SpywareNo

First just try doing step 8 from the below thread:

SpySheriff (aka SpywareNo) Removal

Let me know the results.

 

When did you do it? Just now when requested or before. And did you add in my registry patch or some other one.

 

Did you do what it says in step 8 of SpySheriff (aka SpywareNo) Removal

Does Ad-Aware give you a full log with better info? Something that properly shows the full registry key names. I wish the people selling these scanning programs would learn that full registry key path info is necessary ALWAYS.

 

Forum policies only allow certified Malware Fighters, Mods, and Admins to post replies in this forum. Users can only post replies in their own threads.

Try the below registry patch. Make sure no browsers are open and shut down any protection programs (like MS Antispyware or similar) before running the patch.

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixme.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixme.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

 

Not sure which aspect you mean did not work.

Was it that it did not successfully add into the registry (it gave an an error message)?

Or do you mean Ad-Aware is still detecting the problems? Are they still exactly the same? Some of those detection are wrong because they are normal registry entries. The below two are standard default values and are not SpywareNo:
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\general]
"WallpaperStyle"="2"
[HKEY_CURRENT_USER\control panel\desktop]
"WallpaperStyle"="2"

 

Did you disable ALL of SpySweeper's protections and were ALL browsers closed before trying the patch?

Does Ad-Aware show exactly the same things?

 

Download GetRunKey125b.zip to your PC someplace you can locate it. Then extract the files from the ZIP. Locate the getrunkey125b.bat file and double click on it to run it. It will create a file named runkeys.txt in the root of drive C: (C:\runkeys.txt) . This log will also popup in a notepad window which your can just close. Upload the runkeys.txt file here as an attachment. Do this before continuing to the below.

 

Download and install Registrar Lite

Then run Registrar Lite.

Copy and paste the below into the Address box of registrar lit and hit the Enter key.

HKEY_USERS\S-1-5-21-854245398-1960408961-839522115-1003\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}

Then click the Security pull down menu and choose Take Ownership. Click OK in the next window to approve it. Now right click on the registry key and select Delete.

Does this work?

Attach your new Ad-Aware log.

 

Hmmm! That's strange. Mine does! I wonder if the new version of Lite does not.

What version do you have? Click Help, About.

Mine is currently version 2.00, build 200.30803

 

Okay! At this point I'm pretty sure that you do not have a problem at all and the this is a False Positive from Ad-Aware. Part of the reason I say this is that several of the registry keys it is detecting are standard default keys with default values (I mentioned this earlier). You have a couple choices:

1) Ignore Ad-Aware's report (I would not add them to the ignore list though).
2) Disable Active Desktop and see if the problem goes away.

Read the below on Active Destop

1. Open the Control Panel.
2. Open Display Properties.
3. Click the Desktop tab.
4. Click the Customize Desktop button.
5. Click the Web tab in the Desktop Items window.

If you wish to enable the Active Desktop, check "My Current Home Page". Add your current home page into your desktop or click New to add another web page and/or other Active Desktop features. To update the content, click the Synchronize button.

If you wish to disable Active Desktop, make sure all checkboxes in this window are un-checked.

​

 

You're welcome!

I'm convinced it is a false positive due to the view items that it detects that are valid registry keys.