Registering Filter Handlers Your filter handler must be registered.

HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Windows\AppInit_DLLs NT4+ 82. HKCU\Software\Classes\PROTOCOLS\Filter\ W2K+ 6. HKCU\Software\Classes\CLSID\{CLSID}\ImplementedCategories\{00021493-0000-0000-C000-000000000046}\ HKCU\Software\Classes\CLSID\{CLSID}\ImplementedCategories\{00021494-0000-0000-C000-000000000046}\ W2K+ 3.

Persistenthandler Registry

Hence, the new filter handler is responsible for replicating any necessary functionality of the old filter.

HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\PLAPProviders\ WVa+ 48. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\BrowserHelperObjects\ All 50. HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\Setup\ All 68.

HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\GinaDLL HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\Shell HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\System HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\Taskman HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\Userinit HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\VmApplet NT4+ 85. HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\ All 24. HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\UpperFilters W2K+ 91.

If item is unchecked, it will not be launched on startup.

What Is Persistenthandler

HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Accessibility\UtilityManager\ W2K(6) 77. HKLM\System\CurrentControlSet\Services\ NT4+ 98.

I'll check the RunOnce registry key next, thank you :) –Trylks Feb 19 '14 at 13:38 @Trylks I've edited my answer adding all locations used by Autoruns. –and31415 Feb

Update the virus definitions. 3. HKLM\Software\Microsoft\WindowsNT\CurrentVersion\InitFileMapping\ NT4+ 81. Self Protection" "(Verified) AVAST Software" "c:\windows\system32\drivers\aswsp.sys" + "aswTdi" "avast! http://igroupadvisors.com/hklm-software/hklm-software-classes-exe.php Local time:03:59 AM Posted 21 October 2012 - 08:11 PM http://speccy.piriform.com/results/Q5YdYNhXFjjuOyqsyzEIvw2 In the world we live in "Apathy is the acceptance of the unacceptable" Back

This means if you rename a file as "Game.exe.shs" it displays as "Game.exe" in all programs including Explorer. 7. HKLM\System\CurrentControlSet\Control\SessionManager\BootExecute HKLM\System\CurrentControlSet\Control\Session Manager\Execute HKLM\System\CurrentControlSet\Control\Session Manager\SetupExecute NT4+ 96.

L.P." "c:\program files\common files\hp\digital imaging\bin\hpqvtk01.dll" + "HP VTK MPEG-1 Encoder" "VideoToolKit" "(Not verified) Hewlett-Packard Development Co.

When the threading model is set to Both, the filter handler must be thread safe; otherwise, if it is not thread safe, specify Apartment. Click here to Register a free account now! Blank friendly name in Windows Firwall Exception List emacs swaps windows Browse more Microsoft Windows Articles on Bytes Article Stats viewed: 24794 comments: 0 date written:Jan 14 '09 Follow this article I don't know what!

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ W2K+ 15. HKCU = HKEY_CURRENT_USER HKLM = HKEY_LOCAL_MACHINE HKCR = HKEY_CLASSES_ROOT %windir% = C:\windows %USERPROFILE% = C:\Documents and Settings\ambr %ALLUSERSPROFILE% = C:\Documents and Settings\All Users 1.

These entries are standard OLE registry entries up to and including the entry for the class CLSID\{ApplicationGUID}.

NOTE: The key should have a value of Value "%1 %*", if this is changed to "server.exe %1 %*", the server.exe is executed EVERYTIME an exe/pif/com/bat/hta is executed.

To find the filter handler for a given file name extension: Check whether the extension for the type of files that are filtered has a persistent handler registered under the registry Not all registry cleaners are created equal. HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\ 64b 55.

Windows Autorun FAQs: Overview 2. HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\DeviceNotificationCallbacks\ 64b 53. Any member can take a look at previous participation...individual posts by another member...and so on...and determine if such pass the most obvious tests. BLEEPINGCOMPUTER NEEDS YOUR HELP!

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\ W9x 70. HKLM\Software\Classes\PROTOCOLS\Filter\ All 34.

