Finally here are the two files that I know were associated with the rogue iexplore.exe. They were continually being created and updated throughout the past few weeks so they may be slightly different. Please not the urls changes. Clickleg.org seems to be the main one, however there were many others. Also, my temporary internet files folder was constantly filled with junk from these places even though I never browsed to them.
serf_conf.log
[PANEL_SIGN_CHECK]
[runs_count_begin]
60
[runs_count_end]
[urls_to_serf_begin]
http://www.searchtasteless.org/ac.php?aid=461&sid=direct2
http://www.clickleg.org/ac.php?aid=461&sid=direct2
http://www.clickleg.org/ac.php?aid=461&sid=direct2
http://www.clickleg.org/ac.php?aid=461&sid=direct2
http://www.clickleg.org/ac.php?aid=461&sid=direct2
[urls_to_serf_end]
[refs_to_change_begin]
www.searchtasteless.org/ac.php=|www.searchtasteless.org/search.php
www.clickleg.org/ac.php=|www.clickleg.org/search.php
[refs_to_change_end]
[panels_begin]
viewthanks.org
searchsession.org
searchdistribution.org
searchsuccessful.org
searchgateway.org
onlineprostats.com
[panels_end]
[popupcount_begin]
3
[popupcount_end]
[popupurl_begin]
[popupurl_end]
[popupurl2_begin]
[popupurl2_end]
[date_begin]
16:1:2011
[date_end]
test.reg -- File used to update the registry, which is why no matter how many times I set firefox to my default, iexpore became my default.
Windows Registry Editor Version 5.00
;Ramesh Srinivasan - http://windowsxp.mvps.org
;Sets IE as default (For use with Windows XP systems)
;Use this only if IE is installed in its default location
;c:\Program Files\Internet Explorer
;Revised April 1, 2005 - Changed IExplore.exe path to LFN format
[HKEY_CLASSES_ROOT\ftp]
@="URL:File Transfer Protocol"
"EditFlags"=dword:00000002
"ShellFolder"="{63da6ec0-2e98-11cf-8d82-444553540000}"
"Source Filter"="{E436EBB6-524F-11CE-9F53-0020AF0BA770}"
"URL Protocol"=""
[HKEY_CLASSES_ROOT\ftp\DefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,75,00,72,00,\
6c,00,2e,00,64,00,6c,00,6c,00,2c,00,30,00,00,00
[HKEY_CLASSES_ROOT\ftp\Extensions]
".IVF"="{C69E8F40-D5C8-11D0-A520-145405C10000}"
[HKEY_CLASSES_ROOT\ftp\shell]
@="open"
[HKEY_CLASSES_ROOT\ftp\shell\open]
[HKEY_CLASSES_ROOT\ftp\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1"
[HKEY_CLASSES_ROOT\ftp\shell\open\ddeexec]
@="\"%1\",,-1,0,,,,"
"NoActivateHandler"=""
[HKEY_CLASSES_ROOT\ftp\shell\open\ddeexec\Application]
@="IExplore"
[HKEY_CLASSES_ROOT\ftp\shell\open\ddeexec\ifExec]
@="*"
[HKEY_CLASSES_ROOT\ftp\shell\open\ddeexec\Topic]
@="WWW_OpenURL"
[HKEY_CLASSES_ROOT\htmlfile]
@="HTML Document"
"EditFlags"=dword:00010000
"BrowserFlags"=dword:00000008
[HKEY_CLASSES_ROOT\htmlfile\BrowseInPlace]
@=""
[HKEY_CLASSES_ROOT\htmlfile\CLSID]
@="{25336920-03F9-11CF-8FD0-00AA00686F13}"
[HKEY_CLASSES_ROOT\htmlfile\DefaultIcon]
@="C:\\Program Files\\Internet Explorer\\iexplore.exe,1"
[HKEY_CLASSES_ROOT\htmlfile\ScriptHostEncode]
@="{0CF774D0-F077-11D1-B1BC-00C04F86C324}"
[HKEY_CLASSES_ROOT\htmlfile\shell]
@="opennew"
[HKEY_CLASSES_ROOT\htmlfile\shell\open]
@="Open in S&ame Window"
[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" -nohome"
[HKEY_CLASSES_ROOT\htmlfile\shell\open\ddeexec]
@="\"file://%1\",,-1,,,,,"
"NoActivateHandler"=""
[HKEY_CLASSES_ROOT\htmlfile\shell\open\ddeexec\Application]
@="IExplore"
[HKEY_CLASSES_ROOT\htmlfile\shell\open\ddeexec\Topic]
@="WWW_OpenURL"
[HKEY_CLASSES_ROOT\htmlfile\shell\opennew]
@="&Open"
[HKEY_CLASSES_ROOT\htmlfile\shell\opennew\command]
@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1"
[HKEY_CLASSES_ROOT\htmlfile\shell\opennew\ddeexec]
@="\"%1\",,-1,0,,,,"
"NoActivateHandler"=""
[HKEY_CLASSES_ROOT\htmlfile\shell\opennew\ddeexec\Application]
@="IExplore"
[HKEY_CLASSES_ROOT\htmlfile\shell\opennew\ddeexec\IfExec]
@="*"
[HKEY_CLASSES_ROOT\htmlfile\shell\opennew\ddeexec\Topic]
@="WWW_OpenURLNewWindow"
[HKEY_CLASSES_ROOT\htmlfile\shell\printto]
[HKEY_CLASSES_ROOT\htmlfile\shell\printto\command]
@=hex(2):72,00,75,00,6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,\
00,20,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,\
00,68,00,74,00,6d,00,6c,00,2e,00,64,00,6c,00,6c,00,2c,00,50,00,72,00,69,00,\
6e,00,74,00,48,00,54,00,4d,00,4c,00,20,00,22,00,25,00,31,00,22,00,20,00,22,\
00,25,00,32,00,22,00,20,00,22,00,25,00,33,00,22,00,20,00,22,00,25,00,34,00,\
22,00,00,00
[HKEY_CLASSES_ROOT\HTTP]
@="URL:HyperText Transfer Protocol"
"EditFlags"=dword:00000002
"Source Filter"="{E436EBB6-524F-11CE-9F53-0020AF0BA770}"
"URL Protocol"=""
[HKEY_CLASSES_ROOT\HTTP\AnimExtensions]
"."="dxmasf.dll,150"
".asf"="dxmasf.dll,150"
".asp"="dxmasf.dll,150"
".asx"="dxmasf.dll,150"
".nsc"="dxmasf.dll,150"
".wax"="dxmasf.dll,150"
".wm"="dxmasf.dll,150"
".wma"="dxmasf.dll,150"
".wmv"="dxmasf.dll,150"
".wmx"="dxmasf.dll,150"
".wvx"="dxmasf.dll,150"
[HKEY_CLASSES_ROOT\HTTP\DefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,75,00,72,00,\
6c,00,2e,00,64,00,6c,00,6c,00,2c,00,30,00,00,00
[HKEY_CLASSES_ROOT\HTTP\Extensions]
".ASF"="{6B6D0800-9ADA-11d0-A520-00A0D10129C0}"
".ASX"="{4B428940-263C-11d1-A520-000000000000}"
".ASP"="{4B428940-263C-11d1-A520-000000000000}"
".WAX"="{4B428940-263C-11d1-A520-000000000000}"
".WM"="{6B6D0800-9ADA-11d0-A520-00A0D10129C0}"
".WMA"="{6B6D0800-9ADA-11d0-A520-00A0D10129C0}"
".NSC"="{4B428940-263C-11d1-A520-000000000000}"
".BECK"="{6B6D0800-9ADA-11d0-A520-00A0D10129C0}"
".WVX"="{4B428940-263C-11d1-A520-000000000000}"
".WMV"="{6B6D0800-9ADA-11d0-A520-00A0D10129C0}"
".WMX"="{4B428940-263C-11d1-A520-000000000000}"
".IVF"="{C69E8F40-D5C8-11D0-A520-145405C10000}"
[HKEY_CLASSES_ROOT\HTTP\shell]
@="open"
[HKEY_CLASSES_ROOT\HTTP\shell\open]
[HKEY_CLASSES_ROOT\HTTP\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" -nohome"
[HKEY_CLASSES_ROOT\HTTP\shell\open\ddeexec]
@="\"%1\",,-1,0,,,,"
"NoActivateHandler"=""
[HKEY_CLASSES_ROOT\HTTP\shell\open\ddeexec\Application]
@="IExplore"
[HKEY_CLASSES_ROOT\HTTP\shell\open\ddeexec\Topic]
@="WWW_OpenURL"
[HKEY_CLASSES_ROOT\https]
@="URL:HyperText Transfer Protocol with Privacy"
"EditFlags"=dword:00000002
"Source Filter"="{E436EBB6-524F-11CE-9F53-0020AF0BA770}"
"BrowserFlags"=dword:00000008
"URL Protocol"=""
[HKEY_CLASSES_ROOT\https\DefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,75,00,72,00,\
6c,00,2e,00,64,00,6c,00,6c,00,2c,00,30,00,00,00
[HKEY_CLASSES_ROOT\https\shell]
@="open"
[HKEY_CLASSES_ROOT\https\shell\open]
[HKEY_CLASSES_ROOT\https\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" -nohome"
[HKEY_CLASSES_ROOT\https\shell\open\ddeexec]
@="\"%1\",,-1,0,,,,"
"NoActivateHandler"=""
[HKEY_CLASSES_ROOT\https\shell\open\ddeexec\Application]
@="IExplore"
[HKEY_CLASSES_ROOT\https\shell\open\ddeexec\Topic]
@="WWW_OpenURL"
[HKEY_CLASSES_ROOT\InternetShortcut]
"EditFlags"=dword:00000002
@="Internet Shortcut"
"IsShortcut"=""
"NeverShowExt"=""
[HKEY_CLASSES_ROOT\InternetShortcut\CLSID]
@="{FBF23B40-E3F0-101B-8488-00AA003E56F8}"
[HKEY_CLASSES_ROOT\InternetShortcut\DefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,75,00,72,00,\
6c,00,2e,00,64,00,6c,00,6c,00,2c,00,30,00,00,00
[HKEY_CLASSES_ROOT\InternetShortcut\shell]
[HKEY_CLASSES_ROOT\InternetShortcut\shell\open]
"CLSID"="{FBF23B40-E3F0-101B-8488-00AA003E56F8}"
"LegacyDisable"=""
[HKEY_CLASSES_ROOT\InternetShortcut\shell\open\command]
@="rundll32.exe shdocvw.dll,OpenURL %l"
[HKEY_CLASSES_ROOT\InternetShortcut\shell\print]
[HKEY_CLASSES_ROOT\InternetShortcut\shell\print\command]
@=hex(2):72,00,75,00,6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,\
00,20,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4d,00,73,\
00,68,00,74,00,6d,00,6c,00,2e,00,64,00,6c,00,6c,00,2c,00,50,00,72,00,69,00,\
6e,00,74,00,48,00,54,00,4d,00,4c,00,20,00,22,00,25,00,31,00,22,00,00,00
[HKEY_CLASSES_ROOT\InternetShortcut\shell\printto]
[HKEY_CLASSES_ROOT\InternetShortcut\shell\printto\command]
@=hex(2):72,00,75,00,6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,\
00,20,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4d,00,73,\
00,68,00,74,00,6d,00,6c,00,2e,00,64,00,6c,00,6c,00,2c,00,50,00,72,00,69,00,\
6e,00,74,00,48,00,54,00,4d,00,4c,00,20,00,22,00,25,00,31,00,22,00,20,00,22,\
00,25,00,32,00,22,00,20,00,22,00,25,00,33,00,22,00,20,00,22,00,25,00,34,00,\
22,00,00,00
[HKEY_CLASSES_ROOT\InternetShortcut\shellex]
[HKEY_CLASSES_ROOT\InternetShortcut\shellex\ContextMenuHandlers]
[HKEY_CLASSES_ROOT\InternetShortcut\shellex\ContextMenuHandlers\{FBF23B40-E3F0-101B-8488-00AA003E56F8}]
@=""
[HKEY_CLASSES_ROOT\InternetShortcut\shellex\IconHandler]
@="{FBF23B40-E3F0-101B-8488-00AA003E56F8}"
[HKEY_CLASSES_ROOT\InternetShortcut\shellex\PropertyHandler]
@="{FBF23B40-E3F0-101B-8488-00AA003E56F8}"
[HKEY_CLASSES_ROOT\InternetShortcut\shellex\PropertySheetHandlers]
[HKEY_CLASSES_ROOT\InternetShortcut\shellex\PropertySheetHandlers\{FBF23B40-E3F0-101B-8488-00AA003E56F8}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}]
@="Internet Shortcut"
[HKEY_CLASSES_ROOT\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\InProcServer32]
@="shdocvw.dll"
"ThreadingModel"="Apartment"
"LoadWithoutCOM"=""
[HKEY_CLASSES_ROOT\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\PersistentHandler]
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
[HKEY_CLASSES_ROOT\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\ProgID]
@="InternetShortcut"
[HKEY_CLASSES_ROOT\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\shellex]
[HKEY_CLASSES_ROOT\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\shellex\MayChangeDefaultMenu]
@=""
[HKEY_CLASSES_ROOT\gopher]
@="URL:Gopher Protocol"
"EditFlags"=dword:00000002
"Source Filter"="{E436EBB6-524F-11CE-9F53-0020AF0BA770}"
"URL Protocol"=""
[HKEY_CLASSES_ROOT\gopher\DefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,75,00,72,00,\
6c,00,2e,00,64,00,6c,00,6c,00,2c,00,30,00,00,00
[HKEY_CLASSES_ROOT\gopher\shell]
[HKEY_CLASSES_ROOT\gopher\shell\open]
[HKEY_CLASSES_ROOT\gopher\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" -nohome"
[HKEY_CLASSES_ROOT\gopher\shell\open\ddeexec]
@="\"%1\",,-1,0,,,,"
"NoActivateHandler"=""
[HKEY_CLASSES_ROOT\gopher\shell\open\ddeexec\Application]
@="IExplore"
[HKEY_CLASSES_ROOT\gopher\shell\open\ddeexec\Topic]
@="WWW_OpenURL"
[HKEY_CLASSES_ROOT\mhtmlfile]
@="MHTML Document"
[HKEY_CLASSES_ROOT\mhtmlfile\BrowseInPlace]
@=""
[HKEY_CLASSES_ROOT\mhtmlfile\CLSID]
@="{3050F3D9-98B5-11CF-BB82-00AA00BDCE0B}"
[HKEY_CLASSES_ROOT\mhtmlfile\DefaultIcon]
@="C:\\Program Files\\Internet Explorer\\iexplore.exe,22"
[HKEY_CLASSES_ROOT\mhtmlfile\shell]
@="opennew"
[HKEY_CLASSES_ROOT\mhtmlfile\shell\open]
@="Open in S&ame Window"
[HKEY_CLASSES_ROOT\mhtmlfile\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" -nohome"
[HKEY_CLASSES_ROOT\mhtmlfile\shell\open\ddeexec]
@="\"file://%1\",,-1,,,,,"
[HKEY_CLASSES_ROOT\mhtmlfile\shell\open\ddeexec\Application]
@="IExplore"
[HKEY_CLASSES_ROOT\mhtmlfile\shell\open\ddeexec\Topic]
@="WWW_OpenURL"
[HKEY_CLASSES_ROOT\mhtmlfile\shell\opennew]
@="&Open"
[HKEY_CLASSES_ROOT\mhtmlfile\shell\opennew\command]
@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1"
[HKEY_CLASSES_ROOT\mhtmlfile\shell\opennew\ddeexec]
@="\"file://%1\",,-1,,,,,"
"NoActivateHandler"=""
[HKEY_CLASSES_ROOT\mhtmlfile\shell\opennew\ddeexec\Application]
@="IExplore"
[HKEY_CLASSES_ROOT\mhtmlfile\shell\opennew\ddeexec\IfExec]
@="*"
[HKEY_CLASSES_ROOT\mhtmlfile\shell\opennew\ddeexec\Topic]
@="WWW_OpenURLNewWindow"
[HKEY_CLASSES_ROOT\.htm]
@="htmlfile"
[HKEY_CLASSES_ROOT\.html]
@="htmlfile"
[HKEY_CLASSES_ROOT\.mht]
@="mhtmlfile"
[HKEY_CLASSES_ROOT\.mhtml]
@="mhtmlfile"