I updated my spybot, do immunization and got only 14316 bad products blocked. My buddy reports to have 17600 !!!
Explain ? Solution ?
Windows XP home SP2
thanks
I updated my spybot, do immunization and got only 14316 bad products blocked. My buddy reports to have 17600 !!!
Explain ? Solution ?
Windows XP home SP2
thanks
piranha:
Are you immunizing from a "Computer administrator" account?
If you are immunizing from a "Computer administrator" account, you may not be immunizing in all the registry hives possible during Spybot's immunization.
- Download the attached Query1.zip file.
- Extract Query1.bat into its own folder (see Note #1).
- Execute Query1.bat by double clicking on it.
- After the execution of Query1.bat it should have created a Query1.txt file in the same folder as the Query1.bat file (see Note #2). Copy the contents of the Query1.txt file to the clipboard:
- Double click on the Query1.txt file and it should open with Notepad.
- Select all (Ctrl+A)
- Copy (Ctrl+C)
- Then Paste (Ctrl+V) into a new post (reply) in this thread.
Then we can see what Registry keys are/are not accessible by the user.
Note #1: The code in the Query1.bat.
Note #2: The output that I get (Windows XP Home from a Computer Administrator account).Code:ECHO QUERY1 REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com" > Query1.txt REG QUERY "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com" >> Query1.txt REG QUERY "HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com" >> Query1.txt REG QUERY "HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com" >> Query1.txt REG QUERY "HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com" >> Query1.txt REG QUERY "HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com" >> Query1.txt EXIT
Code:! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com <NO NAME> REG_DWORD 0x5 ! REG.EXE VERSION 3.0 HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com <NO NAME> REG_DWORD 0x5 ! REG.EXE VERSION 3.0 HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com <NO NAME> REG_DWORD 0x5 ! REG.EXE VERSION 3.0 HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com <NO NAME> REG_DWORD 0x5 ! REG.EXE VERSION 3.0 HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com <NO NAME> REG_DWORD 0x5 ! REG.EXE VERSION 3.0 HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com <NO NAME> REG_DWORD 0x5
Getting an answer is one thing, learning is another.
Microsoft Windows XP Home Edition running on a 2.40GHz Intel® Pentium® 4 Processor with 512 MB of RAM and a 533 MHz System Bus.
yes i immunized from a administrator account
I did what you suggested, and i got this...... (Still got 14316 products blocked only... )
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com
<SANS NOM> REG_DWORD 0x5
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com
<SANS NOM> REG_DWORD 0x5
! REG.EXE VERSION 3.0
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com
<SANS NOM> REG_DWORD 0x5
! REG.EXE VERSION 3.0
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com
<SANS NOM> REG_DWORD 0x5
! REG.EXE VERSION 3.0
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com
<SANS NOM> REG_DWORD 0x5
Last edited by piranha; 2007-04-22 at 18:44.
It appears that the user account that you are immunizing from does not have access to the HKEY_USERS\S-1-5-19 registry hive. I saw this happen once before:
- Immunization changed from 9239 to 7577
http://forums.spybot.info/showthread.php?t=3026
Read that thread and take a look at the instruction in this post to see if the registry hive shows up in Registry Editor:
Getting an answer is one thing, learning is another.
Microsoft Windows XP Home Edition running on a 2.40GHz Intel® Pentium® 4 Processor with 512 MB of RAM and a 533 MHz System Bus.
Your are right, no HKEY_USERS\S-1-5-19 in my registry
Is that means spyware and malware could enter easily in my pc ?
It may not be a problem at all.
In the thread I referenced earlier, slotdr indicated that they disabled the Windows User Mode Driver Framework service which caused the HKEY_USERS\S-1-5-19 registry hive not to be available.
On my Windows XP Home system the HKEY_USERS\S-1-5-19 registry hive is available even though I do not have the Windows User Mode Driver Framework service. According to the following Microsoft article the Windows User Mode Driver Framework service was introduced with Windows Media Player 10 (I still run Windows Media Player 9):
- The Windows User Mode Driver Framework service (Wdfmgr.exe) appears in Windows Task Manager after you install Windows Media Player 10
http://support.microsoft.com/kb/892552
You could check in services.msc (instructions in the article above) and see if you have the Windows User Mode Driver Framework service and if it is disabled. If the service is present and disabled, you could start the service and then see if the HKEY_USERS\S-1-5-19 registry hive is available using Regedit.
Getting an answer is one thing, learning is another.
Microsoft Windows XP Home Edition running on a 2.40GHz Intel® Pentium® 4 Processor with 512 MB of RAM and a 533 MHz System Bus.
I use a french XP home and use version 11 of Win Média Player dont find that Windows User Mode Driver Framework services ou something like that
dont see either Wdfmgr.exe in Win task manager