Cleaning up Burn4free registry droppings

[M$ User]

Hello, I posted the following problem about registry pollution, but
haven't gotten much response. Hoping someone here can comment. In
addition to the questions at the end, I think I recall seeing a
method of modifying exported registry files to delete and/or create
keys, to be carried out when the file is imported. I can't seem to
find anything about this on the microsoft website. Thanks for any
comments.

-------- Original Message --------
Subject: Cleaning up Burn4free droppings
Date: Wed, 07 Feb 2007 00:26:59 -0500
From: M$ User <[email protected]>
Newsgroups: microsoft.public.win2000.registry

I'm using a VPN that scans my computer for risky things before
connecting. It found my computer to be clean if run from an
administrator account. But when run as a nonadmin user, it prevents
connection because it found:

HKEY_CURRENT_USER\Software\Burn4Free

According to
http://www.siteadvisor.com/sites/mrgratis.com/downloads/1848445/
Burn4free adds many things related to NavHelper/NavExcel, which many
people don't like. Apparently, neither does my VPN client. However,
Burn4free has been removed long ago, so many of the things in the
above website don't appear on my computer. I have no
NavHelper/NavExcel on my Add/Remove_Programs (launched as
administrator). Neither of the 2 strings show up in the registry,
explored as administrator. And there are no file names or directories
on my hard drive containing the string "burn4free".

I have always been warned to leave registry mucking to the wizards.
But I could at least search for occurances of the string "burn4free",
which I did using regedit from an administrator account:

HKEY_CLASSES_ROOT\.b4f
HKEY_CLASSES_ROOT\Applications\Burn4Free.exe
HKEY_CLASSES_ROOT\Applications\Burn4Free.exe\shell
HKEY_CLASSES_ROOT\Burn4Free project
HKEY_CLASSES_ROOT\Burn4Free project\DefaultIcon
HKEY_CLASSES_ROOT\Burn4Free project\shell\open\command

HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start
Menu\Programs\Burn4Free CD and DVD

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start
Menu\Programs\Burn4Free Toolbar

1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.b4f
2 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\Burn4Free.exe
3 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\Burn4Free.exe\shell
4 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Burn4Free project
5 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Burn4Free project\DefaultIcon
6
7
8 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Burn4Free
project\shell\open\command
9 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App
Management\ARPCache\Burn4Free Toolbar

10
HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-1000\Software\Burn4Free
11
HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-1000\Software\Microsoft\Direct3D
12
HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-1000\Software\Microsoft\Direct3D\MostRecentApplication
13
HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-1000\Software\Microsoft\Internet
Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\FilesNamedMRU
14
HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start
Menu\Programs\Burn4Free CD and DVD
15
HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start
Menu\Programs\Burn4Free Toolbar

16
HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-500\Software\Microsoft\Direct3D\MostRecentApplication
17
HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start
Menu\Programs\Burn4Free CD and DVD
18
HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start
Menu\Programs\Burn4Free Toolbar

I also exported the entire registry as a text file (REGEDIT4 file) to
doublecheck the keys containing "burn4free". The key names are found
are:

1 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.b4f]
2 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\Burn4Free.exe]
3 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\Burn4Free.exe\shell]
4 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Burn4Free project]
5 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Burn4Free project\DefaultIcon]
6 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Burn4Free project\shell]
7 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Burn4Free project\shell\open]
8 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Burn4Free
project\shell\open\command]
9 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App
Management\ARPCache\Burn4Free Toolbar]

10
[HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-1000\Software\Burn4Free]
11
12
[HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-1000\Software\Microsoft\Direct3D\MostRecentApplication]
13
[HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-1000\Software\Microsoft\Internet
Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\FilesNamedMRU]
14
[HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start
Menu\Programs\Burn4Free CD and DVD]
15
[HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start
Menu\Programs\Burn4Free Toolbar]

16
[HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-500\Software\Microsoft\Direct3D\MostRecentApplication]
17
[HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start
Menu\Programs\Burn4Free CD and DVD]
18
[HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start
Menu\Programs\Burn4Free Toolbar]

These do corroborate with those found within regedit, and
corresponding keys between the 2 lists are given the same number
above. Some features to note are:

* The exported file only contains the keys rooted in
HKEY_LOCAL_MACHINE and HKEY_USERS. They do not contain the keys
rooted in HKEY_CLASSES_ROOT and HKEY_CURRENT_USER.

* Keys 6 & 7 do not have corresponding hits in the search from
within regedit because the search facility only matches the
search string to the /last/ component of the "path" (or to a key
containing a value which contains "burn4free".

* Key 11 doesn't have an entry in the exported REGEDIT4 file
presumably because the export only considers keys that contains
values. There really is no point in exporting a key that
contains just another key, since the 2nd key will have its own
entry in the exported file (if it contains values).

* I presume that offending HKEY_CURRENT_USER\Software\Burn4Free
shows up as item 10, and that strange code representing the user
is the account for which the problem experienced.

I would like to erase all the keys in the (first) longer list, and
fear causes me to want to back up the registry before doing so, which
yields a 21MB REGEDIT4 file when done as administrator.

1. Is it safe to go and remove the keys?

2. What is the most efficient (maybe scripted) way to remove the keys?
I'm more familiar with solaris (at a user level) and handier
with a text file than clicking at a GUI.

3. Is this the most advisable solution?

4. It seems more thorough to remove the keys as administrator. Is
this better than doing so as the user experiencing the problem?
Should I remove the keys as both administrator and the nonadmin
user?

5. Is saving a REGEDIT4 file an adequate safety net, or is it
better to save it in its default binary format?

6. Should I take a snapshot of the registry from both accounts?
That would create about 42MB of safety net.

7. Is there an efficient way to specify the exacty keys to export
in one shot? This would be preferable to saving 21MB of
registry per export.

8. What are some of the barriers to recovery if things go wrong?

Thanks for any thoughts on this.

 

[Pegasus \(MVP\)]

1. Is it safe to go and remove the keys?

2. What is the most efficient (maybe scripted) way to remove the keys?
I'm more familiar with solaris (at a user level) and handier
with a text file than clicking at a GUI.

3. Is this the most advisable solution?

4. It seems more thorough to remove the keys as administrator. Is
this better than doing so as the user experiencing the problem?
Should I remove the keys as both administrator and the nonadmin
user?

5. Is saving a REGEDIT4 file an adequate safety net, or is it
better to save it in its default binary format?

6. Should I take a snapshot of the registry from both accounts?
That would create about 42MB of safety net.

7. Is there an efficient way to specify the exacty keys to export
in one shot? This would be preferable to saving 21MB of
registry per export.

8. What are some of the barriers to recovery if things go wrong?

Thanks for any thoughts on this.

I'm not familiar with Burn4Free but I suggest you adopt the KISS
principle like so:

1. Create an image file of your system. You can do it with Acronis
DriveImage 7 - it's now free: http://www.acronis.com/mag/DVhbcjdI

2. Create an Acronis boot CD.

3. Restore this image to a blank disk and test it.

4. Edit your registry.

5. If something goes wrong, restore your OS from the image you
created in Step 1.

A simpler way goes like this:

1. Back up your registry, using a tool such as regback.exe. You
can download it from the Microsoft site.
2. Edit your registry.
3. If something goes wrong, restore the registry files.

You can perform Step 3 either by booting the machine with
a Bart PE boot CD or by connecting your disk as a slave
disk to some other Win2000/XP PC.

The first method is completely safe. The second method is
almost as safe.

 

[Frank Booth Snr]

Hello, I posted the following problem about registry pollution, but
haven't gotten much response. Hoping someone here can comment. In
addition to the questions at the end, I think I recall seeing a
method of modifying exported registry files to delete and/or create
keys, to be carried out when the file is imported. I can't seem to
find anything about this on the microsoft website. Thanks for any
comments.

-------- Original Message --------
Subject: Cleaning up Burn4free droppings
Date: Wed, 07 Feb 2007 00:26:59 -0500
From: M$ User <[email protected]>
Newsgroups: microsoft.public.win2000.registry

I'm using a VPN that scans my computer for risky things before
connecting. It found my computer to be clean if run from an
administrator account. But when run as a nonadmin user, it prevents
connection because it found:

HKEY_CURRENT_USER\Software\Burn4Free

According to
http://www.siteadvisor.com/sites/mrgratis.com/downloads/1848445/
Burn4free adds many things related to NavHelper/NavExcel, which many
people don't like. Apparently, neither does my VPN client. However,
Burn4free has been removed long ago, so many of the things in the
above website don't appear on my computer. I have no
NavHelper/NavExcel on my Add/Remove_Programs (launched as
administrator). Neither of the 2 strings show up in the registry,
explored as administrator. And there are no file names or directories
on my hard drive containing the string "burn4free".

I have always been warned to leave registry mucking to the wizards.
But I could at least search for occurances of the string "burn4free",
which I did using regedit from an administrator account:

HKEY_CLASSES_ROOT\.b4f
HKEY_CLASSES_ROOT\Applications\Burn4Free.exe
HKEY_CLASSES_ROOT\Applications\Burn4Free.exe\shell
HKEY_CLASSES_ROOT\Burn4Free project
HKEY_CLASSES_ROOT\Burn4Free project\DefaultIcon
HKEY_CLASSES_ROOT\Burn4Free project\shell\open\command

HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start
Menu\Programs\Burn4Free CD and DVD

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start
Menu\Programs\Burn4Free Toolbar

1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.b4f
2 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\Burn4Free.exe
3 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\Burn4Free.exe\shell
4 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Burn4Free project
5 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Burn4Free project\DefaultIcon
6
7
8 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Burn4Free
project\shell\open\command
9 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App
Management\ARPCache\Burn4Free Toolbar

10
HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-1000\Software\Burn4Free
11
HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-1000\Software\Microsoft\Direct3D
12
HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-1000\Software\Microsoft\Direct3D\MostRecentApplication
13
HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-1000\Software\Microsoft\Internet
Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\FilesNamedMRU
14
HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start
Menu\Programs\Burn4Free CD and DVD
15
HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start
Menu\Programs\Burn4Free Toolbar

16
HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-500\Software\Microsoft\Direct3D\MostRecentApplication
17
HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start
Menu\Programs\Burn4Free CD and DVD
18
HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start
Menu\Programs\Burn4Free Toolbar

I also exported the entire registry as a text file (REGEDIT4 file) to
doublecheck the keys containing "burn4free". The key names are found
are:

1 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.b4f]
2 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\Burn4Free.exe]
3 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\Burn4Free.exe\shell]
4 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Burn4Free project]
5 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Burn4Free project\DefaultIcon]
6 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Burn4Free project\shell]
7 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Burn4Free project\shell\open]
8 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Burn4Free
project\shell\open\command]
9 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App
Management\ARPCache\Burn4Free Toolbar]

10
[HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-1000\Software\Burn4Free]
11
12
[HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-1000\Software\Microsoft\Direct3D\MostRecentApplication]
13
[HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-1000\Software\Microsoft\Internet
Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\FilesNamedMRU]
14
[HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start
Menu\Programs\Burn4Free CD and DVD]
15
[HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start
Menu\Programs\Burn4Free Toolbar]

16
[HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-500\Software\Microsoft\Direct3D\MostRecentApplication]
17
[HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start
Menu\Programs\Burn4Free CD and DVD]
18
[HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start
Menu\Programs\Burn4Free Toolbar]

These do corroborate with those found within regedit, and
corresponding keys between the 2 lists are given the same number
above. Some features to note are:

* The exported file only contains the keys rooted in
HKEY_LOCAL_MACHINE and HKEY_USERS. They do not contain the keys
rooted in HKEY_CLASSES_ROOT and HKEY_CURRENT_USER.

* Keys 6 & 7 do not have corresponding hits in the search from
within regedit because the search facility only matches the
search string to the /last/ component of the "path" (or to a key
containing a value which contains "burn4free".

* Key 11 doesn't have an entry in the exported REGEDIT4 file
presumably because the export only considers keys that contains
values. There really is no point in exporting a key that
contains just another key, since the 2nd key will have its own
entry in the exported file (if it contains values).

* I presume that offending HKEY_CURRENT_USER\Software\Burn4Free
shows up as item 10, and that strange code representing the user
is the account for which the problem experienced.

I would like to erase all the keys in the (first) longer list, and
fear causes me to want to back up the registry before doing so, which
yields a 21MB REGEDIT4 file when done as administrator.

1. Is it safe to go and remove the keys?

2. What is the most efficient (maybe scripted) way to remove the keys?
I'm more familiar with solaris (at a user level) and handier
with a text file than clicking at a GUI.

3. Is this the most advisable solution?

4. It seems more thorough to remove the keys as administrator. Is
this better than doing so as the user experiencing the problem?
Should I remove the keys as both administrator and the nonadmin
user?

5. Is saving a REGEDIT4 file an adequate safety net, or is it
better to save it in its default binary format?

6. Should I take a snapshot of the registry from both accounts?
That would create about 42MB of safety net.

7. Is there an efficient way to specify the exacty keys to export
in one shot? This would be preferable to saving 21MB of
registry per export.

8. What are some of the barriers to recovery if things go wrong?

Thanks for any thoughts on this.

Backup your system state first using NTBackup. It's in the system32
folder, and you should put this application onto the Start menu. Ideally
you should backup to a USB flashdrive at least 512MB in size or another
HDD. You cannot NTBackup directly to CDr, but only save to HDD then copy
over to CDr, but you can restore direcly from CDr.

Then open Regedit, position the cursor at the top on 'my computer', open
edit/find, them type in 'burn4free' in the 'find what' box, and press
'ok'. Each time the registry finds an instance of burn4free delete it,
if necessary the whole key unless other applications are listed under
that key, in which case just delete the relevant bit. Keep pressing F3
until no more instances of 'burn4free' are found. Then reboot the PC.

 

[paulmd]

Hello, I posted the following problem about registry pollution, but
haven't gotten much response. Hoping someone here can comment. In
addition to the questions at the end, I think I recall seeing a
method of modifying exported registry files to delete and/or create
keys, to be carried out when the file is imported. I can't seem to
find anything about this on the microsoft website. Thanks for any
comments.

-------- Original Message --------
Subject: Cleaning up Burn4free droppings
Date: Wed, 07 Feb 2007 00:26:59 -0500
From: M$ User <[email protected]>

Newsgroups: microsoft.public.win2000.registry

I'm using a VPN that scans my computer for risky things before
connecting. It found my computer to be clean if run from an
administrator account. But when run as a nonadmin user, it prevents
connection because it found:

HKEY_CURRENT_USER\Software\Burn4Free

According tohttp://www.siteadvisor.com/sites/mrgratis.com/downloads/1848445/
Burn4free adds many things related to NavHelper/NavExcel, which many
people don't like. Apparently, neither does my VPN client. However,
Burn4free has been removed long ago, so many of the things in the
above website don't appear on my computer. I have no
NavHelper/NavExcel on my Add/Remove_Programs (launched as
administrator). Neither of the 2 strings show up in the registry,
explored as administrator. And there are no file names or directories
on my hard drive containing the string "burn4free".

I have always been warned to leave registry mucking to the wizards.
But I could at least search for occurances of the string "burn4free",
which I did using regedit from an administrator account:

HKEY_CLASSES_ROOT\.b4f
HKEY_CLASSES_ROOT\Applications\Burn4Free.exe
HKEY_CLASSES_ROOT\Applications\Burn4Free.exe\shell
HKEY_CLASSES_ROOT\Burn4Free project
HKEY_CLASSES_ROOT\Burn4Free project\DefaultIcon
HKEY_CLASSES_ROOT\Burn4Free project\shell\open\command

HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start
Menu\Programs\Burn4Free CD and DVD

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start
Menu\Programs\Burn4Free Toolbar

1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.b4f
2 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\Burn4Free.exe
3 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\Burn4Free.exe\shell
4 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Burn4Free project
5 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Burn4Free project\DefaultIcon
6
7
8 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Burn4Free
project\shell\open\command
9 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App
Management\ARPCache\Burn4Free Toolbar

10
HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-1000\Software\Burn4Free
11
HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-1000\Software\Microsoft\Direct3D
12
HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-1000\Software\Microsoft\Direct3D\MostRecentApplication
13
HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-1000\Software\Microsoft\Internet
Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\FilesNamedMRU
14
HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start
Menu\Programs\Burn4Free CD and DVD
15
HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start
Menu\Programs\Burn4Free Toolbar

16
HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-500\Software\Microsoft\Direct3D\MostRecentApplication
17
HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start
Menu\Programs\Burn4Free CD and DVD
18
HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start
Menu\Programs\Burn4Free Toolbar

I also exported the entire registry as a text file (REGEDIT4 file) to
doublecheck the keys containing "burn4free". The key names are found
are:

1 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.b4f]
2 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\Burn4Free.exe]
3 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\Burn4Free.exe\shell]
4 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Burn4Free project]
5 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Burn4Free project\DefaultIcon]
6 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Burn4Free project\shell]
7 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Burn4Free project\shell\open]
8 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Burn4Free
project\shell\open\command]
9 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App
Management\ARPCache\Burn4Free Toolbar]

10
[HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-1000\Software\Burn4Free]
11
12
[HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-1000\Software\Microsoft\Direct3D\MostRecentApplication]
13
[HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-1000\Software\Microsoft\Internet
Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\FilesNamedMRU]
14
[HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start
Menu\Programs\Burn4Free CD and DVD]
15
[HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start
Menu\Programs\Burn4Free Toolbar]

16
[HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-500\Software\Microsoft\Direct3D\MostRecentApplication]
17
[HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start
Menu\Programs\Burn4Free CD and DVD]
18
[HKEY_USERS\S-1-5-21-527237240-920026266-1343024091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start
Menu\Programs\Burn4Free Toolbar]

These do corroborate with those found within regedit, and
corresponding keys between the 2 lists are given the same number
above. Some features to note are:

* The exported file only contains the keys rooted in
HKEY_LOCAL_MACHINE and HKEY_USERS. They do not contain the keys
rooted in HKEY_CLASSES_ROOT and HKEY_CURRENT_USER.

* Keys 6 & 7 do not have corresponding hits in the search from
within regedit because the search facility only matches the
search string to the /last/ component of the "path" (or to a key
containing a value which contains "burn4free".

* Key 11 doesn't have an entry in the exported REGEDIT4 file
presumably because the export only considers keys that contains
values. There really is no point in exporting a key that
contains just another key, since the 2nd key will have its own
entry in the exported file (if it contains values).

* I presume that offending HKEY_CURRENT_USER\Software\Burn4Free
shows up as item 10, and that strange code representing the user
is the account for which the problem experienced.

I would like to erase all the keys in the (first) longer list, and
fear causes me to want to back up the registry before doing so, which
yields a 21MB REGEDIT4 file when done as administrator.

1. Is it safe to go and remove the keys?

2. What is the most efficient (maybe scripted) way to remove the keys?
I'm more familiar with solaris (at a user level) and handier
with a text file than clicking at a GUI.

3. Is this the most advisable solution?

4. It seems more thorough to remove the keys as administrator. Is
this better than doing so as the user experiencing the problem?
Should I remove the keys as both administrator and the nonadmin
user?

5. Is saving a REGEDIT4 file an adequate safety net, or is it
better to save it in its default binary format?

6. Should I take a snapshot of the registry from both accounts?
That would create about 42MB of safety net.

7. Is there an efficient way to specify the exacty keys to export
in one shot? This would be preferable to saving 21MB of
registry per export.

8. What are some of the barriers to recovery if things go wrong?

Thanks for any thoughts on this.

You can get rid of burn4free's spyware with adaware, and possibly many
other anti-spyware programs. Burn 4 free will still work.