 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Server Forum / Windows NT / Registry / August 2008MountPoints2
I have XP Home SP3 Could someone tell me what the keys below are about? My daughter started to download a game; I stopped it before the installation and it said that it would remove the installation files. However, I now find these keys referring to the game OniNet Kid, in the right hand panel. I did a Google and found lots of mentions of MountPoints2 connected to trojans and viruses. Any ideas? Thank you HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0e33e91-2275-11d7-bd29-806d6172696f}\_Autorun\DefaultIcon HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication HKEY_USERS\S-1-5-21-3942243025-1733290971-125703898-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0e33e91-2275-11d7-bd29-806d6172696f}\_Autorun\DefaultIcon Hi Peter, Firstly, your first and last key are the same. HKEY_CURRENT_USER is actually just a link to a key below HKEY_USERS... That nunber you see (S-1-5-21.... is called a User SID) In terms of mountpoints2 these are related to mapped drives however there seems to be some relevence to Symantec - see http://www.insidetheregistry.com/database/browse.asp?keyid=75 In terms of the 2nd key - this seems to be a recent run list... I did a quick search of "OniNet Kid Spyware", "OniNet Kid Virus" etc.. nothing seemed to come up - I would think these are just *mess* left over from the installation program... As a side note - and because I know how children like to install stuff, check AutoRuns - a free utility from Microsoft (http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx) - this will tell you what is specified to automaticly run when your system starts - look for anythign suspicious... Hope this helps, Best Regards, Jon ----- >I have XP Home SP3 > [quoted text clipped - 14 lines] > > HKEY_USERS\S-1-5-21-3942243025-1733290971-125703898-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0e33e91-2275-11d7-bd29-806d6172696f}\_Autorun\DefaultIcon Thank you Jon In fact, meanwhile, those keys have disappeared... and instead I now have the following which was not there before! What is happening? Could you explain what these keys are and how they appear, even after uninstalling the programme and being absolutelyt sure that they were not there after I uninstalled? Thank you very much for your help HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit LastKeyOmeucomputador\HKEY_USERS\S-1-5-21-3942243025-1733290971-125703898-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\OniNet Kid HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\OniNet Kid HKEY_USERS\S-1-5-21-3942243025-1733290971-125703898-1006\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit LastKeyOmeucomputador\HKEY_USERS\S-1-5-21-3942243025-1733290971-125703898-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\OniNet Kid HKEY_USERS\S-1-5-21-3942243025-1733290971-125703898-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\OniNet Kid Thank you very much JB > Hi Peter, > [quoted text clipped - 43 lines] >> >> HKEY_USERS\S-1-5-21-3942243025-1733290971-125703898-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0e33e91-2275-11d7-bd29-806d6172696f}\_Autorun\DefaultIcon Hi Peter, Again, the keys that have the S-1-5-21 are linked to the other keys, so even though you have 4 keys shown, you actually only have 2... The key with regedit in is the last opened key in registry editor which is used to return you back there when you start registry editor again - nothing to worry about... Basically when you go to a registry key in the registry editor and then close registry editor - it remembers the last key you were at - in your case it looks as though you were in the OniNet Key key... Again - don't worry too much about this... The start menu key is just icon ordering - again nothing to worry about... Probably just some legacy info left behind and will eventually be expunged... Hope this makes sense... Cheers, Jon ----- > Thank you Jon > [quoted text clipped - 73 lines] >>> >>> HKEY_USERS\S-1-5-21-3942243025-1733290971-125703898-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0e33e91-2275-11d7-bd29-806d6172696f}\_Autorun\DefaultIcon >Hope this makes sense... It does! Many thanks Peter > Hi Peter, > [quoted text clipped - 96 lines] >>>> >>>> HKEY_USERS\S-1-5-21-3942243025-1733290971-125703898-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0e33e91-2275-11d7-bd29-806d6172696f}\_Autorun\DefaultIcon |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.