Unclear result from S&D.

[Flutje]

After advise from pskelly in regards to posting my questions here I will repost.

I get this result from S&D but I have no idea what it means. I have nevver seen it before and can't find anything on it. I am rather hesitant in just having S&D take care of it.

Any advice would be welcome:-).

Here is the result from S&D:

--- Search result list ---
Microsoft.Windows.Security.InternetExplorer: [SBI $A3433CBF] Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1060284298-854245398-682003330-1003\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe


Here is the HJT log:


pskelly answer

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Good morning Martin, let me first suggest that you post all questions about Spybot S&D here:
http://forums.spybot.info/forumdisplay.php?f=4
Experts with the tool will be glad to assist you.

I am seeing little in the HJT log. Could you tell me if you know this item:
C:\Documents and Settings\Martin\Application Data\Implicit-Link\paiq.exe
Not a lot of information available. If you should have any malware isses, please review the instructions and post the correct information which will include the results of a Kaspersky Online Scan.

Thanks

My answer

Hello pskelly,

Thank you for your response. I did read the "before you post" part.

I will move my question to the part of the forum you gave:-).

paiq.exe is trustworthy and not an issue.

I don't really think I have any problems with my pc (I am running Kaspersky Internet Security latest version). I am just curious about this find by Spybot.

I didn't do a scan with the online scanner because I am rather troubled about the fact if it could conflict with my Kaspersky on my pc.

Don't want to mess anything up:-).

regards,

Martin

Regards,

Martin

[md usa spybot fan]

Flutje:

Starting with Windows XP Service Pack 2, the default setting for the following registry entry is "iexplore.exe"=dword:00000001.

Code:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
"iexplore.exe"=dword:00000001

The following Spybot detection is caused by that registry value not being set to dword:00000001:

Code:

Microsoft.Windows.Security.InternetExplorer: [SBI $366713D4] Settings (Registry change, nothing done)
  HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe

There is an explanation (relatively technical) of FEATURE_LOCALMACHINE_LOCKDOWN in the following:

• Compatibility in Internet Explorer 6 for Windows XP Service Pack 2
  http://msdn.microsoft.com/library/de...psp2compat.asp

The bottom line is, if you did not intentionally change the default for some reason such as in the following Microsoft article, I suggest that fix the problem base on the fact that Microsoft change the default value of that registry entry starting with Windows XP Service Pack 2 for security reasons:

• Pictures do not appear as expected, or you receive an error message when you open an HTML file on a Windows XP Service Pack 2-based computer
  http://support.microsoft.com/kb/878461

[Flutje]

Hello md usa,

I am sorry for the late reply but I have been on vacation:-).

I don't understand what you are saying here.
Spybot shows this problem:
Microsoft.Windows.Security.InternetExplorer
(SBI $A3433CBF) Settings
HKEY_USERS\S-1-5-21-1060284298-854245398-682003330-1003\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe (is not) W=1

it seems to be a registry change.

The links you gave me (of which the first doesn't seem to work by the way) sends me to a page that talks about pictures that do not appear as expected. I don't have that problem. I also don't receive an error message when I open an html file.

All I notice is that sometimes my pc responds very very very slow and than Internet Explorer won't respond anymore.

I also did a check with Webroot Spysweeper and this program didn't find anything.

Regards,

Martin

[md usa spybot fan]

Flutje:

I don't understand what you are saying here.
Spybot shows this problem:
Microsoft.Windows.Security.InternetExplorer
(SBI $A3433CBF) Settings
HKEY_USERS\S-1-5-21-1060284298-854245398-682003330-1003\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe (is not) W=1

it seems to be a registry change.

What Windows OS are you running? Did you intentionally change the default registry entry for "FEATURE_LOCALMACHINE_LOCKDOWN"?

The bottom line is, if you did not intentionally change the default for some reason such as in the following Microsoft article, I suggest that fix the problem base on the fact that Microsoft change the default value of that registry entry starting with Windows XP Service Pack 2 for security reasons:

• Pictures do not appear as expected, or you receive an error message when you open an HTML file on a Windows XP Service Pack 2-based computer
  http://support.microsoft.com/kb/878461

[Flutje]

I am running Windows XP Pro with service pack 3 and Internet Explorer 6.

I didn't touch the registry but I sometimes run a registry cleaner like Registry Mechanic and Registry First Aid. However I am always carefull about what these programs may remove and I never let them remove much.

Regards,

Martin

[md usa spybot fan]

Flutje:

Windows XP SP2 (or SP3 if you did not have SP2 installed) changed the default for LOCALMACHINE_LOCKDOWN registry entry to a default to increase security. Spybot checks to make sure this new default setting is present.

If you did not intentionally set the Windows XP LOCALMACHINE_LOCKDOWN registry entry to something other than what Microsoft suggests as the default setting in Windows XP SP2 or SP3, then I suggest that you fix the problem with Spybot.

If you have a specific reason that you are not inclined to follow Microsoft's Windows XP SP2 or SP3 suggested default recommendations for the LOCALMACHINE_LOCKDOWN registry entry, then ignore the detection.

ps: You should upgrade to Internet Explorer 7 which also increases security over Internet Explorer 6. This is possibly why the LOCALMACHINE_LOCKDOWN registry was not automatically changed with the upgrade from Windows XP SP1 to either XP SP2 or SP3.

[Flutje]

I had windows xp SP2 but recently upgraded to sp 3:-).

I am still not sure if I should upgrade IE 6 to version 7 because as far as I can tell it is much slower. That's the only thing holding me back.

If I fix this 'issue' and then decide to upgrade to IE 7 would this give me any problems?

Regards,

Martin

[md usa spybot fan]

Flutje (Martin):

I am still not sure if I should upgrade IE 6 to version 7 because as far as I can tell it is much slower. That's the only thing holding me back.

I didn't experience any slowdowns going from Internet Explorer 6 to Internet Explorer 7 and I think that that the addition of "Tabbed" sessions within an IE window is well worth changing from Internet Explorer 6 to Internet Explorer 7.

If I fix this 'issue' and then decide to upgrade to IE 7 would this give me any problems?

Not that I am aware of. I never had the "issue" as you put it because my default setting in IE for the LOCALMACHINE_LOCKDOWN registry entry conversion to Windows XP SP2 predated the detection of the LOCALMACHINE_LOCKDOWN registry entry within Spybot. However, I have experimented with setting and unsetting that registry entry to answer queries in this forum, so I do not believe that it would affect any upgrade.

[Flutje]

Hello md usa,

I wanted to thank you for all your help. I highly appreciate the fact that you take the time to help a clueless person like myself.

I think it's time to upgrade to version 7 and run Spybot again and see what happens.

Thanks again and have a nice day (or evening like it is here).

Regards,

Martin