the mouse freezes so I have to manually turn off the PC. The McAfee pop-up appears saying that my PC is not protected although I have turned OFF McAfee virus and firewall.
My other PC has been connected to the internet via the Modem and router but I pull the firewire (CAT5) cable from the back of the PC so that this PC is not connected.

What am I doing wrong?
thanks again


----------



## lorjack (Nov 15, 2007)

Yes it does look suspicious


----------

