PartnerHBO false positive?? running windows 7 home premium

Hi all I have recentyl pruchased a brand new ACER with Windows 7 Home premium. Did my usual of installing Avast home edition, spybot, and malwarebytes, as well as having Mcafee security centre pre-installed. I have turnt off the Mcafee anti-virus as I prefer Avast. But when I ran spy bot last night I was getting warning of Trojan PartnerBHO. 16 entries. But upon doing some research it may be a false positive as nothing else is picking it up i.e. AVAST, malwarebytes and Mcafee. The log follows from spybot. I cant see how I could have been infected so quickly nor see how it happened as I am usually so careful.

— Search result list —
PartnerBHO: [SBI $2FE4A5BE] Application ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\AppID{28A88B70-D874-4f73-BBBA-9B2B222FB7D6}
PartnerBHO: [SBI $2FE4A5BE] Application ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\AppID{28A88B70-D874-4f73-BBBA-9B2B222FB7D6}
PartnerBHO: [SBI $BE743C00] Application ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\AppID\kt_bho_dll.dll
PartnerBHO: [SBI $BE743C00] Application ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\AppID\kt_bho_dll.dll
PartnerBHO: [SBI $F3EE08ED] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
PartnerBHO: [SBI $F3EE08ED] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
PartnerBHO: [SBI $14904C60] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\kt_bho.KettleBho
PartnerBHO: [SBI $14904C60] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\kt_bho.KettleBho.1
PartnerBHO: [SBI $14904C60] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
PartnerBHO: [SBI $14904C60] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
PartnerBHO: [SBI $14904C60] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\kt_bho.KettleBho.1
PartnerBHO: [SBI $14904C60] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
PartnerBHO: [SBI $14904C60] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
PartnerBHO: [SBI $14904C60] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\kt_bho.KettleBho
PartnerBHO: [SBI $6B47FF4E] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib{86676E13-D6D8-4652-9FCF-F2047F1FB000}
PartnerBHO: [SBI $6B47FF4E] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib{86676E13-D6D8-4652-9FCF-F2047F1FB000}

as some forums are reporting this is a false positive I have not acted on them. But I have to open as administrator to be able to do anything in spybot…also for some reason I cannot do a boot scan in avast, is this because I am using windows 7?

Thanks in advance :slight_smile:

[font=Segoe UI] Hi jdh86 and welcome to the forums,

You are running 2 antivirus softwares (avast and McAfee). Running two antiviruses can cause conflicts and system instability. In rare cases, running two antiviruses can cause detection instability.

avast is not supporting Boot Time Scan for 64 Bit version of Windows Seven yet. If you are not using a 64 bit OS, then please notify us so we may address your problem.

Hey thanks for the wift reply, I had de-activated the mcafee anti-virus and scanner, so that its only AVAST thats my anti-viral protection. And yes its 64 bit OS so I guess that means no boot scan and not thorough scan? Its has been suggested that these files are flase positives found by spybot and can be removed if I want but not nessecarily harmful if I leave them…just want to make sure

Deactivation isn’t enough as the low level drivers will still be loaded as that is the crux of the resident protection, these low level drivers hook a file so that it can be scanned before being allowed to run.

This effectively locks a file and when two drivers are trying to do this it can cause conflict, which can be as sever as locking the system, if this happens on bot it could effectively lock you out of your system. There is such a thing as ‘too much of a good thing’ and that is two resident AV, one disabled or not.

So you have to make your choice as to which one to keep and uninstall McAfee ;D

I would also recommend using the appropriate tool to ensure all remnants are removed - You didn’t say which McAfee version, so here are the various tools:

2007 version - http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe

Also see - How do I uninstall SecurityCenter? http://ts.mcafeehelp.com/faq3.asp?docid=71525