There probably is something dumb I am not doing, but here is what the gig is.

Recently, when I run spybot, and it detects (about 8) entries, and then I click the fix button where the its says all of them are fixed, but then I run spybot again and the same malware is detected, fixed and removed, and again, again.

What's up with this?

Thanks, diligent

Without knowing what detections you are having problems with, it is impossible to answer your questions.

Please post a log of the actual detections you are getting. To do that:
Run another scan.
When the scan completes, right click on the results list, select "Copy results to clipboard".
Then paste (Ctrl+V) those results to a new post in this thread.

Ok. I'm giving this a try. Never did so before, so if some of this is extraneous, my apology.

Diligent




--- Search result list ---
AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)


Avenue A, Inc.: Tracking cookie (Firefox: default) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)


Clickbank: Tracking cookie (Firefox: default) (Cookie, nothing done)


DoubleClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


Windows Explorer: User Assistant history files (2 files) (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: Recent file global history (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Cookie: Cookie (57) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2007-01-13 unins000.exe (51.41.0.0)
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-06-13 Includes\Cookies.sbi (*)
2007-06-13 Includes\Revision.sbi (*)
2007-05-30 Includes\Dialer.sbi (*)
2007-06-13 Includes\Hijackers.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2005-02-17 Includes\Tracks.uti (*)
2004-11-29 Includes\LSP.sbi (*)
2007-05-30 Includes\Malware.sbi (*)
2007-03-21 Includes\PUPS.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-06-06 Includes\Spybots.sbi (*)
2007-05-16 Includes\Trojans.sbi (*)
2007-06-13 Includes\TrojansC.sbi (*)
2007-06-13 Includes\SpybotsC.sbi (*)
2007-06-13 Includes\SecurityC.sbi (*)
2007-06-13 Includes\PUPSC.sbi (*)
2007-06-13 Includes\MalwareC.sbi (*)
2007-06-13 Includes\KeyloggersC.sbi (*)
2007-06-13 Includes\HijackersC.sbi (*)
2007-06-13 Includes\DialerC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll



--- System information ---
Windows 98 (Build: 1998) A


--- Startup entries list ---
Located: HK_LM:Run, ScanRegistry
command: c:\windows\scanregw.exe /autorun
file: c:\windows\scanregw.exe
size: 86016
MD5: 661d6dc4707b0110bfd7d4da4ccb86cc

Located: HK_LM:Run, SystemTray
command: SysTray.Exe
file: C:\WINDOWS\SYSTEM\SysTray.Exe
size: 36864
MD5: 503b4ba97c91913fca701290cbdf58a2



--- Browser helper object list ---
{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar1.dll
Short name: GOOGLE~1.DLL
Date (created): 4/15/07 7:22:46 AM
Date (last access): 6/17/07
Date (last write): 4/15/07 7:22:48 AM
Filesize: 1158656
Attributes: readonly archive
MD5: 7DB512809C6D2483452FDAC798A08418
CRC32: BEAC7D3D
Version: 3.0.131.0



--- ActiveX list ---


--- Process list ---
PID: -15772891 (2122850677) C:\WINDOWS\SYSTEM\KERNEL32.DLL
size: 471040
MD5: DF25456BBB343E913E7EB54550F36267
PID: -29595 (-15772891) C:\WINDOWS\SYSTEM\MSGSRV32.EXE
size: 11344
MD5: EF5F77BCB1330A6DE15EDB69133C732D
PID: -25611 (-29595) C:\WINDOWS\SYSTEM\MPREXE.EXE
size: 28672
MD5: 974F03B1E94C6EC9073615B7E8AC4827
PID: -14583 (-29595) C:\WINDOWS\SYSTEM\MSGLOOP.EXE
size: 5920
MD5: 08F1E3B1C0453F64F55FF1819FEA0FFD
PID: -10715 (-29595) C:\WINDOWS\SYSTEM\MSG32.EXE
size: 16896
MD5: 5A419E00B794DE93ACD5986ECC7420A3
PID: -10447 (-29595) C:\WINDOWS\SYSTEM\mmtask.tsk
size: 1184
MD5: 38BAE36E67C8B1AE3ABC077837953B89
PID: -1036731 (-29595) C:\WINDOWS\EXPLORER.EXE
size: 180224
MD5: 7ADA6F7250F04A62D84A09373F1BBAE9
PID: -971759 (-1036731) C:\WINDOWS\SYSTEM\RNAAPP.EXE
size: 36864
MD5: EFABA25F2E06AA7EF56997CED928851E
PID: -979875 (-971759) C:\WINDOWS\SYSTEM\TAPISRV.EXE
size: 122880
MD5: 0FF2F015C71F0B0F194AFAB85E00C229
PID: -947527 (-1036731) C:\WINDOWS\SYSTEM\SYSTRAY.EXE
size: 36864
MD5: 503B4BA97C91913FCA701290CBDF58A2
PID: -867303 (-897431) C:\WINDOWS\SYSTEM\CMMON32.EXE
size: 34064
MD5: 7CFB6683599CD1C4B6AE3A8EDA449E52
PID: -799331 (-816303) C:\WINDOWS\SYSTEM\DDHELP.EXE
size: 32768
MD5: 0B59A22EEA45A9032A3C4ECA40D3BA93
PID: -822147 (-1036731) C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
size: 7637104
MD5: 77C6AB4E70E7FC35E17B8ED919408B62
PID: -693215 (-1036731) C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
size: 5317904
MD5: 4EB3D0C2B52A6AB06053B89E9204CEB0
PID: -683395 (-693215) C:\WINDOWS\SYSTEM\SPOOL32.EXE
size: 45056
MD5: 2D3AB8A65F942A937A111D83E193B0F7
PID: -763959 (-1036731) C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE
size: 4393096
MD5: 09CA174A605B480318731E691DC98539


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 6/17/07 1:35:54 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\HP\Hpcoach\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\First Home Page
http://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\HP\Hpcoach\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---


--- Uninstall list ---
(DXM_Runtime)

(ICW)

(SchedulingAgent)

Microsoft Outlook Express 6 (OutlookExpress)
uninstall cmd: "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /UNINSTALL /PROMPT

(NetMeeting)

(Shockwave)

(Shockwaveflash)

(Chlen-us)

ATI mach64 Display Driver (ATI Mach64 Display Driver)
uninstall cmd: atiuinst.exe -uninstall

Scroll Mouse (3DMouse)
uninstall cmd: PMUninst.exe 3DMouse

Adaptec DirectCD Reader (Adaptec DirectCD Reader)
uninstall cmd: C:\WINDOWS\SYSTEM\UDFRUNIN.EXE

One-touch Multimedia Keyboard (One-touch Multimedia Keyboard)
uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Netropa\One-touch Multimedia Keyboard\Uninst.isu" -c"C:\Program Files\Netropa\One-touch Multimedia Keyboard\uninst.dll"

Microsoft Windows Media Player 6.4 (MPlayer2)
uninstall cmd: C:\WINDOWS\INF\unregmp2.exe /SafeUninstall:C:\WINDOWS\INF\mplayer2.inf

HP Pavilion Desktop Tour (HPTour)
uninstall cmd: C:\HP\HPTour\Uninst.bat

BackWeb (BackWeb Client Uninstall)
uninstall cmd: C:\WINDOWS\bwUninst.exe

HP Help (HP Help)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\HP\Support\Support Center\Uninst.isu"

HP Internet Connection Center (HP Internet Connection Center)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Encompass\UNINST.ISU" -c"C:\Program Files\Encompass\ENCUINST.DLL"

Yahoo! Pager (Yahoo! Pager)

HP Internet Center (HP Internet Center)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Encompass\SUNINST.ISU"

McAfee VirusScan v4.0.2 (OEM) (McAfee VirusScan)
uninstall cmd: C:\PROGRA~1\NETWOR~1\MCAFEE~1\setup.exe -fC:\PROGRA~1\NETWOR~1\MCAFEE~1\uninst.ins

Microsoft Works 4.5 (Works)
uninstall cmd: C:\Program Files\MSWorks\Setup45\setup.exe

Microsoft Works Calendar 1.0 (Works Calendar)
uninstall cmd: C:\Program Files\MSWorks\Calendar\SETUP\setup.exe

Microsoft Works Setup Launcher (Works99Setup)
uninstall cmd: C:\Program Files\Microsoft Works 4.5\Setup\Launcher.exe M:\

Microsoft Money 99 (MSMONEYV70)
uninstall cmd: C:\Program Files\Microsoft Money\setup\setup.exe

Encarta Encyclopedia 99 (EESInst 99)
uninstall cmd: "C:\Program Files\Microsoft Reference\Encarta Encyclopedia 99\eeuninst.exe" /uninstall

QuickLink III (QuickLink III)
uninstall cmd: C:\Program Files\QuickLink III\SETUP.EXE

Quicken Basic 99 (Quicken Basic 99)
uninstall cmd: C:\WINDOWS\IsUninst.exe -fC:\QUICKENW\Uninst.isu

Disney's Daily Blast 2.0 (Disney's Daily Blast 2.0)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Disney\Disney Online\Uninst.isu"

Riptide PCI Audio (Rockwell PCI Audio)
uninstall cmd: Ripunist.exe

Rockwell HCF 56K Modem (Rockwell HCF 56K Modem)
uninstall cmd: infunist.exe

Multimedia Keyboard Hub (USBMMKBD)
uninstall cmd: usbmmhid.exe /uninstall

(128PATCH)

Microsoft Internet Explorer 6 SP1 and Internet Tools (IE40)
uninstall cmd: rundll32 setupwbv.dll,IE6Maintenance "C:\Program Files\Internet Explorer\Setup\SETUP.EXE" /g ""

(expinst)

(MobileOptionPack)

(IE5BAKEX)

(HTMLHelp)

(IE_EXTRA)

(AddressBook)
uninstall cmd: "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /UNINSTALL /PROMPT

(Branding)

Windows 98 Q823559 Update (Q823559)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection c:\windows\INF\QFE\W98\823559UN.INF

Microsoft Connection Manager (Connection Manager)
uninstall cmd: c:\windows\SYSTEM\cmstp.exe /x c:\windows\SYSTEM\instcm.inf

HP OfficeJet Series 600 (Remove only) (HP OfficeJet Series 600)
uninstall cmd: C:\Program Files\HP OfficeJet Series 600\bin\hpoiui.exe -u

Microsoft Office 97, Professional Edition (Office8.0)
uninstall cmd: C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF

XoftSpySE (XoftSpySE)
uninstall cmd: C:\Program Files\XoftSpySE\uninstall.exe

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

HDCleaner (HDCleaner)
uninstall cmd: C:\Program Files\HDCleaner\Uninstaller.exe

(VGX)

(ADIELangPack)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection c:\windows\INF\AD.inf, Uninstall

CodeStuff Starter 5.6.2.8 (CodeStuff Starter)
install location: C:\Program Files\CodeStuff\Starter
uninstall cmd: "C:\Program Files\CodeStuff\Starter\unStarter.exe"
publisher: CodeStuff
help link: http://CodeStuff.mirrorz.com

avast! Antivirus 4.7 (avast!)
version (major): 4
version (minor): 7
install location: C:\PROGRA~1\ALWILS~1\AVAST4
install source: C:\PROGRA~1\ALWILS~1\AVAST4\SETUP
uninstall cmd: rundll32 C:\PROGRA~1\ALWILS~1\AVAST4\SETUP\SETIFACE.DLL,RunSetup
publisher: Alwil Software
help link: http://www.avast.com

Foxit Reader (Foxit Reader)

Foxit PDF Editor (Foxit PDF Editor)

Easy PDF to Text Converter v2.0 2.0 (Easy PDF to Text Converter v2.0_is1)
install location: C:\Program Files\Easy PDF to Text Converter\
uninstall cmd: "C:\Program Files\Easy PDF to Text Converter\unins000.exe"
publisher: pdf-to-html-word.com
help link: http://www.pdf-to-html-word.com/faq.htm

PDF Reader 2 (PDF Reader 2)
uninstall cmd: C:\WINDOWS\cadkasdeinst01e.exe "\"

FREE CallCenter (V3CallCenter)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f""

Ad-Aware SE Personal 1.0.6 ({78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747})
version: 16777222
version (major): 1
estimated size: 10849
install date: 20070222
install source: C:\Program Files\Common Files\Wise Installation Wizard\
uninstall cmd: MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
publisher: Lavasoft AB
help link: http://www.lavasoftsupport.com

SUPERAntiSpyware Free Edition 3.6.0.1000 ({CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA})
version: 50724864
version (major): 3
version (minor): 6
estimated size: 26822
install date: 20070310
install source: C:\Program Files\Common Files\Wise Installation Wizard\
uninstall cmd: MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
publisher: SUPERAntiSpyware.com
help link: http://www.superantispyware.com/support.html

Arabic Language Support (ARIELangPack)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection c:\windows\INF\AR.inf, Uninstall

Alligator v1.32 (Alligator v1.31)

(nocharge)

MRU-Blaster v1.5 (Database 3/28/2004) 1.5 (MRU-Blaster_is1)
uninstall cmd: "C:\Program Files\MRU-Blaster\unins000.exe"
publisher: Javacool Software LLC

Eusing Free Registry Cleaner (Eusing Free Registry Cleaner)
uninstall cmd: C:\PROGRA~1\EUSING~1\INSTALL.LOG

Google Toolbar for Internet Explorer ({2318C2B1-4965-11d4-9B18-009027A5CD4F})
uninstall cmd: regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"

Desktop Accelerator (remove only) (Deskxl)

PC Pitstop Exterminate 1.0 1.0.5.3 (PC Pitstop Exterminate_is1)
install date: 20070428
publisher: PC Pitstop LLC
help link: http://www.pcpitstop.com/faq/Exterminate.asp

Mozilla Thunderbird (2.0.0.0) 2.0.0.0 (en-US) (Mozilla Thunderbird (2.0.0.0))
publisher: Mozilla
comments: Mozilla Thunderbird

Mozilla Firefox (2.0.0.4) 2.0.0.4 (en-US) (Mozilla Firefox (2.0.0.4))
install location: C:\PROGRAM FILES\Mozilla Firefox
uninstall cmd: C:\PROGRAM FILES\Mozilla Firefox\uninstall\helper.exe
publisher: Mozilla
comments: Mozilla Firefox



--- System Services ---
Service (registry key): Class
Start: 0
Type: 0
Error Control: 0

Service (registry key): VxD
Start: 0
Type: 0
Error Control: 0

Service (registry key): Winsock
Start: 0
Type: 0
Error Control: 0

Service (registry key): WDMFS
Display name: WDM Windows File System Mapper
Image path: \SystemRoot\System32\Drivers\wdmfs.sys
Start: 0
Type: 0
Error Control: 0

Service (registry key): UPDATE
Display name: Intel Update Driver
Image path: \SystemRoot\System32\Drivers\update.sys
Start: 0
Type: 0
Error Control: 0

Service (registry key): RemoteAccess
Start: 0
Type: 0
Error Control: 0

Service (registry key): MSNP32
Start: 0
Type: 0
Error Control: 0

Service (registry key): NWNP32
Start: 0
Type: 0
Error Control: 0

Service (registry key): Arbitrators
Start: 0
Type: 0
Error Control: 0

Service (registry key): WinSock2
Start: 0
Type: 0
Error Control: 0

Service (registry key): ACPI
Start: 0
Type: 0
Error Control: 0

Service (registry key): NPSTUB
Start: 0
Type: 0
Error Control: 0

Service (registry key): ProtectedStorage
Start: 0
Type: 0
Error Control: 0

Service (registry key): EventLog
Start: 0
Type: 0
Error Control: 0

Service (registry key): W3SVC
Start: 0
Type: 0
Error Control: 0

Service (registry key): aswRdr
Start: 0
Type: 0
Error Control: 0

Service (registry key): Tcpip
Start: 0
Type: 0
Error Control: 0

Service (registry key): Avg7Core
Start: 0
Type: 0
Error Control: 0

Service (registry key): Avg7RsW
Start: 0
Type: 0
Error Control: 0

Service (registry key): Avg7RsXP
Start: 0
Type: 0
Error Control: 0

Service (registry key): Avg7Alrt
Start: 0
Type: 0
Error Control: 0

Service (registry key): AVGEMS
Start: 0
Type: 0
Error Control: 0

Service (registry key): WebPost
Start: 0
Type: 0
Error Control: 0

In regard to the detections identified as Firefox tracking cookies:

Sometimes Spybot has trouble removing Firefox tracking cookies. There are suggestions in the following post on how to remove them as well as how to block them from being stored:
http://forums.spybot.info/showpost.php?p=64081&postcount=4

Thanks md usa spybot fan.

I'll look over that info. The question was, though, why did the (e.g.) entries continue to be detected when they were already detected, fixed and removed.

My old win98 gold system at that time did seem stable, so I restarted just to see what that might do.

Well, that was the answer (by pure luck). Those entries after restart then did disappear, with only a few usage tracts coming up the next time I ran spybot, which I also fixed, and once restarting again they too disappeared.

If I understand what a false positive means, this was sort of along that line--I guess. It just looked like these entries were not fixed, but they were fixed. I just had to restart to see the final removed results.

Hope this helps other FF/spybot users.

Thanks again MD!!

Diligent