Ok, Im not sure what's going on but spybot keeps asking me to approve or deny registry changes and something is not kosher... here is my dds


.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Administrator at 17:49:19.14 on Wed 03/16/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2281 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IObit\Game Booster\gbtray.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Rocketfish 2.4GHz Ergo Laser Mouse Driver\ICO.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\PM069Q7K.GPQ\58PHEPB4.X9V\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Rocketfish 2.4GHz Ergo Laser Mouse Driver\Pelmiced.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [CmUCRRun] c:\windows\system32\CmUCReye.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Mouse Suite 98 Daemon] c:\program files\rocketfish 2.4ghz ergo laser mouse driver\ICO.EXE
StartupFolder: c:\documents and settings\administrator\start menu\programs\startup\CurseClientStartup.ccip
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 CMISTOR;CMIUCR.SYS CM320/CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [2007-1-5 93056]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-03-14 20:57:47 167936 ----a-r- c:\windows\system32\XMOUSE.CPL
2011-03-14 20:35:10 19456 ----a-w- c:\windows\system32\drivers\PELUSBlf.SYS
2011-03-14 20:35:10 18944 ----a-w- c:\windows\system32\drivers\PELMOUSE.SYS
2011-03-14 20:35:09 -------- d-----w- c:\program files\Rocketfish 2.4GHz Ergo Laser Mouse Driver
2011-03-14 20:34:19 -------- d-----w- c:\windows\X32
2011-03-14 20:34:19 -------- d-----w- c:\windows\Metadata
2011-03-13 16:36:20 -------- d-----w- c:\documents and settings\administrator\Bluetooth Software
2011-03-13 16:33:44 67960 ----a-w- c:\windows\system32\drivers\btwusb.sys
2011-03-13 16:33:44 55352 ----a-w- c:\windows\system32\drivers\btwhid.sys
2011-03-13 16:33:44 149123 ----a-w- c:\windows\system32\drivers\btwdndis.sys
2011-03-13 16:33:44 106557 ----a-w- c:\windows\system32\btw_ci.dll
2011-03-13 16:33:43 876384 ----a-w- c:\windows\system32\drivers\btkrnl.sys
2011-03-13 16:33:43 539072 ----a-w- c:\windows\system32\drivers\btaudio.sys
2011-03-13 16:33:43 37424 ----a-w- c:\windows\system32\drivers\btport.sys
2011-03-13 16:33:35 -------- d-----w- c:\program files\WIDCOMM
2011-03-13 16:12:23 -------- d--h--w- c:\windows\msdownld.tmp
2011-03-13 16:12:03 -------- d-----w- c:\windows\Logs
2011-03-13 03:36:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\SecTaskMan
2011-03-13 03:36:29 -------- d-----w- c:\program files\Security Task Manager
2011-03-13 01:13:48 -------- d-----w- c:\program files\Ventrilo
2011-03-13 01:13:30 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-03-13 00:40:52 -------- d-----w- c:\windows\system32\NtmsData
2011-03-12 23:08:42 -------- d-----w- c:\windows\system32\appmgmt
2011-03-05 13:52:42 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-03-05 13:52:42 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-03-05 13:52:02 -------- d-----w- c:\program files\iPod
2011-03-05 13:50:39 -------- d-----w- c:\program files\Bonjour
2011-03-05 13:50:01 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Apple Computer
2011-02-26 03:48:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-26 03:48:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-02-20 09:58:35 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Research In Motion
2011-02-20 09:58:31 -------- d-----w- c:\docume~1\admini~1\applic~1\Research In Motion
2011-02-20 09:57:23 27136 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2011-02-20 09:56:37 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-02-20 09:55:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\Research In Motion
2011-02-20 09:55:42 -------- d-----w- c:\program files\Research In Motion
2011-02-20 09:55:42 -------- d-----w- c:\program files\common files\Research In Motion
2011-02-16 00:24:05 0 ----a-w- c:\windows\ativpsrm.bin
2011-02-16 00:22:56 -------- d-----w- C:\ATI
.
==================== Find3M ====================
.
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 03:13:02 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-01-05 03:12:52 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-01-05 03:11:42 4489216 ----a-w- c:\windows\system32\aticaldd.dll
2011-01-05 03:11:14 17084416 ----a-w- c:\windows\system32\atioglxx.dll
2011-01-05 03:00:30 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-01-05 02:59:24 302080 ----a-w- c:\windows\system32\ati2dvag.dll
2011-01-05 02:53:16 4021984 ----a-w- c:\windows\system32\ati3duag.dll
2011-01-05 02:46:12 1112576 ----a-w- c:\windows\system32\ativvamv.dll
2011-01-05 02:39:46 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-01-05 02:39:32 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-01-05 02:39:22 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-01-05 02:39:14 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-01-05 02:39:02 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-01-05 02:37:32 638976 ----a-w- c:\windows\system32\ati2evxx.exe
2011-01-05 02:36:54 2670464 ----a-w- c:\windows\system32\ativvaxx.dll
2011-01-05 02:36:00 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-01-05 02:35:12 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-01-05 02:31:10 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-01-05 02:29:18 196608 ----a-w- c:\windows\system32\atiadlxx.dll
2011-01-05 02:28:52 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-01-05 02:28:18 471040 ----a-w- c:\windows\system32\atiok3x2.dll
2011-01-05 02:22:50 851968 ----a-w- c:\windows\system32\ati2cqag.dll
2011-01-05 02:20:56 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-01-05 02:20:56 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 17:50:02.68 ===============

here is the spybot log....

DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


HitBox: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


HitBox: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


HitBox: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2011-02-25 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-02-24 Includes\Adware.sbi (*)
2011-02-24 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-02-24 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2010-11-30 Includes\Hijackers.sbi (*)
2011-02-24 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-02-24 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-02-24 Includes\Malware.sbi (*)
2011-02-24 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-02-24 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2011-02-24 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-02-24 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2011-02-24 Includes\TrojansC-02.sbi (*)
2011-02-24 Includes\TrojansC-03.sbi (*)
2011-02-24 Includes\TrojansC-04.sbi (*)
2011-02-24 Includes\TrojansC-05.sbi (*)
2011-02-24 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

TY in advance for your help....

A little background.. this is a used "new to me" pc. It supposedly has a fresh install of windows xp and has been properly updated, I installed a few programs I trust at first, such as spybot, avg, and WoW. I noticed the problems soon after trying to install a driver for a bluetooth adapter. I have run CCleaner and Advanced System Care Free v 3.7.3. Since the issues have become noticable i have installed a used hard drive that came from a pc that contains vista home premium, however have only run an avg virus scan on it as I'm afraid to open files and explore them so as not to infect them too, however i would like to save the information, in case there is something i could use. Please advise.. TY.

hi Flattus


approve or deny registry changes
I dont use Spybot but Iam pretty sure this is the function of "tea timer" when something attempts to write to the registry. It dosnt mean its malware.
The log looks ok. Is your AV coming up clean after a scan?


has been properly updated,
Is Windows updates turned on or have you visited Windows update to make sure your patched?

I suggest you also install the free version of Malwarebytes to use as a scan;
Please download the free version of Malwarebytes (http://www.malwarebytes.org/mbam.php) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

You could also do a online scan:

ESET online scanner:



http://www.eset.com/onlinescan/



Use Internet Explorer

check "YES" to accept terms

click start button

allow the ActiveX component to install

click the start button. the Scanner will update.

check both "Remove found threats" and "Scan archives" Leave the defaults checked under Advanced settings

click scan. When it completes click "List found threats"

click "Export to text file.." and save it to your desktop. Post the saved log.

Click "back" and "finish

Spybot and Malwarebyte should be able to scan your attached drive.

Hi Shelf Life, and thank you for the rapid response. I feel like such a noob, no detections were found by eset and no option was available to "export to text file", malwarebytes found 3 threats and were fixed. My paranoia is fueled by the fact that every time i start my pc i get messages from spybot asking to approve or deny the same things... such as...

Category: System Startup global entry
Change: Value deleted
Malwarebytes' Anti-Malware
New Data: C:|Program Files\Malwarebytes' Anti-Malware\mbamgui.exe/install/silent

Category: Firewall Authorized Applications
Change: Value added
New Data: C:\Program Files\World of Warcraft\Launcher.patch.exe

+ a few others, but they did not re-occur since the malwarebytes scan and fix....
So now my question is how do i know what changes are OK to approve, what should i deny, why does spybot not remember the changes i have already approved, what do you use for spyware, malware, virus protection....

Im sorry if i wasted your time with this post, it just struck me as wrong for spybot to ask me to approve the same changes everytime i turn on my pc. A google search on C:\Program Files\World of Warcraft\Launcher.patch.exe:*:enabled led me to the forums and led me to believe that this change request was not something i wanted to do, and made me think this is a deep rooted problem that i won't find the answers to on the forums without help.

I do appreciate the quick response if you have any other ideas please let me know.... and thanks again:)

hi,

Looks like you are malware free anyway. Note that the free verison of malwarebytes must be updated manually and a scan started manually.

I wont be much help with Spybot or its tea timer feature. I dont use it. Those registry changes you posted are not malware related. On what to approve, i guess you could ask: do I recognize that process? You just installed Malwarebytes and you also must have WOW installed.

You should poke around in some of the other forums for information and/or use the search feature. No doubt the help is here somewhere. Also check Spybots help file.
In Windows you should have a updated Antivirus and 2 or 3 antimalware apps. Both cover different threats. If not updated they will soon be worthless. I try to cover some things in my "end speech" which I will post:

10 Tips for Prevention and Avoidance of Malware:

There is no reason why your computer can not stay malware free.
No software can think for you. Help yourself. In no special order:

1) It is essential to keep your operating system (Windows) browser (IE, FireFox, Chrome, Opera) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update (http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us) frequently or use the Windows auto-update feature. (http://www.microsoft.com/windows/downloads/windowsupdate/automaticupdate.mspx) Staying updated is also essential for other web based applications like Java, Adobe Flash/Reader, iTunes etc. More and more third party applications are being targeted. Use the auto-update features available in most software. Not sure if you are using the latest version of software? Check their version status and get the updates here. (http://secunia.com/vulnerability_scanning/online/)

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this. See also the signs (http://www.malwarevault.com/signs.html)that you may have malware on your computer.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.

4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. See also E-mail phishing Tricks (http://www.fraud.org/tips/internet/phishing.htm).

5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?

7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts (http://www.microsoft.com/protect/computer/advanced/useraccount.mspx) can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista and Windows 7 attempts to address.

8) Install and understand the *limitations* of a software firewall.

9)A slide show how to for securing Internet Explorer 8.0 (http://threatpost.com/en_us/slideshow/How%20to%20configure%20Internet%20Explorer%20for%20secure%20surfing) for safer surfing. How to harden FireFox. (http://threatpost.com/en_us/slideshow/How-to-configure-Mozilla-Firefox-for-secure-surfing?utm_source=Second+Sidebar&utm_medium=Featured+Slideshows&utm_campaign=Configure+Mozilla+Firefox) for safer surfing.

10) Warez, cracks etc are very popular for carrying malware payloads.If you download/install files via p2p networks you will encounter malware. Malware can be named anything, be nothing but malware or have malware bundled in it. Can you really trust the source of the file?

More info/tips with pictures, links below

Happy Safe Surfing.