Hello, Jeremy Hall here. Semi-pro user. A new tea timer behavior has surfaced for me recently. This has happened on my compaq presario, and re-occoured after a coincidental reformat. I run full scans w/ removal of ALL available tracks. Normal initial hits surface, such as alexia, and double click (shows up before I get completely updated), and usage tracks in initial scan. The following appearance of request for registry change has also appeared after all windows updating for me, under varied websurfing conditions, when I have apparently had no highlighted hits, or known intrusions. I have 2000pro, sp4, and use the "labmice.com" checklist to set my services and permissions to a higher state of computer protection. It is not likely I have the standard cookie, trojan, or worm, although I am still vulnerable to them, if they get in. I use free avg, and zone alarm, with ad-aware 2007, on broadband. I also keep my "lock hosts file" w s & d checked full-time.
Immed after selecting fix selected tracks, permission shell asks:
Category: startup user entry, Change: value added, [B]SpybotDeletingB6098, (where the numerical portion is stringlike) (also, this may re-occur with several permission windows, with SpybotDeleting and several varied numerical strings), NewData: command \c del C:\WINNT\SchedLgU.txt_tobedeleted
What raised a red flag for me regarding this issue, was that I had given permission for these changes, then, before restarting, I ran the System Internals check, and all of the spybotdeleting strings appeared as inconsistencies, with (if I remember correctly...) broken links. I then deleted those, before restarting. I think that when I do nothing, the issue comes right back. The entry also appears in my registry run once file.
When I look through registry editor in the local machine - software - microsoft - windows - current version - run once file, I see 3 entries I think should not be there. My normal startups safely appear in the run file, the run once file should only have one generic entry, if I am correct. Entries are: as above, & as above with "cmd" instead of "command", and the third reads: REG_SZ C:\Program Files\ Spybot - Search & Destroy\SpybotSD.exe" /autocheck. Apparently a few of these have snuck past me without permission before I get set up. Previously, when I was secure in my last installation, this issue first occured alongside a "read address violation" with s & d. I don't view the run files often, but I remember that there should not be run once files unless I am using periferial stuff. (I may have just sounded computer ignorant there,,, but I'm not sure).
Question: What are these entries? Are they safe to allow? Is this a sign of intrusion?
(please email me if response posted, h a m p s t e r 7 k 7 @ y a h o o . c o m) I did search the forums for schedlgu.txt, but found no relevant results.