Microsoft.Windows.Security.Internet Explorer

shows reg entry
HKEY_users/s-1-5-21-282016228-2860110345.......etc

Should this be removed?


It displays in red.

Hello,

I suggest you "Fix selected problems" on those detections unless you experienced an issue such as the one described in the following article and intentionally changed those registry entries from their default setting:

* AutoShapes that were added to an HTML or an MHTML file in a Microsoft Office program do not appear when you open the file in Internet Explorer after you install Windows XP SP2
http://support.microsoft.com/?scid=kb%3Ben-us%3B883969&x=12&y=12

The key "HKEY_CURRENT_USER,"\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN" (standard value is 1 with SP2) determines the ability to perform certain actions for local websites, i.e. websites saved on harddisk.

The value is set to 0 (zero) by some malicious applications in order to deminish the security settings for the zone "local computer". (see http://msdn.microsoft.com/security/productinfo/XPSP2/securebrowsing/locallockdown.aspx for details).

There are several threads on the subject:

* Windows.Security.Internet Explorer
http://forums.spybot.info/showthread.php?t=6560
* Scan Result
http://forums.spybot.info/showthread.php?t=6749

If you want you can also tell Spybot-S&D to exclude those detections from further scans.

You can exclude a product from the search as follows:
First of all procede a scan with Spybot - Search & Destroy. Now, mark the item, you want to exclude from the search, with a left-click.
It is marked blue now. Then right-click this entry and select "exclude this product from further searches".

It is also possible to exclude it before the search. Please run Spybot - Search & Destroy in "Advanced Mode" and go to "Settings" -> "Ignore products". There you can tick the checkbox in front of the product you want to exclude from the search.

Best regards
Sandra
Team Spybot

pilotgal8:

Please post a log of the actual detection you are getting. To do that, either:
Run another scan.
When the scan completes, right click on the results list, select "Copy results to clipboard".
Then paste those results (Ctrl+V) to a new post in this thread.
Post the Checks.yymmdd-hhmm.log from a previous scan that shows the detection in question.
By default here are two Checks.yymmdd-hhmm.log files produced during a scan. The second Checks.yymmdd-hhmm.log has the details of what the scan found. A Fixes.yymmdd-hhmm.log file is produced if you fix or attempt to fix something.
There are two methods to copy and post that information from previous scans:
Method 1:
Go into Spybot > Mode > Advanced mode > Tools > View Reports > View Previous reports. Look for the Checks.yymmdd-hhmm.log file that contains the detections that you would like help with. Open it. To copy it to the Clipboard, right click on the listing and select Select All > Right click again and select Copy. Paste (Ctrl+V) the contents of the Clipboard into a new post in this thread.
Method 2
The Checks.yymmdd-hhmm.log and Fixes.yymmdd-hhmm.log files are stored in the following folders:
Windows 95 or 98:
C:\Windows\Application Data\Spybot - Search & Destroy\Logs
Windows ME:
C:\Windows\All Users\Application Data\Spybot - Search & Destroy\Logs
Windows NT, 2000 or XP:
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs
Windows Vista:
C:\ProgramData\Spybot - Search & Destroy\Logs
Using Windows Explorer, navigate to the correct Checks.yymmdd-hhmm.log. Double click on it and it should open with Notepad. To copy it to the Clipboard, right click on the listing and select Select All > Right click again and select Copy. Paste (Ctrl+V) the contents of the Clipboard into a new post in this thread.