Spybot...everytime I run it. Each of them says 'registry change, nothing done'....
Are you using IE-SPYAD? There have been reported conflicts between Spybot S&D and IE-SPYAD that show in a Spybot log like this example:
Smitfraud-C.: User settings (Registry change, nothing done)
Lunch Spybot, go to File Menu > Mode and select Advanced mode.
Then go to Tools > View Report > View Previous Report. A box should open with selections of .log and .txt files. Select the latest .txt file (Checks.050726-XXXX). The X's will be numbers. Just select the .txt that has the highest number. If the report looks similar to the above, then check your restricted zones list and see if those entries are there.
Depending on what Spybot's identifying, the DSO exploit(s) may be false-positive(s) that were commonly reported when running v1.3. See the explanation here
. (Please note that some of the net-integration links no longer work since Spybot moved to safer-networking.org). Also see Why does DSO Exploit return?
. Ensure you are using the current version which is Spybot S&D 1.4
CWShredder is now owned by TrendMicro and has not neen as effective as prior versions released by its original author (Merijn). There have been reports of it giving false positives. You can download an archive of CWShredder 1.59.1
(last version by Merijn) which will take care of all the classic CWS versions. For newer ones you should download and use About:Buster
I installed...XoftSpySE and HijackThis
XoftSpy is not a program that I would place it lot of trust in. It previously was listed as on the Rogue/Suspect Anti-Spyware Products
list because of false positives and other concerns. Read the note:
XoftSpy was listed on this page because of concerns with false positives (1, 2, 3, 4), questionable license terms, and the use of aggressive, deceptive advertising (1, 2), including exploitation of the name "spybot" by affiliates. Earlier versions of XoftSpy were also Ad-aware knockoffs. (There was clone of XoftSpy named SpyBurn, but that application is no longer available.)
Over the past few months, XoftSpy has taken aggressive steps to reign in its affiliates (who were primarily responsible for the unsavory advertising), revised its license text, and released a new version of XoftSpy (version 4.0) that addresses our concerns with false positves. Given these changes we can no longer regard XoftSpy as "rogue/suspect" anti-spyware.
That may explain why your other scans are not finding anything.
HijackThis is an advanced tool
that requires advanced knowledge about the Windows Operating System. Most of the log entries are required
to run a computer and removing essential ones can potentially cause serious damage
such as your Internet no longer working or problems with running Windows itself.
HijackThis is an enumerator and similar in some respects to a registry editor program which displays areas of the Windows registry where the majority of Viruses, Trojans, Spyware, Adware, and Malware reside. HJT will scan certain areas of your system and then create a log to help diagnose the presence of undetected malware in these known hiding places. It then relies on experts to interpret the log entries
and determine what needs to be fixed. If you do not have advanced knowledge about computers you should NOT fix anything using HijackThis
without consulting a expert as to what to fix. If you choose to fix anything by yourself, you do so at your own risk