Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown REG entries - need help identifying


  • Please log in to reply
3 replies to this topic

#1 Eric RBA

Eric RBA

  • Members
  • 252 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:State College, PA
  • Local time:03:42 PM

Posted 05 February 2009 - 08:23 PM

I have noticed in cleaning up my registry that there are some unusual entries located in the following place:

CURRENT_USER> Software> Microsoft> Windows> Current Version> Group Policy> GroupMembership

I'm running XP Pro SP3. There are nine groups, none of which I recall creating or permitting. In order, from Group 0 to Group 8, they are:

S-1-5-21-2667897479-708365468-1232465498-513
S-1-1-0
S-1-5-32-544
S-1-5-32-551
S-1-5-32-555
S-1-5-32-545
S-1-5-4
S-1-5-11
S-1-2-0

The most concerning one is the first entry. It was found in the suspiciously hidden "C:/Recycler" folder when I ran a Malwarebytes scan. It was HUGE! and took a while to scan. Is there something suspicious or alarming about these entries and can I just remove them?

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,248 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:42 PM

Posted 05 February 2009 - 08:27 PM

FWIW: http://www.microsoft.com/technet/prodtechn...v.mspx?mfr=true

Louis

#3 Eric RBA

Eric RBA
  • Topic Starter

  • Members
  • 252 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:State College, PA
  • Local time:03:42 PM

Posted 05 February 2009 - 08:49 PM

Okay, so I checked through the SID list at that link. I have a couple more questions then:

1. I have not added this machine to a domain, so how could there be GroupMembership SID's in the registry?
2. Can I delete the entries for these SID's, particularly the lengthy first one.
I would never ask a person to do something that I wouldn't do myself.

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 55,248 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:42 PM

Posted 06 February 2009 - 11:38 AM

I can't answer your questions, I've never concerned myself with SIDs...other than to note that chkdsk cleans those up somewhat.

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users