Scheduled scan finds stuff but manual scan doesn't

[kkingsto]

I've got Spybot set to scan my computer every morning. And when it does, it reports that there are 3 things it can't fix and wants to know if I would like to run spybot on reboot. I've responded yes (and no).

A manual scan (right after this happens) says my machine is clean. Next scheduled scan shows the 3 things need a reboot to clear.

What gives?

[Zenobia]

Not sure,but this person seems to have had the same problem:
http://forums.spybot.info/showthread.php?t=184

Maybe showing what Spybot's finding on the scheduled scan is worth a shot.When the scheduled scan is done,could you click No when Spybot asks to run on reboot(to keep that out of the way for the time being.),and then rightclick and choose copy results to clipboard,then post it here.

[kkingsto]

Not sure,but this person seems to have had the same problem:
http://forums.spybot.info/showthread.php?t=184

Maybe showing what Spybot's finding on the scheduled scan is worth a shot.When the scheduled scan is done,could you click No when Spybot asks to run on reboot(to keep that out of the way for the time being.),and then rightclick and choose copy results to clipboard,then post it here.

Here's what I get:

9 problems fixed
3 problems could not be fixed. Please restart your computer!

and then spybot closes after clicking OK here.

Is there a way to get a log of what it finds during a scheduled scan?

[md usa spybot fan]

By default here are two Checks.yymmdd-hhmm logs produced during a scan. The second Checks.yymmdd-hhmm has the details of what the scan found. A Fixes.yymmdd-hhmm log is produced if you fix or attempt to fix something.

See if you can find and post the Fixes.yymmdd-hhmm log from the running of Spybot when you encountered the problem, we could take a look at that.

There are two methods to copy and post that information:

• Method 1:
  
  • Go into Spybot > Mode > Advanced mode > Tools > View Reports > View Pervious reports. Look for the Fixes.yymmdd-hhmm.log file that was produced when you found and fixed the detection you are questioning. Open it. To copy it to the Clipboard, right click on the listing and select Select All > Right click again and select Copy. Paste (Ctrl+V) the contents of the Clipboard into a new post in this thread.
• Method 2
  
  • The Fixes.yymmdd-hhmm.log files are stored in the following folders:
    
    • Windows 95 or 98:
      C:\Windows\Application Data\Spybot - Search & Destroy\Logs
    • Windows ME:
      C:\Windows\All Users\Application Data\Spybot - Search & Destroy\Logs
    • Windows NT, 2000 or XP:
      C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs
  • Using Windows Explorer, navigate to the correct Fixes.yymmdd-hhmm.log. Double click on it and it should open with Notepad. To copy it to the Clipboard, right click on the listing and select Select All > Right click again and select Copy. Paste (Ctrl+V) the contents of the Clipboard into a new post in this thread.

[kkingsto]

By default here are two Checks.yymmdd-hhmm logs produced during a scan. The second Checks.yymmdd-hhmm has the details of what the scan found. A Fixes.yymmdd-hhmm log is produced if you fix or attempt to fix something.

See if you can find and post the Fixes.yymmdd-hhmm log from the running of Spybot when you encountered the problem, we could take a look at that.

There are two methods to copy and post that information:

• Method 1:
  
  • Go into Spybot > Mode > Advanced mode > Tools > View Reports > View Pervious reports. Look for the Fixes.yymmdd-hhmm.log file that was produced when you found and fixed the detection you are questioning. Open it. To copy it to the Clipboard, right click on the listing and select Select All > Right click again and select Copy. Paste (Ctrl+V) the contents of the Clipboard into a new post in this thread.
• Method 2
  
  • The Fixes.yymmdd-hhmm.log files are stored in the following folders:
    
    • Windows 95 or 98:
      C:\Windows\Application Data\Spybot - Search & Destroy\Logs
    • Windows ME:
      C:\Windows\All Users\Application Data\Spybot - Search & Destroy\Logs
    • Windows NT, 2000 or XP:
      C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs
  • Using Windows Explorer, navigate to the correct Fixes.yymmdd-hhmm.log. Double click on it and it should open with Notepad. To copy it to the Clipboard, right click on the listing and select Select All > Right click again and select Copy. Paste (Ctrl+V) the contents of the Clipboard into a new post in this thread.

Ok Found it. Here's the Fixes:


--- Report generated: 2007-03-13 15:41 ---

Log: Activity: SchedLgU.Txt (Backup file, fixing failed)
C:\WINDOWS\SchedLgU.Txt

Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, fixed)
C:\WINDOWS\System32\wbem\logs\wbemess.log

Internet Explorer: Typed URL list (2 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-1078081533-436374069-1343024091-1004\Software\Microsoft\Internet Explorer\TypedURLs

MS Media Player: Anonymous ID (Registry change, fixed)
HKEY_USERS\S-1-5-21-1078081533-436374069-1343024091-1004\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID!=B=0

MS DirectDraw: Most recent application (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name!=

MS DirectInput: Most recent application (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-1078081533-436374069-1343024091-1004\Software\Microsoft\DirectInput\MostRecentApplication\Name!=

MS DirectInput: Most recent application ID (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-1078081533-436374069-1343024091-1004\Software\Microsoft\DirectInput\MostRecentApplication\Id!=

Windows Explorer: User Assistant history IE (1 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-1078081533-436374069-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: User Assistant history files (7 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-1078081533-436374069-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Cookie: Cookie (8) (Cookie, fixed)


Cache: Cache (6) (Cache, fixed)


Cookie: Cookie (91) (Cookie, fixed)


Congratulations!: No immediate threats were found. ()



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-02-28 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-01-15 advcheck.dll (1.2.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-03-07 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-03-07 Includes\DialerC.sbi (*)
2007-02-07 Includes\Hijackers.sbi (*)
2007-03-07 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-03-07 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-02-14 Includes\Malware.sbi (*)
2007-03-07 Includes\MalwareC.sbi (*)
2003-03-16 Includes\plugin-ignore.ini
2007-01-19 Includes\PUPS.sbi (*)
2007-03-07 Includes\PUPSC.sbi (*)
2007-03-07 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2007-03-07 Includes\SecurityC.sbi (*)
2007-02-02 Includes\Spybots.sbi (*)
2007-03-07 Includes\SpybotsC.sbi (*)
2003-03-16 Includes\Temporary.sbi (*)
2005-02-17 Includes\Tracks.uti (*)
2007-03-07 Includes\Trojans.sbi (*)
2007-03-07 Includes\TrojansC.sbi (*)

[md usa spybot fan]

Zenobia:

I thought that you would pick up on this thread again since you've been down this path before:

• "some problems couldn't be fixed" -- please help
  http://forums.spybot.info/showthread.php?t=9210

kkingsto:

Firstly, the problems that you showed are not malware detections. You are scanning and finding usage tracks that really do not present a danger. See:

• Dictionary - The home of Spybot-S&D!
  Usage tracks
  http://www.safer-networking.org/en/d...agetracks.html

re: This detection:

Code:

Log: Activity: SchedLgU.Txt (Backup file, fixing failed)
C:\WINDOWS\SchedLgU.Txt

See:

• FAQ - Frequently Asked Questions - The home of Spybot-S&D!
  Why can't I remove the Sti_Trace.log (or SchedLgU.txt) file?
  http://www.safer-networking.org/en/faq/6.html

re: These detections:

Code:

MS DirectInput: Most recent application (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-1078081533-436374069-1343024091-1004\Software\Microsoft\DirectInput\MostRecentApplication\Name!=

MS DirectInput: Most recent application ID (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-1078081533-436374069-1343024091-1004\Software\Microsoft\DirectInput\MostRecentApplication\Id!=

The detections indicate that values in the "Name" and "Id" entries of the following registry key are not blank:

Code:

[HKEY_CURRENT_USER\Software\Microsoft\DirectInput\MostRecentApplication]

I really don't know how or when this particular registry key is populated, so I really don't know why you would pick it up sometimes and not others. My registry entry contains information about "EVEREST.BIN" which I can't remember the last time I might have run. It is interesting that when I tried to research that registry key, I could not find any information on the Microsoft Web site and all the Web pages that I looked at through Google were Spybot and Ad-Aware logs picking up that MRU (Most Recently Used) entry.

[Zenobia]

Zenobia:

I thought that you would pick up on this thread again since you've been down this path before:

Had a l'il flu bug.Thanks for getting this for me.

[md usa spybot fan]

Zenobia:

I'm sorry to hear that. I hope you're feeling better now.

[Zenobia]

On the mend(I hope),lol.