Author Topic: Orphan registry  (Read 6700 times)

0 Members and 1 Guest are viewing this topic.

May 15, 2015, 09:45:54 AM

steddye

  • Newbie

  • Offline
  • *

  • 3
  • Reputation:
    0
    • View Profile
Orphan registry
« on: May 15, 2015, 09:45:54 AM »
RogueKiller V10.6.3.0 (x64) [May 11 2015] di Adlice Software
posta : http://www.adlice.com/contact/
Commenti : http://forum.adlice.com
Sito Web : http://www.adlice.com/softwares/roguekiller/
Discussione : http://www.adlice.com

Sistema Operativo : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Iniziato in : Modalità Normale
Utente : foca [Amministratore]
Iniziato da : E:\Downloads\RogueKillerX64 (2).exe
Modalità : Scansione -- Data : 05/15/2015  09:23:26

¤¤¤ Processi : 0 ¤¤¤

¤¤¤ Registro : 12 ¤¤¤
[Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> Trovato
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7BD0FEA3-A282-4A9C-8DA9-79C3BA4ACE62} | NameServer : 192.168.1.1,85.37.17.5,8.8.8.8,151.99.125.1 [-][ITALY (IT)][-][ITALY (IT)]  -> Trovato
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7BD0FEA3-A282-4A9C-8DA9-79C3BA4ACE62} | NameServer : 192.168.1.1,85.37.17.5,8.8.8.8,151.99.125.1 [-][ITALY (IT)][-][ITALY (IT)]  -> Trovato
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7BD0FEA3-A282-4A9C-8DA9-79C3BA4ACE62} | NameServer : 192.168.1.1,85.37.17.5,8.8.8.8,151.99.125.1 [-][ITALY (IT)][-][ITALY (IT)]  -> Trovato
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Trovato
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Trovato
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2558236547-444649337-1807880188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Trovato
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2558236547-444649337-1807880188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Trovato
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2558236547-444649337-1807880188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Trovato
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2558236547-444649337-1807880188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Trovato
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2558236547-444649337-1807880188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Trovato
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2558236547-444649337-1807880188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Trovato

¤¤¤ Attività : 0 ¤¤¤

¤¤¤ Archivi : 0 ¤¤¤

¤¤¤ Archivio Hosts : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: Caricato) ¤¤¤

¤¤¤ Web Browser : 0 ¤¤¤

¤¤¤ Controllo MBR : ¤¤¤
+++++ PhysicalDrive0: ADATA SP900 SCSI Disk Device +++++
--- User ---
[MBR] 2b9f2e12b490e0005987573fb446e66e
[BSP] c08dc13d915e62ae570e0b6e7e1dc92a : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 122102 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD1003FZEX-00MK2 SCSI Disk Device +++++
--- User ---
[MBR] 27553866021855288320cca0be4c45a2
[BSP] 690b767b6d8bc467a0a947e1263cffed : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 MB
1 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB
2 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 1953521664 | Size: 0 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: Maxtor 6H500F0 SCSI Disk Device +++++
--- User ---
[MBR] 9f931b9192b6a19b905787b8e88450ae
[BSP] cf0b651b0fab45c6ab8f1d8c9f955908 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476939 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive3: TrekStor DSpocket light30 USB Device +++++
--- User ---
[MBR] 41c2f55d328ededcc29f4793130e9bfb
[BSP] b196f99563240fbf2ba362b569dec1f2 : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] Richiesta non supportata. )

+++++ PhysicalDrive4: TrekStor DS pocket light USB Device +++++
--- User ---
[MBR] bb5fdc45a607812ac64e1cad8edc2636
[BSP] 33269e4ad28bd855014dc1314af7dfe3 : Empty MBR Code
Partition table:
0 - Basic data partition | Offset (sectors): 2048 | Size: 476938 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Richiesta non supportata. )

The registry orphan  ( highlighted in orange) is protected by Norton and cannot be deleted so is really orphan or still in use ?

details
{6D53EC84-6AAE-4787-AEEE-F4628F01010C}      reg_s      Norton Vulnerability Protection
                                                                         reg_dword                0x00000001(1)


thanks

Reply #1May 15, 2015, 04:14:14 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Orphan registry
« Reply #1 on: May 15, 2015, 04:14:14 PM »
Hi steddye,

Welcome to Adlice.com Forum.

This BHO is part of Norton Vulnerability Protection.
Is the following key present in the registry ?
Quote
HKEY_CLASSES_ROOT\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}

Regards.
« Last Edit: May 15, 2015, 04:33:44 PM by Curson »

Reply #2May 18, 2015, 03:05:06 AM

steddye

  • Newbie

  • Offline
  • *

  • 3
  • Reputation:
    0
    • View Profile
Re: Orphan registry
« Reply #2 on: May 18, 2015, 03:05:06 AM »
To be sure I've re-installed Norton 360 and, after this, another scan with the same result.

Serching the registry for the key

HKEY_CLASSES_ROOT\Symantec.IPS.WebProtection\CLSID  (Default)   REG_SZ  {6D53EC84-6AAE-4787-AEEE-F4628F01010C}


HKEY_CLASSES_ROOT\Symantec.IPS.WebProtection.1  (Default)   REG_SZ Norton Vulnerability Protection
                                                                                 CLSID     REG_SZ   {6D53EC84-6AAE-4787-AEEE-F4628F01010C}


HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}     (Default)   REG_SZ     Norton Vulnerability Protection



this are the results searching   for {6D53EC84-6AAE-4787-AEEE-F4628F01010C} in HKEY_CLASSES_ROOT

the key is still orphan, somthing to worry about ?       thanks for the help


Reply #3May 19, 2015, 12:50:57 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Orphan registry
« Reply #3 on: May 19, 2015, 12:50:57 PM »
Hi steddye,

Your rapport is clean.
Thoses CLSID are definitely linked to Norton 360.

Regards.

Reply #4May 20, 2015, 05:01:12 AM

steddye

  • Newbie

  • Offline
  • *

  • 3
  • Reputation:
    0
    • View Profile
Re: Orphan registry
« Reply #4 on: May 20, 2015, 05:01:12 AM »
Thanks for the help.

Reply #5May 21, 2015, 12:32:54 AM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Orphan registry
« Reply #5 on: May 21, 2015, 12:32:54 AM »
Hi steddye,

You are very welcome.

All the best.