XP Home with SP2 - Can someone tell me if the following Registry entry is a
valid, uncorrupted entry: HKEY_USERS:
S-1-5-21-608057341-1434109735-2322020850-1003\software\microsoft
\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}

It appears in the Registry of my computer when I switch the Desktop icons
from 'show' to 'hide' (but not vice versa), and Ad-Aware SE Personal,
Definitions File SE1R91 identifies it as 'Spyware.'

Marty,

Each registry entry is specific to every system. I suggest use MS's
Antispyware Beta1 free software and scan your system for any spyware.

The download is here:

http://www.microsoft.com/downloads/d...displaylang=en

Sorry I can't check the validity of the registry entry as I am not
logged in as administrator on my system.

hth


Marty wrote:

Thanks, but I've already done as you have suggested plus also with Spybot
S&D, and I've run a full system anti-virus scan with all three showing clean.
The same Registry entry is found on the computer of a friend in Romania and
is also tagged as 'Spyware' by Ad-Aware.

"ANONYMOUS" wrote:

That key is more or less unique to you.
While others may have a key starting with HKEY_USERS\S-1-5-21 the rest
of the key will be different.
Look and see if you have that mentioned in your profile list at
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\ProfileList\S-1-5-21-whatever

Someone may come along who has Ad-Aware installed (I don't on this
machine) and has it target their key. Perhaps a spyware newsgroup
would tell you?

....Alan
--
Alan Edwards, MS MVP Windows - Internet Explorer
http://dts-l.org/index.html




On Sun, 12 Feb 2006 18:04:26 -0800, "Marty"
<Marty@discussions.microsoft.com> wrote:

What sort of Spyware does Ad-Aware call it?
It looks like the DSO exploit that Ad-Aware and Spybot "detected"
several years back and supposedly fixed it. If you are up to date with
patches from Microsoft for IE or have XP SP2, then you should be able
to ignore such false positives. DOS Exploit was patched nearly 4 years
ago.

....Alan
--
Alan Edwards, MS MVP Windows - Internet Explorer
http://dts-l.org/index.html



On Sun, 12 Feb 2006 18:48:27 -0800, "Marty"
<Marty@discussions.microsoft.com> wrote:

Yes, Alan, the Registry entry in Windows NT is in my profile list as:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\ProfileList\S-1-5-21-608057341-1434109735-
\2322020850-1003.

Ad-Aware doesn't show those numbers, only what's added in HKEY_USERS,
namely, {72267f6a-a6f9-11d0-bc94-00c04fb67863}. That is exactly what my
friend in Romania sent me from the computer there.

Thanks for your help. If you have any further counsel, such as what is the
significance of the Windows NT ProfileList, I'd appreciate hearing from you.



"Alan Edwards" wrote:

Here is the exact tag from Ad-Aware:

SpywareNo Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Misc
Comment :
Rootkey : HKEY_USERS
Object :
S-1-5-21-608057341-1434109735-2322020850-1003\software\microsoft
\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94
-00c04fb67863}

Comment:

Description:Program masks as doing one thing, but does another by using
false positives detections to trick the user into buying the commercial
version. Privacy policy not disclosed to the user prior to installation,
steatlh install and bundled with 3rd party software and installation is not
disclosed to the user.


"Alan Edwards" wrote:

Not very enlightening, is it?
I can only suggest you export the key in the unlikely event you will
ever need it and then delete it.

....Alan
--
Alan Edwards, MS MVP Windows - Internet Explorer
http://dts-l.org/index.html



On Sun, 12 Feb 2006 19:41:27 -0800, "Marty"
<Marty@discussions.microsoft.com> wrote:

I can only suggest that you export the key and delete it.
You can peruse these for more information, but obviously ignore (no
offense meant) your multi-posted questions and the answers you have
been supplied before.

http://groups.google.com/groups?as_q...coring=d&hl=en

....Alan
--
Alan Edwards, MS MVP Windows - Internet Explorer
http://dts-l.org/index.html



<Marty@discussions.microsoft.com> wrote: