Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Infection?


  • Please log in to reply
3 replies to this topic

#1 zim390

zim390

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Location:Bridgewater, MA
  • Local time:02:48 PM

Posted 09 May 2009 - 03:59 PM

Hi,

Looking for some help.......

My laptop is booting up real slow, so I ran the following scans and cleaned up a few miscellaneous infections...CCleaner, ATF-Cleaner, Spyware Doctor, Malwarebytes, SuperANTI-Spyware, and Registry Mechanic. I assumed everything is clean.

The one thing that is still puzzling me is that RM is finding an error in the registry, but it can't / won't fix it. I've also tried to manually delete it via REGEDIT and it won't let me.

Here's the entry: HKEY_CLASS_ROOT\CLSID\{1171A62F-05D2-11D1-83FC00A0C9089C5A}INPROCSERVER32

This entry points to: C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FLASH9.OCX

I've uninstalled MacroMedia through Control Panel, but the entry is still there.

Can anyone tell me if this registry entry is related to an infection...or something else?

Thx
Zim

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:48 PM

Posted 09 May 2009 - 09:58 PM

InprocServer32 is a normal part of Windows, and will appear in hundreds of CLSID keys. It tells Windows how that particular class should be used and where the file for it can be found. Whether the CLSID keys were simply written corrupt or are actually connected to some sort of malware we can't tell you for sure The {Default} values under the InprocServer32 keys should point to actual files on your system somewhere.
I believe as there is no executible file here it's a broken key.
I am not sure why the cleaner won't remove it.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 zim390

zim390
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Location:Bridgewater, MA
  • Local time:02:48 PM

Posted 10 May 2009 - 12:16 PM

Thanks for the response. I will check with the folks at PCTools to see why Registry Mechanic is not removing.

Have a great day !!

Zim

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:48 PM

Posted 11 May 2009 - 10:49 AM

Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons:

• Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

• Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

• Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

• Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

• The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users