cancel
Showing results for 
Search instead for 
Did you mean: 

AdwCleaner - Questionable suggestions

Razer
Grafter
Posts: 1,398
Thanks: 6
Registered: 17-11-2012

AdwCleaner - Questionable suggestions

Whilst browsing through my registry, as I do from time to time when making sure removed programs haven't left anything behind, I came across two entries that I thought suspicious:
HKCU\Software\APN PIP
HKLM\Software\PIP
In searching on these entries I think they've likely come from Foxit Reader (despite unticking the 'Ask' toolbar during install it still puts entries in your registry). A lot of the search results I found refer to a scanning and cleaning utility that I've never heard of - AdwCleaner - so I thought I'd give it a try to see if it found anything else. Here are the relevant results of the scan on my computer:
***** [Registry] *****
Key Found : HKCU\Software\APN PIP
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\Software\PIP
***** [Internet Browsers] *****
-\\ Mozilla Firefox v20.0.1 (en-US)
File : C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\********.default\prefs.js
Found : user_pref("extensions.noredirect.list", "^hxxp://agoga\\.com::7:::^hxxp://(?:[^/]+\\.)?websearch\\.v[...]

I was irked to see an entry for Firefox because I like to think I'm quite on top of my security with the browser, so that was the first thing I looked into. The full entry from my preferences file reads as follows:
user_pref("extensions.noredirect.list", "^http://agoga\\.com::7:::^http://(?:[^/]+\\.)?websearch\\.verizon\\.net::7:::^http://(?:[^/]+\\.)?search\\.rogers\\.com::7:::^http://(?:[^/]+\\.)?earthlink-?help\\.net::7:::^http://(?:[^/]+\\.)?finder\\.cox\\.net::7:::^http://(?:[^/]+\\.)?search\\.embarq\\.com::7:::^http://ww11\\.charter\\.net::7:::^http://ww23\\.rr\\.com::7:::^http://guide\\.opendns\\.com/\\?url=::7:::^http://support\\.microsoft\\.com/.*smarterror::5:::^http://msdn\\.microsoft\\.com/.*missingurl=::5");

I can only think that it has something to do with one of my addons (either BetterPrivacy, NoScript or Ghostery) and is a static list of sites which are blocked from redirecting, or sites to which redirects are blocked. That or it's a default FF entry. So I was very puzzled as to why this program has flagged it for removal. Unless it is an entry of real concern. Searches on "extensions.noredirect.list" yield no results - not even from mozilla.org.
I then looked into the entries for the registry that I'd not already spotted myself and it transpires that the file secman.dll is from an installation of Samsung Kies, the program you have to install if you want to connect your Samsung mobile to your computer. It is a:
Quote
Security Manager Component for Microsoft Outlook allows to turn off and on Outlook Object Model Security Guard

That quoted from the file itself, as is the website address given: http://www.mapilab.com/
Seems legitimate to me. Whilst I don't use Outlook, so needn't be bothered, I can't help wondering why this AdwCleaner is flagging things for removal that seem to be security items. By this point I couldn't help also wondering if the 'conduitEngine' entry in my registry is also something innocent and the program is just assuming it's malicious because of the existence of the word 'conduit'. Unfortunately I can't find any way to contact the developer of this little program to question why it's flagging them. My next thought was that it's one of these rogue cleaning utilities, but in searching it is recommended by many legitimate sites, so I wondered if any of you guys have any ideas/insight.
3 REPLIES
Community Veteran
Posts: 5,092
Thanks: 453
Fixes: 17
Registered: 10-06-2010

Re: AdwCleaner - Questionable suggestions

I'm guessing extensions.noredirect.list is related to the noredirect extension, which sounds a bit old, and was for blocking search pages served up by certain ISP's DNS servers instead of "domain not found" replies. Which also explains the list containing those American ISPs: Verizon, Rogers, Cox etc.
For conduitEngine, it's because conduitEngine appears to be toolbar related junk.
Community Veteran
Posts: 4,844
Thanks: 120
Fixes: 24
Registered: 14-07-2009

Re: AdwCleaner - Questionable suggestions

Conduit products tend to muscle-in on your web browser, add tool bars, change the search defaults, home page etc.   
Razer
Grafter
Posts: 1,398
Thanks: 6
Registered: 17-11-2012

Re: AdwCleaner - Questionable suggestions

ejs, I've never used that extension. Still leaves the question as to why this AdwCleaner is flagging it. Huh
RR, yeah, I know about conduit. I don't know if the registry entry is actually related to them or where it's come from. It's the only one there and doesn't appear to link to anything.