Hello,

I am really bad with computers, so please forgive me if my question seems "nuts".

For the last 2 monthes, I've had a lot of spam and so on, so I recently tryed installing your software against spyware.

I ran the scan and clicked on the button for "solving all found problems" -after reading their descriptions of course: tracing cookies and so on.
I also enabled the "tea timer" option.

Since that, even if the main window and search of Spybot does not find any threat, evry time I start my computer, I have dozens of popups from the tea timer saying:

"modification of register refused. Resident refused the modification of maxfqn (category system startup global entry) following your black list"

...Could you please help me?? I am quite afraid of modifying something "normal" from the register, and I am unable to know if this is a real threat or a bad detection of a normal component...

I am the main user of my PC (about 90% of the time), but I sometimes lend it to friends or collegues needing one urgently. I use internet mostly for professional uses and classical mail-box, so I've never been afraid of "spyware" or so, but maybe am I wrong...

Thank you very much if you can give some ideas!!!

The patches for TeaTimer published in this forum were designed to solve a bug with TeaTimer's popup dialog that cause portions of the "Allow change" and "Deny change" buttons to be overlaid. They were not designed to eliminate either the popup dialogs or the notification messages as the title of your thread implies.

The TeaTimer notification messages that indicate that the change of a registry was denied because of your blacklist indicates that at some point you denied a similar registry change and check the "Remember this decision" option.

Since you indicate that you are getting "dozens of popups" at system startup, the most likely cause of the problem is because TeaTimer's snapshot files are out of sync with the registry. TeaTimer takes snapshots of Registry entries and compares these with the Registry at startup. Until these snapshots are updated you are likely to get pop-ups (at startup) of changes you made in the past. In other words, TeaTimer attempts to return the Registry to the state it was in when the snapshots were taken.

The solution to the problem is to refresh TeaTimer's snapshot files after making changes to the registry such as changing your home page. There are two ways to do this:Refresh TeaTimer's snapshot files:
Right click Spybot's TeaTimer System Tray Icon > click Exit Spybot-S&D Resident.
TeaTimer closes.
TeaTimer's snapshot files are refreshed at this time.

Restart TeaTimer:
Using Windows Explorer, navigate to C:\Program Files\Spybot - Search & Destroy.
Double click TeaTimer.exe to start it.

Manually exit TeaTimer immediately prior to system shutdown or restart.
*************************

I believe that the reason that snapshot files get out of sync with the registry is because when TeaTimer starts the snapshot files are read into memory and maintained there. The snapshot files only appear to be rewritten when TeaTimer closes. During system shutdown (or restart) it appears that TeaTimer is terminated before it has a chance to rewrite the snapshot files and therefore they are out of sync with the registry if changes have been made to the registry.

This problem appears to have been corrected with the TeaTimer 1.5 beta test version of TeaTimer.

Thanks a lot for your quick answer.

HMM... I am very sorry to say so, but I try the 2 solutions you advised me, but the popups are still here (in fact, it's not "dozens", but one per second or so...).

As I had installed and try Ad aware in the same time as Spy bot (and ran it firts - only on alphabetical order...), I tried to restore the quarantined items from this programs, and to run Spy bot again. Then I deleted these items, manually exited spybot and the TeaTimer, then stopped the computer, then restarted the computer....

But the warning message popups are still there!

I am really sorry... I know this is a very unelegant option, but do you think that uninstalling then re installing Spybot could help to solve this problem??

Thank you again, and thank you in advance if you have any further suggestions!!!

Please show us what change is being denied:
Go into Spybot > Mode > Advanced Mode > Tools > Resident > page (scroll) to the bottom of the listing and highlight a portion of the log that shows what change to registry was being repetitively denied.
Thanks.

Hello again,

Thank you for all four help!

Here is a copy of the 4 last lines of the log reporting the change that has been denyed... The're all the samme except for the seconds, sorry! (and sorry also because this is French version...)

15/02/2007 18:41:05 Refusé(e) value "maxfqn" (new data: "") supprimé(e) in System Startup global entry!
15/02/2007 18:41:06 Refusé(e) value "maxfqn" (new data: "") supprimé(e) in System Startup global entry!
15/02/2007 18:41:07 Refusé(e) value "maxfqn" (new data: "") supprimé(e) in System Startup global entry!
15/02/2007 18:41:08 Refusé(e) value "maxfqn" (new data: "") supprimé(e) in System Startup global entry!


Thanks in advance if you have any suggestions!!

If you refreshed TeaTimers snapshot files and they are now in sync with the registry, then the only thing that I can assume that there is a process/application running in your system that is attempting to remove a startup entry with a value of "maxfqn" from the registry and you are continually denying the change via TeaTimer because when you initially received this change you did a "Refuser" with "Se rappeler cette décision".

Unfortunately, a Google search for "maxfqn" turns up nothing so I have no idea what the "maxfqn" entry is nor what process is attempting to delete it.

Do you recognize the name "maxfqn"?

If you go into Spybot > Mode > Advanced mode > Tools > System Startup is there an entry with a value "maxfqn" list? If so what is the Command line associated with?

Hello,

sorry for beeing long to reply to your help (quite busy with work...)


Unfortunately, a Google search for "maxfqn" turns up nothing so I have no idea what the "maxfqn" entry is nor what process is attempting to delete it. Do you recognize the name "maxfqn"?

If you go into Spybot > Mode > Advanced mode > Tools > System Startup is there an entry with a value "maxfqn" list? If so what is the Command line associated with?

Meanwhile, I tryed to find some more info on the "maxfqn" name.
There is no entry with "maxfqn" name in System Startup List when I go into Spybot.

I found some info while running an online scan with Panda:

this was found in "c:/WINDOWS/System32/maxfqn_nac.dat". It is described as "Adware= adware/navipromo".

It must have been recognized somehow by Spybot, but not supressed, and I cannot find a trace of any original "refuse"...
When I run a spybot scan, it is not found...


If you refreshed TeaTimers snapshot files and they are now in sync with the registry, then the only thing that I can assume that there is a process/application running in your system that is attempting to remove a startup entry with a value of "maxfqn" from the registry and you are continually denying the change via TeaTimer because when you initially received this change you did a "Refuser" with "Se rappeler cette décision".

So, may it be that my antivirus (MacAfee), or "Ad-adaware SE" wich I ran before are trying to remove this?
I cannot remember of saying "refuse" to the modification of maxfqn on the dialog box of the Tea Timer...
How could I remove this "maxfqn_nac.dat"?

By the way, I have a very very childish question about how to answer to the dialog box: when I am asked about a modification of a known normal component from (C:/something) to ("C:/something"), what does it mean?
Shall I accept or refuse the modification? Shall I mark "Se rappeler cette décision"??

Sorry again for being so ignorant,

I am very gratefull for your help (this is the first time I ask assistance on a forum, and I find it very generous from helpers!!)

PuzzledwPC:



How could I remove this "maxfqn_nac.dat"?
Since Panda identified the file as "Adware= adware/navipromo", you could try navigating to the following file using Windows Explorer and deleting it:
C:/WINDOWS/System32/maxfqn_nac.dat


By the way, I have a very very childish question about how to answer to the dialog box: when I am asked about a modification of a known normal component from (C:/something) to ("C:/something"), what does it mean?
Shall I accept or refuse the modification? Shall I mark "Se rappeler cette décision"??
Since it is "a modification of a known normal component", I would accept those changes. Many applications modify or reestablish system startup entries particularly during updates. They may even change the startup entry to a clean-up process and back again to the normal startup program during updates.