Hello

 

I'd just like to report a huge lisst of false positives that Adwcleaner has reported

# AdwCleaner v6.030 - Logfile created 03/11/2016 at 23:52:05 # Updated on 19/10/2016 by Malwarebytes # Database : 2016-11-04.1 [Server] # Operating System : Windows 7 Ultimate  (X64) # Username : Gamefan - GAMEFAN-PC # Running from : C:\Users\Gamefan\Desktop\My Stuff\adwcleaner_6.030.exe # Mode: Scan # Support : https://www.malwarebytes.com/support


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious keys found.

***** [ Shortcuts ] *****

No infected shortcut found.

***** [ Scheduled Tasks ] *****

No malicious task found.

***** [ Registry ] *****

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628}

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628}

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628}

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628}

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628}

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}



***** [ Web browsers ] *****

No malicious Firefox based browser items found. No malicious Chromium based browser items found.

 

I'm pretty sure these are all incredibly important Microsoft Registry keys aren't they? Malwarebytes and Hitman didn't find anything. Are these safe to whitelist?

Re: False Postiive Registry entries

Greetings,

These registry keys are related to ProxyGate, qualified as Adware/PUP. You can remove them.

Regards.

Re: False Postiive Registry entries

I would object to that, I'm 100% sure I don't have ProxyGate.

This is some of the matches that have Legit names in their descriptions, and the last changed date is the date that I installed my machine.

So it seems colleteral damage from the ProxyGate detection, I would not remove these keys!

 

HKCR\Wow6432Node\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628} REG_SZ    Microsoft TabStrip Control, version 6.0    2015-09-01 12:17:56

HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}        REG_SZ    Microsoft ImageComboBox Control, version 6.0    2015-09-01 12:17:56 HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}        REG_SZ    Microsoft StatusBar Control, version 6.0    2015-09-01 12:17:56

HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}        REG_SZ    Microsoft ListView Control, version 6.0    2015-09-01 12:17:56 HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}        REG_SZ    TreeView General Property Page Object    2015-09-01 12:17:54

.....

HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}        REG_SZ    Microsoft ImageList Control, version 6.0    2015-09-01 12:17:56  

 

 

 

Re: False Postiive Registry entries

I have to agree with Ronny. These all seem like legit entries. I never had proxy gate on my system and my other scans come up clean.

 

Another user encounterrd the same problem

 

https://toolslib.net/forum/viewthread/9452-it-seems-be-adw-cleaner-detected-wrong-registry-keys/

Re: False Postiive Registry entries

IMO FALSE POSITIVES:

 

This is NOT ProxyGate!  Never used it on any PC.

These entries are shown to relate to MS Acive X/Software controls..  I scanned the registry to verify all of these.  MS Toolbar Control 6.0, etc just as posted above.  All CLSID references relate to these controls.

I use adwcleaner regularly and today all of a sudden all 5 of the office PCs have these same 26 registry entries flagged when previously not.

Also 3 home PCs and laptops show this today when they did not the other day with the same version of adwcleaner.  One laptop has not been online since the last adwcleaner scan.

2 friends tried it and also SAME 26 entries when previously not.  Not sure if adwcleaner updates itself now because the same version did not flag these entries 2 days ago and I have the current version 6.030.  So either windows updates added something that adwcleaner flags now or adwcleaner updated and changed its prameters?

 

***** [ Registry ] *****

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}

 

Re: False Postiive Registry entries

I'm having it today too. Found 26 things that it didn't find before.

Re: False Postiive Registry entries

Hello,

It's now fixed, sorry for the inconvenience.

Best regards,