C
Cycloid Torus
WinXP Home SP2 1 admin 3 limited NAV2004(w/ registry fix for limited user
account issue) Spybot SpywareBlaster ZoneAlarm 512MB AMD on Biostar nForce2
IGP IE6 run on High security in all but 1 limited account all behind basic
NAT router- this is my personal machine, but I use several limited accounts
to reduce risk of internet disaster - typical use memory footprint is about
225-250 MB.
Running MSASw for couple of weeks - 1 mild catch (seachsquire) on install
otherwise "clean" - updates and runs fine - quick enough (feels faster than
McAfee (another machine) but a little slower than NAV or Spybot) - tidy
summary - floating messages go too fast on logon if task bar is at side -
noted somewhat different memory size allocations in task manager report for
the several accounts (so I have wondered if fully implemented in all
accounts)
SPECIFIC ISSUE 1
Microsoft Anti-Spyware quickly announces the following as an unidentified
ActiveX which Internet Explorer is trying to install at logon - and I as
quickly block it as an "UNKNOWN" - nothing I have tried seems to remove or
repair this - registry search does not indicate that it is in my registry at
all, but maybe that is because it is "blocked"...
"Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store
Database\Distribution Units\{9F1C11AA-197B-4942-BA54-47A8489BB47F}"
My research on this leads to identification of this KEY with
"C:\windows\system\iuctrl.dll" which in turn relates to connection to
http://v4.windowsupdate.com
Since I am using WindowsXP updated to SP2 (updated via CD as I was doing 3
machines) which now looks to http://v5.windowsupdate.com, I am puzzled about
this behavior of Internet Explorer trying to load from the old windows
update location AND Microsoft Anti-Spyware identifying it as "UNKNOWN".
SPECIFIC ISSUE 2
When I start to switch users (WinXP home - Fast User Switching), the logon
screen often indicates that the User Account I have exited has One More
Program running than I think it should have.
I can re-enter the User Account and run Task Manager only to find no
applications running. Yet I can close Task Manager, fast switch to the logon
and there is the message "1 program running".
I think this started appearing at about the same time as I installed MSASw.
Could a "process" or "service" (possibly stalled? I tried increasing to
"Normal", but it didn't help) be falsely identified as a "Program Running"?
I have tried removing the MSASw processes in Task Manager and I have had the
"running program" go away when I disable both gcas processes.
Your help and advice is greatly appreciated.
CT
This was originally posted in microsoft.public.security and it was suggested
that I post here instead.
account issue) Spybot SpywareBlaster ZoneAlarm 512MB AMD on Biostar nForce2
IGP IE6 run on High security in all but 1 limited account all behind basic
NAT router- this is my personal machine, but I use several limited accounts
to reduce risk of internet disaster - typical use memory footprint is about
225-250 MB.
Running MSASw for couple of weeks - 1 mild catch (seachsquire) on install
otherwise "clean" - updates and runs fine - quick enough (feels faster than
McAfee (another machine) but a little slower than NAV or Spybot) - tidy
summary - floating messages go too fast on logon if task bar is at side -
noted somewhat different memory size allocations in task manager report for
the several accounts (so I have wondered if fully implemented in all
accounts)
SPECIFIC ISSUE 1
Microsoft Anti-Spyware quickly announces the following as an unidentified
ActiveX which Internet Explorer is trying to install at logon - and I as
quickly block it as an "UNKNOWN" - nothing I have tried seems to remove or
repair this - registry search does not indicate that it is in my registry at
all, but maybe that is because it is "blocked"...
"Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store
Database\Distribution Units\{9F1C11AA-197B-4942-BA54-47A8489BB47F}"
My research on this leads to identification of this KEY with
"C:\windows\system\iuctrl.dll" which in turn relates to connection to
http://v4.windowsupdate.com
Since I am using WindowsXP updated to SP2 (updated via CD as I was doing 3
machines) which now looks to http://v5.windowsupdate.com, I am puzzled about
this behavior of Internet Explorer trying to load from the old windows
update location AND Microsoft Anti-Spyware identifying it as "UNKNOWN".
SPECIFIC ISSUE 2
When I start to switch users (WinXP home - Fast User Switching), the logon
screen often indicates that the User Account I have exited has One More
Program running than I think it should have.
I can re-enter the User Account and run Task Manager only to find no
applications running. Yet I can close Task Manager, fast switch to the logon
and there is the message "1 program running".
I think this started appearing at about the same time as I installed MSASw.
Could a "process" or "service" (possibly stalled? I tried increasing to
"Normal", but it didn't help) be falsely identified as a "Program Running"?
I have tried removing the MSASw processes in Task Manager and I have had the
"running program" go away when I disable both gcas processes.
Your help and advice is greatly appreciated.
CT
This was originally posted in microsoft.public.security and it was suggested
that I post here instead.