Results 1 to 7 of 7

Thread: Bad products blocked

  1. #1
    Member
    Join Date
    Apr 2007
    Location
    Laval, Québec, Canada
    Posts
    38

    Default Bad products blocked

    I updated my spybot, do immunization and got only 14316 bad products blocked. My buddy reports to have 17600 !!!

    Explain ? Solution ?

    Windows XP home SP2

    thanks

  2. #2
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    piranha:

    Are you immunizing from a "Computer administrator" account?

    If you are immunizing from a "Computer administrator" account, you may not be immunizing in all the registry hives possible during Spybot's immunization.

    • Download the attached Query1.zip file.
    • Extract Query1.bat into its own folder (see Note #1).
    • Execute Query1.bat by double clicking on it.
    • After the execution of Query1.bat it should have created a Query1.txt file in the same folder as the Query1.bat file (see Note #2). Copy the contents of the Query1.txt file to the clipboard:
      1. Double click on the Query1.txt file and it should open with Notepad.
      2. Select all (Ctrl+A)
      3. Copy (Ctrl+C)
    • Then Paste (Ctrl+V) into a new post (reply) in this thread.

    Then we can see what Registry keys are/are not accessible by the user.

    Note #1: The code in the Query1.bat.

    Code:
     ECHO QUERY1
    
    REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com" > Query1.txt
    
    REG QUERY "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com" >> Query1.txt
    
    REG QUERY "HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com" >> Query1.txt
    
    REG QUERY "HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com" >> Query1.txt
    
    REG QUERY "HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com" >> Query1.txt
    
    REG QUERY "HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com" >> Query1.txt
    
    EXIT
    Note #2: The output that I get (Windows XP Home from a Computer Administrator account).

    Code:
     
    ! REG.EXE VERSION 3.0
    
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com
        <NO NAME>	REG_DWORD	0x5
    
    ! REG.EXE VERSION 3.0
    
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com
        <NO NAME>	REG_DWORD	0x5
    
    ! REG.EXE VERSION 3.0
    
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com
        <NO NAME>	REG_DWORD	0x5
    
    ! REG.EXE VERSION 3.0
    
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com
        <NO NAME>	REG_DWORD	0x5
    
    ! REG.EXE VERSION 3.0
    
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com
        <NO NAME>	REG_DWORD	0x5
    
    ! REG.EXE VERSION 3.0
    
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com
        <NO NAME>	REG_DWORD	0x5

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz Intel® Pentium® 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  3. #3
    Member
    Join Date
    Apr 2007
    Location
    Laval, Québec, Canada
    Posts
    38

    Default

    yes i immunized from a administrator account

    I did what you suggested, and i got this...... (Still got 14316 products blocked only... )


    ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com
    <SANS NOM> REG_DWORD 0x5

    ! REG.EXE VERSION 3.0

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com
    <SANS NOM> REG_DWORD 0x5

    ! REG.EXE VERSION 3.0

    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com
    <SANS NOM> REG_DWORD 0x5

    ! REG.EXE VERSION 3.0

    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com
    <SANS NOM> REG_DWORD 0x5

    ! REG.EXE VERSION 3.0

    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com
    <SANS NOM> REG_DWORD 0x5
    Last edited by piranha; 2007-04-22 at 19:44.

  4. #4
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    It appears that the user account that you are immunizing from does not have access to the HKEY_USERS\S-1-5-19 registry hive. I saw this happen once before:

    Read that thread and take a look at the instruction in this post to see if the registry hive shows up in Registry Editor:

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz Intel® Pentium® 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  5. #5
    Member
    Join Date
    Apr 2007
    Location
    Laval, Québec, Canada
    Posts
    38

    Default

    Your are right, no HKEY_USERS\S-1-5-19 in my registry

    Is that means spyware and malware could enter easily in my pc ?

  6. #6
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    It may not be a problem at all.

    In the thread I referenced earlier, slotdr indicated that they disabled the Windows User Mode Driver Framework service which caused the HKEY_USERS\S-1-5-19 registry hive not to be available.

    On my Windows XP Home system the HKEY_USERS\S-1-5-19 registry hive is available even though I do not have the Windows User Mode Driver Framework service. According to the following Microsoft article the Windows User Mode Driver Framework service was introduced with Windows Media Player 10 (I still run Windows Media Player 9):

    You could check in services.msc (instructions in the article above) and see if you have the Windows User Mode Driver Framework service and if it is disabled. If the service is present and disabled, you could start the service and then see if the HKEY_USERS\S-1-5-19 registry hive is available using Regedit.

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz Intel® Pentium® 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  7. #7
    Member
    Join Date
    Apr 2007
    Location
    Laval, Québec, Canada
    Posts
    38

    Default

    I use a french XP home and use version 11 of Win Média Player dont find that Windows User Mode Driver Framework services ou something like that


    dont see either Wdfmgr.exe in Win task manager

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •