Help with "Resident Registry Change Denied"

[ChrisWouldLikeHelpPleas]

Please could anyone help me with the following notice, that pops up every second;
"Resident. Registry change denied. Identified as :User blacklist.Resident denied the change of Windows Defeneder (category System Startup glbal entry) based on your black list"
I thought I'd done the right thing in my choice but am now getting this window every second and don't know what to doabout it.
Any help appreciated.
Chris

[md usa spybot fan]

Chris:

Please post the portion of the Resident.log that shows the registry change you are having problems with.

1. There are several ways (4 listed below) to access the TeaTimer's Resident.log file:
   
   1. Right click on the TeaTimer (Spybot-SD Resident) system tray icon and select Show Log.
   2. Go into Spybot > Mode > Advanced Mode > Tools > Resident.
   3. Go into Spybot > Mode > Advanced mode > Tools > View Reports > View Previous reports. Select the Resident.log file and open it.
   4. Using Windows Explorer, navigate to the Resident.log file located in one of the following directories:
      
      • Windows 95 or 98:
        C:\Windows\Application Data\Spybot - Search & Destroy\Logs
      • Windows ME:
        C:\Windows\All Users\Application Data\Spybot - Search & Destroy\Logs
      • Windows NT, 2000 or XP:
        C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs
      • Windows Vista:
        C:\ProgramData\Spybot - Search & Destroy\Logs
      
      Double click on Resident.log file and it should open with Notepad.
2. To copy information from the log into a post in the forum:
   
   1. Copy the information into the Clipboard:
      
      • Highlight the portion of the log that you want to copy.
      • Right click and select Copy.
   2. Paste (Ctrl+V) the information from the Clipboard to a new post in this thread.

[ChrisWouldLikeHelpPleas]

Thanks for the suggestion. I couldn't use route 1 as the screen changes every second! I hope the section that is relevant is;

09/12/2008 18:00:06 Denied (based on user decision) value "BootExecute" (new data: "SDEarlyDelete
SDEarlyDelete \??\C:\Program Files\SpywareDetector
autocheck autochk *
lsdelete
aswBoot.exe /M:7a8aacc932
") changed in Session manager!
21/12/2008 23:39:45 Denied (based on user decision) value "Windows Defender" (new data: "") deleted in System Startup global entry!
21/12/2008 23:39:53 Denied (based on user decision) value "Windows Defender" (new data: "") deleted in System Startup global entry!
21/12/2008 23:42:17 Denied (based on user decision) value "Windows Defender" (new data: "") deleted in System Startup global entry!

and then there is a similar entry every second up until now!
Chris

[ChrisWouldLikeHelpPleas]

I've just realised the extract I posted didn't cover evrything;this takes it up to the moment that all the entries become identical;

21/12/2008 23:43:35 Denied (based on user decision) value "Windows Defender" (new data: "") deleted in System Startup global entry!
21/12/2008 23:43:45 Denied (based on user decision) value "Windows Defender" (new data: "") deleted in System Startup global entry!
21/12/2008 23:43:47 Denied (based on user blacklist) value "Windows Defender" (new data: "") deleted in System Startup global entry!
21/12/2008 23:43:48 Denied (based on user blacklist) value "Windows Defender" (new data: "") deleted in System Startup global entry!
Chris

[md usa spybot fan]

Chris:

There are several things that I see that give me cause for concern:

1. The presents of (or attempt to attach) SDEarlyDelete, SpywareDetector and possibly aswBoot.exe in your BootEcecute registry entry.
   
   1. Entries SDEarlyDelete and SpywareDetector indicate that you have SpywareDetector installed. SpywareDetector is considered a rouge or at least a low quality anti-spyware product by many. If you intentionally installed SpywareDetector I suggest that you reconsider.
   2. The aswBoot.exe entry is associated with the avast! start-up scanner. Do you have avast! and were you attempting to remove something with avast!? If so denying that the change to the BootEcecute registry entry may have prevented the avast! start-up scanner from running.
2. The fact that something is repetitively attempting to delete the startup entry for Windows Defender.
   
   1. Unless you are intentionally trying to remove the Windows Defender startup entry than something else is.

I suggest that you consider posting in the Malware Removal forum and having someone take a look at your system.

If you decide to have an experienced malware removal specialist assist you, please follow the procedure in this link to run scans and produce a HijackThis log:

• "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance).

After you have completed the required scans and produced the requested logs, start your own thread in the Malware Removal forum, making sure to post the HijackThis log produced from the above instructions.

Note: One of the steps in the instructions is to reset TeaTimer (except with Windows Vista). Resetting TeaTimer will most likely allow the Windows Defender startup entry to be removed. That entry will have to be added again after your system is checked out.