Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Questions about my AdwCleaner log (e.g. registry entries)


  • Please log in to reply
3 replies to this topic

#1 Without_A_Monitor

Without_A_Monitor

  • Members
  • 339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh bleepinverse
  • Local time:11:20 PM

Posted 30 October 2014 - 08:04 PM

I apologize if this thread was not made in the correct security sub-forum. I don't think that I am infected, especially because I did my routine scans with MBAM, ESET NOD32, and Emsisoft recently. Additionally, the registry entries are not new. My questions pertain to the exact registry entries for my AdwCleaner log.

From what I gathered, the first registry entry is a false-positive. My questions are about the second, third and fourth registry keys. I have attempted to research all three lines, but I have yet to find sources that reassuringly confirm that the registry lines should indeed be deleted. I don't think that I should delete (them) before I find out what exactly they are and/or if they should be deleted. Any insight would be sincerely appreciated.

Again, I am sorry if this thread is not supposed to be in this sub-section. I emphasize that I do not think that my laptop is infected, nor is that what I am asking. If it happens to be the case that my laptop is infected, that is a different story. I am just seeking to identify these registry lines as unwanted/bad.



# AdwCleaner v4.002 - Report created 30/10/2014 at 15:42:57
# Updated 27/10/2014 by Xplode
# Database : 2014-10-26.6
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : El Diego - EL_DIEGO
# Running from : C:\Users\El Diego\Downloads\bastion\adwcleaner_4.002.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16584


-\\ Mozilla Firefox v32.0.3 (x86 en-US)


-\\ Google Chrome v38.0.2125.111


*************************

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:20 PM

Posted 31 October 2014 - 05:20 AM

6DDA37BA-0553-499A-AE0D-BEBA67204548 looks to be related to Open Codecs

305B09CE8C53A214DB58887F62F25536 and 0FF2AEFF45EEA0A48A4B33C1973B6094 looks to be related to ApproveIt

However, I did find those same two entries in this AdwCleaner false positive topic which mentions Norton Ghost. Sorry I cannot translate everything written there.

I'm sure Xplode has a master list based on all the input he receives. You could ask him directly at his home site: AdwCleaner Feedback <- there is a drop down menu at the top right to "Select language" (English)
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Without_A_Monitor

Without_A_Monitor
  • Topic Starter

  • Members
  • 339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh bleepinverse
  • Local time:11:20 PM

Posted 31 October 2014 - 01:01 PM

Thank you very much as always, quietman. Yeah, I found evidence that the line ending in 4548 is related to Open Codecs (Flac.) As for the lines ending with 6094 and 5536, I have found info for it being a false positive or unwanted/bad as you stated. I don't have Norton Ghost. I read that discussion as well. Much obliged for the links. I suppose that the 6094 is leftover from whenever the infection was on my laptop in the past. As for the 5536 line, I have read that it is related to HP Solution Center for an HP Printer amongst other software as well.

(Edit: I should have noted that my printer is a Canon and not HP. So, I suppose that the 5536 registry line is probably leftover from past malware as well. I will most likely delete them both, unless you recommend otherwise.)


Ah, you're right. I could and probably should just ask at his forum. I just thought that someone or some people here might be able to identify those lines as well. Since I frequent here so often, I just thought that I'd try here first. Thanks once again.

Edited by Without_A_Monitor, 31 October 2014 - 01:12 PM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:20 PM

Posted 31 October 2014 - 05:49 PM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users