PDA

View Full Version : Latest Spybot detects but won't remove


KeithM
2006-03-30, 18:08
I've used the old version of Spybot with much success and recently updated to the latest version. When I run the program it identifies 40 problems but when I select "fix" , the window closes and nothing happens.
I've looked through FAQ but haven't found the same problem addressed.
I've followed the "how to enable the select button" on your website but can't find a "setting" option on my screen. Some help would be appreciated.
md usa spybot fan
2006-03-30, 18:30
I don’t really think that enabling those options is going to solve your problem (see Note #1). But in any case:
Go into Spybot > Mode > Advanced mode > Settings > Settings > scroll to the bottom of the list.
What I suggest that you do is tell us something about your system (OS, etc.) and show us what detections you are getting as follows:
Run another scan.
When the scan completes, right click on the results list, select "Copy results to clipboard".
Then paste those results to a new post in this thread.
Note #1: How to enable the Select all button
http://www.safer-networking.org/index.php?page=howto&detail=selectall
KeithM
2006-03-31, 17:23
My OS is Windows XP Pro on a Dell pent 4 desktop.
Here is the results of the latest scan.

eXact Advertising.BargainsBuddy: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ZESOFT

eXact Advertising.BargainsBuddy: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ZESOFT

Tango: IE Search page (Registry change, nothing done)
HKEY_USERSS-1-5-21-3427562982-3305220180-3057736795-1005\Software\Microsoft\Internet Explorer\Main\Search Bar=about:blank

Tango: IE Search page (Registry change, nothing done)
HKEY_LOCAL_MACHINESoftware\Microsoft\Internet Explorer\Main\SearchAssistant=about:blank

Tango: IE Search page (Registry change, nothing done)
HKEY_LOCAL_MACHINESoftware\Microsoft\Internet Explorer\Search\SearchAssistant=about:blank

Rotue: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue

Tango: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\AutoLoader

Windows Security Center.AntiVirusOverride: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0

Windows Security Center.AntiVirusDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0

Exact Advertising.BargainsBuddy: System Service (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ZESOFT

Exact Advertising.BargainsBuddy: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil

Huntbar: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{87766247-311C-43B4-8499-3D5FEC94A183}

Huntbar: Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87766247-311C-43B4-8499-3D5FEC94A183}

Huntbar: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7}

Huntbar: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{A8DEB4A5-D9EF-4D21-B4F6-921475004E7D}

Huntbar: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\WinTools

Huntbar: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3427562982-3305220180-3057736795-1005\Software\WinTools

Huntbar: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\WToolsB.ResProtocol

Huntbar: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A8DEB4A5-D9EF-4D21-B4F6-921475004E7D}

Huntbar: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinTools

Huntbar: Program directory (Directory, nothing done)
C:\Program Files\Common Files\WinTools\

Huntbar: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{6E21F428-5617-47F7-AED8-B2E1D8FBA711}

Huntbar: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6}

Huntbar: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{8B0FA130-0C3D-4CB1-AEB7-2C29DA5509A3}

Huntbar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{234F09FB-FE89-4C6D-9203-31832FC051C3}

Huntbar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{365B9A54-E613-46E5-9DB1-4F91A9DE80BD}

Huntbar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{618BE527-B7F5-417C-BC51-98FDC2D6DE61}

Huntbar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{66C22569-F05C-4A70-A142-763B337E1002}

Huntbar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{7B8BD940-B1EF-460C-85A2-9ACAAF7F9303}

Huntbar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{99AA88D1-D9D3-410A-BE9E-044F94C183DA}

Huntbar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{D1951679-1D52-43FC-9585-0737143585F5}

Huntbar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{F273D4EA-2025-4410-8408-251A0CD46BE7}

Huntbar: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{B23B3ADD-84B1-414A-92B9-0CABE5A781F4}

Huntbar.Web Search: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{2C4E6D22-B71F-491F-AAD3-B6972A650D50}

Huntbar.Web Search: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{AF8B3C81-CD19-45FB-B6BE-160D27711DE8}

Huntbar.Web Search: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{C380566D-F343-42AB-987B-6B38A1A35747}

Huntbar.Web Search: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{6F59D850-A155-4930-98AE-689A2BC7B8E8}

Wind Updates: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\AdToolsX.Installer

Wind Updates: Code storage database (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}

Windows AdTools: Data (File, nothing done)
C:\WINDOWS\SYSTEM32\ide21201.vxd


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-03-28 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-03-24 Includes\Cookies.sbi (*)
2006-03-24 Includes\Dialer.sbi (*)
2006-03-24 Includes\Hijackers.sbi (*)
2006-03-24 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-03-24 Includes\Malware.sbi (*)
2006-03-24 Includes\PUPS.sbi (*)
2006-03-24 Includes\Revision.sbi (*)
2006-03-24 Includes\Security.sbi (*)
2006-03-24 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-03-24 Includes\Trojans.sbi (*)

Hope this helps.
Thanks
md usa spybot fan
2006-03-31, 17:41
You can try to run Spybot-S&D in Safe mode and see if it will clean up your problems. To reboot your system in Safe mode see:
Starting your computer in Safe mode (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam)
If Spybot-S&D still fails to remove the problems you can request assistance in the Malware Removal forum.

Follow the instructions here:
BEFORE you post a log, and who will advise you.
http://forums.spybot.info/showthread.php?t=288
Then post in the following forum:
Malware Removal
http://forums.spybot.info/forumdisplay.php?f=22
KeithM
2006-04-01, 16:29
Safe mode produced the same results. I did notice that only 38 problems were detected compared to 40 the last couple of days.
Ill follow your advice re switching to a different forum.
Thanks