PDA

View Full Version : "cannot fix..."


goofer
2007-09-19, 19:29
Hi, Just downloaded 1.5. Things slow but works OK. When scan complete and I try to "fix" I get told that 2 entries cannot be fixed because used by other programs - still in memory -whatever. I restart OS as recommended but fixes nothing.

Running XP professional with updates. Entries that cannot be fixed are MS DirectInput.

I can erase them from Registry but dont understand what is happening. Any help appreciated.

Goofer
md usa spybot fan
2007-09-19, 20:01
It may help if you posted the log of the actual detections you are getting. To do that:
Run another scan.
When the scan completes, right click on the results list, select "Copy results to clipboard".
Then paste (Ctrl+V) those results to a new post in this thread.
Thanks
goofer
2007-09-19, 21:40
Hi, Here is the text you requested.

MS Media Player: [SBI $67184AC2] Anonymous ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-682003330-2147153767-725345543-1003\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

MS DirectInput: [SBI $9A063C91] Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-682003330-2147153767-725345543-1003\Software\Microsoft\DirectInput\MostRecentApplication\Name

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-682003330-2147153767-725345543-1003\Software\Microsoft\DirectInput\MostRecentApplication\Id

MS Office 11.0: [SBI $53EEAC4B] Last opened-from-web file (Registry value, nothing done)
HKEY_USERS\S-1-5-21-682003330-2147153767-725345543-1003\Software\Microsoft\Office\11.0\Common\Internet\UseRWHlinkNavigation

MS Office 11.0 (Word): [SBI $15AC27CE] Recent file list (Registry value, nothing done)
HKEY_USERS\S-1-5-21-682003330-2147153767-725345543-1003\Software\Microsoft\Office\11.0\Word\Data\Settings

MS Regedit: [SBI $C3B62FC1] Recent open key (Registry change, nothing done)
HKEY_USERS\S-1-5-21-682003330-2147153767-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey

RegAlyzer: [SBI $4E2EB979] Last opened key (Registry change, nothing done)
HKEY_USERS\S-1-5-21-682003330-2147153767-725345543-1003\Software\PepiMK Software\Analysis tools\RegAlyzer\LastKey

Windows Explorer: [SBI $7308A845] Run history (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-682003330-2147153767-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

Windows Explorer: [SBI $AA0766B5] Stream history (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-682003330-2147153767-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-682003330-2147153767-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (34 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-682003330-2147153767-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $B7EBA926] Last visited history (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-682003330-2147153767-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-682003330-2147153767-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Cookie: Cookie (1) (Cookie, nothing done)


Cache: Cache (40) (Cache, nothing done)


History: History (16) (History, nothing done)


Cookie: Cookie (19) (Cookie, nothing done)


Congratulations!: No immediate threats were found. ()



--- Spybot - Search & Destroy version: 1.5 (build: 20070830) ---

2007-08-31 blindman.exe (1.0.0.6)
2002-03-24 ResHacker.exe (3.4.0.79)
2007-08-31 SDMain.exe (1.0.0.4)
2007-08-31 SDUpdate.exe (1.0.6.4)
2007-08-31 SDWinSec.exe (1.0.0.8)
2007-08-31 SpybotSD.exe (1.5.1.15)
2007-08-31 TeaTimer.exe (1.5.0.9)
2005-05-31 TeaTimer_original.exe (1.4.0.2)
2006-06-12 unins000.exe (51.41.0.0)
2007-09-14 unins001.exe (51.46.0.0)
2007-08-31 Update.exe (1.4.0.5)
2007-08-31 advcheck.dll (1.5.3.0)
2007-04-02 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2007-04-02 DelZip179.dll (1.79.5.3)
2007-08-31 SDHelper.dll (1.5.0.8)
2007-08-31 Tools.dll (2.1.2.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-09-19 Includes\Beta.sbi (*)
2007-08-21 Includes\Beta.uti (*)
2007-09-19 Includes\Cookies.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-09-19 Includes\DialerC.sbi (*)
2007-08-29 Includes\Hijackers.sbi (*)
2007-09-19 Includes\HijackersC.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-09-19 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-09-12 Includes\Malware.sbi (*)
2007-09-19 Includes\MalwareC.sbi (*)
2007-09-05 Includes\PUPS.sbi (*)
2007-09-19 Includes\PUPSC.sbi (*)
2007-09-19 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-09-19 Includes\SecurityC.sbi (*)
2007-09-12 Includes\Spybots.sbi (*)
2007-09-19 Includes\SpybotsC.sbi (*)
2007-08-21 Includes\Tracks.uti (*)
2007-09-12 Includes\Trojans.sbi (*)
2007-09-19 Includes\TrojansC.sbi (*)
2008-12-24 Plugins\TCPIPAddress.dll

MS DirectInput is the one causing the problem.

Goofer
goofer
2007-09-19, 23:15
Hi, Here is what happened after I tried to fix the problems.

MS Media Player: [SBI $67184AC2] Anonymous ID (Registry change, fixed)
HKEY_USERS\S-1-5-21-682003330-2147153767-725345543-1003\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

MS DirectInput: [SBI $9A063C91] Most recent application (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-682003330-2147153767-725345543-1003\Software\Microsoft\DirectInput\MostRecentApplication\Name

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-682003330-2147153767-725345543-1003\Software\Microsoft\DirectInput\MostRecentApplication\Id

MS Office 11.0: [SBI $53EEAC4B] Last opened-from-web file (Registry value, fixed)
HKEY_USERS\S-1-5-21-682003330-2147153767-725345543-1003\Software\Microsoft\Office\11.0\Common\Internet\UseRWHlinkNavigation

MS Office 11.0 (Word): [SBI $15AC27CE] Recent file list (Registry value, fixed)
HKEY_USERS\S-1-5-21-682003330-2147153767-725345543-1003\Software\Microsoft\Office\11.0\Word\Data\Settings

MS Regedit: [SBI $C3B62FC1] Recent open key (Registry change, fixed)
HKEY_USERS\S-1-5-21-682003330-2147153767-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey

RegAlyzer: [SBI $4E2EB979] Last opened key (Registry change, fixed)
HKEY_USERS\S-1-5-21-682003330-2147153767-725345543-1003\Software\PepiMK Software\Analysis tools\RegAlyzer\LastKey

Windows Explorer: [SBI $7308A845] Run history (2 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-682003330-2147153767-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

Windows Explorer: [SBI $AA0766B5] Stream history (2 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-682003330-2147153767-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (1 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-682003330-2147153767-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (34 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-682003330-2147153767-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $B7EBA926] Last visited history (2 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-682003330-2147153767-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, fixed)
HKEY_USERS\S-1-5-21-682003330-2147153767-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Cookie: Cookie (1) (Cookie, fixed)


Cache: Cache (40) (Cache, fixed)


History: History (16) (History, fixed)


Cookie: Cookie (19) (Cookie, fixed)


Congratulations!: No immediate threats were found. ()



--- Spybot - Search & Destroy version: 1.5 (build: 20070830) ---

2007-08-31 blindman.exe (1.0.0.6)
2002-03-24 ResHacker.exe (3.4.0.79)
2007-08-31 SDMain.exe (1.0.0.4)
2007-08-31 SDUpdate.exe (1.0.6.4)
2007-08-31 SDWinSec.exe (1.0.0.8)
2007-08-31 SpybotSD.exe (1.5.1.15)
2007-08-31 TeaTimer.exe (1.5.0.9)
2005-05-31 TeaTimer_original.exe (1.4.0.2)
2006-06-12 unins000.exe (51.41.0.0)
2007-09-14 unins001.exe (51.46.0.0)
2007-08-31 Update.exe (1.4.0.5)
2007-08-31 advcheck.dll (1.5.3.0)
2007-04-02 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2007-04-02 DelZip179.dll (1.79.5.3)
2007-08-31 SDHelper.dll (1.5.0.8)
2007-08-31 Tools.dll (2.1.2.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-09-19 Includes\Beta.sbi (*)
2007-08-21 Includes\Beta.uti (*)
2007-09-19 Includes\Cookies.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-09-19 Includes\DialerC.sbi (*)
2007-08-29 Includes\Hijackers.sbi (*)
2007-09-19 Includes\HijackersC.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-09-19 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-09-12 Includes\Malware.sbi (*)
2007-09-19 Includes\MalwareC.sbi (*)
2007-09-05 Includes\PUPS.sbi (*)
2007-09-19 Includes\PUPSC.sbi (*)
2007-09-19 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-09-19 Includes\SecurityC.sbi (*)
2007-09-12 Includes\Spybots.sbi (*)
2007-09-19 Includes\SpybotsC.sbi (*)
2007-08-21 Includes\Tracks.uti (*)
2007-09-12 Includes\Trojans.sbi (*)
2007-09-19 Includes\TrojansC.sbi (*)
2008-12-24 Plugins\TCPIPAddress.dll
md usa spybot fan
2007-09-20, 08:23
The following detections are for usage tracks:


MS DirectInput: [SBI $9A063C91] Most recent application (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-682003330-2147153767-725345543-1003\Software\Microsoft\DirectInput\MostRecentApplication\Name

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-682003330-2147153767-725345543-1003\Software\Microsoft\DirectInput\MostRecentApplication\Id

I normally do not delete usage tracks, but I attempted to delete those to test if I could. Even though my user account is an administrator account, I also received the following:


Warning

Some problems couldn't be fixed, the reason could be that the associated files are still in use (in memory).
This could be fixed after a restart.
May Spybot-S&D run on your next system startup?

[Yes] [No]
I then checked the permissions on the following registry key:
[HKEY_CURRENT_USER\Software\Microsoft\DirectInput]
In my system (Windows XP Home) the Permissions for administrators on that particular registry key is not Full Control, it is only set to Read and that is why I can't delete those usage tracks.

I suggest that you check the premissions on the registry key and see what yours is set to.
goofer
2007-09-20, 20:14
Beautiful!!! Changed permissions - everything works. Thank you very much.

Goofer
md usa spybot fan
2007-09-20, 20:35
Just keep in mind that there may have been underling reason that both your system and mine had the permissions on that particular registry key set that way. I don't know if that is by design in the OS or if the last thing that set those entries did it. My registry entry is:


[HKEY_CURRENT_USER\Software\Microsoft\DirectInput]

[HKEY_CURRENT_USER\Software\Microsoft\DirectInput\MostRecentApplication]
"Version"=hex:0a,05,00,00
"Name"="EVEREST.BIN"
"Id"="EVEREST.BIN2A425E190015E200"
"MostRecentStart"=hex:2c,a1,f8,60,82,61,c6,01
goofer
2007-09-20, 20:42
Here are the contents of reg.

Windows Registry Editor Version 5.00

[HKEY_USERS\S-1-5-21-682003330-2147153767-725345543-1003\Software\Microsoft\DirectInput\MostRecentApplication]
"Name"="RUNDLL32.EXE"
"Id"="RUNDLL32.EXE41107DBC00008200"
"Version"=hex:00,08,00,00
"MostRecentStart"=hex:c4,50,7a,54,34,93,c6,01
@="Id"

This is always the same.
md usa spybot fan
2007-09-20, 21:50
goofer:

Quite frankly, I think that I would have handled the situation differentially. Since:
Most usage tracks do not necessarily present an overt security problem unless there are multiple users that share the same system and you do not the want the other users to know what you have accessed, reference, edited, etc.

--- and ---


You were willing to share the content of the registry entry you were concerned with deleting with the entire world.
Faced with the same situation, I personally think that I would have done one of the following rather than modify the permissions for that particular registry key:
Ignored the fact that those registry entries can not be deleted.

--- or ---


Added the detection(s) to either the Ignore Products or Ignore Singles lists.
goofer
2007-09-21, 02:18
OK! Started from scratch based on your recommendations. Interesting feature was I already had "DirectInput" listed in the single file exclude section. I deleted them from that section and then excluded them again. This time nothing showed up in the exclude list but everything worked fine. Don't understand what happened but ... Could this be a bug in the display of 1.5?

Anyway thanks again.

Goofer