Registry Keys and Values/ Search Assistance

[Guest]

I am currently removing registry entries in WinXP.
This was necessary due to several infections with malware (worms, viruses -
despite Norton, Adaware, CWShredder, SpyDoctor... you name it!)

I wonder what the original settings are for the registry entry
HKCU_Software\Microsoft\Search Assistant

On my machine there is a subfolder: Search Assistant\ACMru (default - value
not set)

and 4 sub-subfolders = ACMru\5001, 5603, 5604, 5647

5601 and 5603 are empty,
5647 value=default - value not set
5604 name: default: value not set
5604 name: 000 value = application log
5604 name: 001 value = config
5604 name: 003 value = WindowsApplication

I have once removed and then retrieved the entire folder. It does not seem
to be essential for anything, or ist it? Can anyone tell me what the correct
settings are?

I have a second question:

On startup, the taskmanager\processes log shows several copies of
svchost.exe
running. Can anyone who runs IIS tell me where in the registry the value
"svchost.exe" should appear. On my computer it occurs both in
HKLM_Software_Windows_Current Version_Run and Run Services. Are those
entries correct?

Is there any list where I could find such information? Some ligitimate file
names have been hijacked and used for illegitimate registry entries.

Thank you very much for your help,

 

[Wesley Vogel]

MRU is Most Recently Used.

MRU lists contain information such as the names and/or locations of the last
files you have accessed.

All of these keys are Search History. I have none of these keys as I have
the Search History turned off.

HKCU\Software\Microsoft\Search Assistant\ACMru\5603 is the MRU list for XP
Search Files.

HKCU\Software\Microsoft\Search Assistant\ACMru\5001 is the MRU list for the
Internet Search Assistant.

HKCU\Software\Microsoft\Search Assistant\ACMru\5647 is the MRU list for
Printers, Computers and People

I don't know specifically what Search History this key is for...

HKCU\Software\Microsoft\Search Assistant\ACMru\5604

A description of Svchost.exe in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;314056


--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[Rock]

I am currently removing registry entries in WinXP.
This was necessary due to several infections with malware (worms, viruses -
despite Norton, Adaware, CWShredder, SpyDoctor... you name it!)

I wonder what the original settings are for the registry entry
HKCU_Software\Microsoft\Search Assistant

On my machine there is a subfolder: Search Assistant\ACMru (default - value
not set)

and 4 sub-subfolders = ACMru\5001, 5603, 5604, 5647

5601 and 5603 are empty,
5647 value=default - value not set
5604 name: default: value not set
5604 name: 000 value = application log
5604 name: 001 value = config
5604 name: 003 value = WindowsApplication

I have once removed and then retrieved the entire folder. It does not seem
to be essential for anything, or ist it? Can anyone tell me what the correct
settings are?

I have a second question:

On startup, the taskmanager\processes log shows several copies of
svchost.exe
running. Can anyone who runs IIS tell me where in the registry the value
"svchost.exe" should appear. On my computer it occurs both in
HKLM_Software_Windows_Current Version_Run and Run Services. Are those
entries correct?

Is there any list where I could find such information? Some ligitimate file
names have been hijacked and used for illegitimate registry entries.

Thank you very much for your help,

For the search assistant registry entries see this link:
http://www.microsoft.com/windowsxp/using/setup/expert/honeycutt_03june09.mspx