Hi all.

I received one of those standard pop up boxes from SpyBot notifying me of a registry change and asking permission whether to allow it. Since I knew what the change was I clicked the "Allow" button. Immediately after that I received numerous pop up boxes stating that I had denied the change.

Each box would popup starting in the bottom right hand corner of my screen. Another box would then appear above it and so on until there were 5 or 6 boxes showing. The topmost box would disappear and then reappear and this would continue. I then used the CTRL ALT DEL function to end the program.

It didn't seem to have any other adverse effect on my system.

Has this happened to anyone else, and is there a fix for it, or is this indicative of SpyBot not getting along with another installed program on my drive?

Thanks in advance.

Hello,

That are notifications from the resident TeaTimer that inform you about an allowed or denied registry change.

TeaTimer takes snapshots of Registry entries and compares these with the Registry at startup. Until these snapshots are updated you are likely to get pop-ups (at startup) of changes you made in the past. In other words, TeaTimer attempts to return the Registry to the state it was in when the snapshot was taken. This happens primarily when you reboot the system. To refresh TeaTimer's snapshot files:

* Right click Spybot's TeaTimer System Tray Icon > click Exit Spybot-S&D Resident.
o TeaTimer closes.
o TeaTimer's snapshot files are refreshed at this time.
* Restart TeaTimer:
o Using Windows Explorer, navigate to C:\Program Files\Spybot - Search & Destroy.
o Double click TeaTimer.exe to start it.

If you periodically recycle TeaTimer the problem will be diminished but not necessarily totally eliminated. As an alternative you can periodically just shut down TeaTimer as outlined above without restarting it just prior to shutting down the system to refresh the snapshot files.

By the way....you have posted in the Tavern:
"A place to chat or ask general questions, no politics or religion please. Questions related to Spybot-S&D support/tools, or requests for Malware removal, should be posted in the appropriate forum. Not in the tavern. ;)"

Best regards
Sandra
Team Spybot

Thanks Sandra.

There is nothing called TeaTimer for me to click on when I follow the path you gave in your initial reply.

Hello,

Did you click in the right place?
The system tray is on the lower right, beneath your clock.

Best regards
Sandra
Team Spybot

njdriver:

TeaTimer's icon is actually titled "Spybot-SD Resident" and should be present in the taskbar notification area (system tray). It looks like a document or window with a padlock in the lower left hand corner.

There is nothing like that in my system tray. I did a search on drive C: for Tea Timer, and there were no results.

njdriver:

What version of Spybot are you running (Spybot » Help » About)?

The procedure that spybotsandra (http://forums.spybot.info/member.php?u=5) outlined to refresh TeaTimer's snapshot files was only required with Spybot 1.3 and Spybot 1.4 because in those versions of TeaTimer the snapshot files got out of sync. with the registry.

If you can not find TeaTimer.exe it may be because in Spybot 1.5.2 some of Spybot's executables are hidden as protected operating system files. To see them:
Using Windows Explorer navigate to:
C:\Program Files\Spybot - Search & Destroy
In the Tools menu select Folder Options…
In the Folder Options dialog select the View tab.
Under the "Hidden files and folders" options:
Make sure "Show hidden files and folders" is selected.
Not "Do not show hidden files and folders".
Uncheck the following option:
Hide protected operating system file (Recommended)
Click the Apply button.
Click the OK button.
The files should now be displayed
Note: If you uncheck the "Hide protected operating system file (Recommended)" option to view Spybot's executables, I suggest that you return the option to its original setting when you are done.

njdriver:

Back to your original problem.

Please post the portion of the Resident.log that shows the changes around the time frame when you encountered the problem so that we can see what occurred.

There are several ways (4 listed below) to access the TeaTimer's Resident.log file:
Right click on the TeaTimer (Spybot-SD Resident) system tray icon and select Show Log.
Go into Spybot > Mode > Advanced Mode > Tools > Resident.
Go into Spybot > Mode > Advanced mode > Tools > View Reports > View Previous reports. Select the Resident.log file and open it.
Using Windows Explorer, navigate to the Resident.log file located in one of the following directories:
Windows 95 or 98:
C:\Windows\Application Data\Spybot - Search & Destroy\Logs
Windows ME:
C:\Windows\All Users\Application Data\Spybot - Search & Destroy\Logs
Windows NT, 2000 or XP:
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs
Windows Vista:
C:\ProgramData\Spybot - Search & Destroy\Logs
Double click on Resident.log file and it should open with Notepad.
To copy information from the log into a post in the forum:
Copy the information into the Clipboard:
Highlight the portion of the log that you want to copy.
Right click and select Copy.
Paste (Ctrl+V) the information from the Clipboard to a new post in this thread.

Well, good news, bad news.

I followed the instructions to unhide the files and I did see TeaTimer.exe.

I double-clicked it so that I could further follow the directions you gave, and the problem started again. As you can see from the attached copy of the SpyBot resident logfile, the problem was initially associated wwhen I was running MicroSoft Money. The only other anomaly was that I clicked on the "allow" button, not the "deny" button, although the popup boxes show "Registry change denied" "Identified as: user decision"

Here's the log:
Seems like it is caught in an endless loop.

5/1/2008 4:25:19 PM Denied (based on user blacklist) value "MoneyAgent" (new data: ""C:\Program Files\Microsoft Money\System\mnyexpr.exe"") added in System Startup user entry!
5/1/2008 4:25:20 PM Denied (based on user blacklist) value "MoneyAgent" (new data: ""C:\Program Files\Microsoft Money\System\mnyexpr.exe"") added in System Startup user entry!
5/1/2008 4:25:21 PM Denied (based on user blacklist) value "MoneyAgent" (new data: ""C:\Program Files\Microsoft Money\System\mnyexpr.exe"") added in System Startup user entry!
5/1/2008 4:25:22 PM Denied (based on user blacklist) value "MoneyAgent" (new data: ""C:\Program Files\Microsoft Money\System\mnyexpr.exe"") added in System Startup user entry!
5/1/2008 4:25:23 PM Denied (based on user blacklist) value "MoneyAgent" (new data: ""C:\Program Files\Microsoft Money\System\mnyexpr.exe"") added in System Startup user entry!
5/1/2008 4:25:24 PM Denied (based on user blacklist) value "MoneyAgent" (new data: ""C:\Program Files\Microsoft Money\System\mnyexpr.exe"") added in System Startup user entry!
5/1/2008 4:25:25 PM Denied (based on user blacklist) value "MoneyAgent" (new data: ""C:\Program Files\Microsoft Money\System\mnyexpr.exe"") added in System Startup user entry!
5/1/2008 4:25:26 PM Denied (based on user blacklist) value "MoneyAgent" (new data: ""C:\Program Files\Microsoft Money\System\mnyexpr.exe"") added in System Startup user entry!
5/1/2008 4:25:27 PM Denied (based on user blacklist) value "MoneyAgent" (new data: ""C:\Program Files\Microsoft Money\System\mnyexpr.exe"") added in System Startup user entry!
5/1/2008 4:25:28 PM Denied (based on user blacklist) value "MoneyAgent" (new data: ""C:\Program Files\Microsoft Money\System\mnyexpr.exe"") added in System Startup user entry!
5/1/2008 4:25:29 PM Denied (based on user blacklist) value "MoneyAgent" (new data: ""C:\Program Files\Microsoft Money\System\mnyexpr.exe"") added in System Startup user entry!
5/1/2008 4:25:30 PM Denied (based on user blacklist) value "MoneyAgent" (new data: ""C:\Program Files\Microsoft Money\System\mnyexpr.exe"") added in System Startup user entry!
5/1/2008 4:25:31 PM Denied (based on user blacklist) value "MoneyAgent" (new data: ""C:\Program Files\Microsoft Money\System\mnyexpr.exe"") added in System Startup user entry!
5/1/2008 4:25:32 PM Denied (based on user blacklist) value "MoneyAgent" (new data: ""C:\Program Files\Microsoft Money\System\mnyexpr.exe"") added in System Startup user entry!
5/1/2008 4:25:33 PM Denied (based on user blacklist) value "MoneyAgent" (new data: ""C:\Program Files\Microsoft Money\System\mnyexpr.exe"") added in System Startup user entry!
5/1/2008 4:25:34 PM Denied (based on user blacklist) value "MoneyAgent" (new data: ""C:\Program Files\Microsoft Money\System\mnyexpr.exe"") added in System Startup user entry!
5/1/2008 4:25:35 PM Denied (based on user blacklist) value "MoneyAgent" (new data: ""C:\Program Files\Microsoft Money\System\mnyexpr.exe"") added in System Startup user entry!
5/1/2008 4:25:36 PM Denied (based on user blacklist) value "MoneyAgent" (new data: ""C:\Program Files\Microsoft Money\System\mnyexpr.exe"") added in System Startup user entry!
5/1/2008 4:25:37 PM Denied (based on user blacklist) value "MoneyAgent" (new data: ""C:\Program Files\Microsoft Money\System\mnyexpr.exe"") added in System Startup user entry!
5/1/2008 4:25:38 PM Denied (based on user blacklist) value "MoneyAgent" (new data: ""C:\Program Files\Microsoft Money\System\mnyexpr.exe"") added in System Startup user entry!
5/1/2008 4:25:39 PM Denied (based on user blacklist) value "MoneyAgent" (new data: ""C:\Program Files\Microsoft Money\System\mnyexpr.exe"") added in System Startup user entry!
5/1/2008 4:25:40 PM Denied (based on user blacklist) value "MoneyAgent" (new data: ""C:\Program Files\Microsoft Money\System\mnyexpr.exe"") added in System Startup user entry!
5/1/2008 4:25:41 PM Denied (based on user blacklist) value "MoneyAgent" (new data: ""C:\Program Files\Microsoft Money\System\mnyexpr.exe"") added in System Startup user entry!
5/1/2008 4:25:42 PM Denied (based on user blacklist) value "MoneyAgent" (new data: ""C:\Program Files\Microsoft Money\System\mnyexpr.exe"") added in System Startup user entry!

Hi all. Hi, yes I get them all the time, and I do exactly what you do. And they go away, but I never think anything about them. But mine would always go away. I didn't have to use CTRL ALT DEL. But I haven't thought anything about it, but maybe i should. I do hope to find out something about this.

I received one of those standard pop up boxes from SpyBot notifying me of a registry change and asking permission whether to allow it. Since I knew what the change was I clicked the "Allow" button. Immediately after that I received numerous pop up boxes stating that I had denied the change.

Each box would popup starting in the bottom right hand corner of my screen. Another box would then appear above it and so on until there were 5 or 6 boxes showing. The topmost box would disappear and then reappear and this would continue. I then used the CTRL ALT DEL function to end the program.

It didn't seem to have any other adverse effect on my system.

Has this happened to anyone else, and is there a fix for it, or is this indicative of SpyBot not getting along with another installed program on my drive?

Thanks in advance.
Hi, yes I get them all the time, and I do exactly what you do. And they go away, but I never think anything about them. But mine would always go away. I didn't have to use CTRL ALT DEL. But I haven't thought anything about it, but maybe i should. I do hope to find out something about this.

Hi all. Hi, yes I get them all the time, and I do exactly what you do. And they go away, but I never think anything about them. But mine would always go away. I didn't have to use CTRL ALT DEL. But I haven't thought anything about it, but maybe i should. I do hope to find out something about this.

I received one of those standard pop up boxes from SpyBot notifying me of a registry change and asking permission whether to allow it. Since I knew what the change was I clicked the "Allow" button. Immediately after that I received numerous pop up boxes stating that I had denied the change.

Each box would popup starting in the bottom right hand corner of my screen. Another box would then appear above it and so on until there were 5 or 6 boxes showing. The topmost box would disappear and then reappear and this would continue. I then used the CTRL ALT DEL function to end the program.

It didn't seem to have any other adverse effect on my system.

Has this happened to anyone else, and is there a fix for it, or is this indicative of SpyBot not getting along with another installed program on my drive?

Thanks in advance.
Hi, yes I get them all the time, and I do exactly what you do. And they go away, but I never think anything about them. But mine would always go away. I didn't have to use CTRL ALT DEL. But I haven't thought anything about it, but maybe i should. I do hope to find out something about this.

njdriver:

You never answered my question!!!


What version of Spybot are you running (Spybot » Help » About)?
But since you were able to find TeaTimer.exe after you "...unhide the files ..", I'll assume you are running Spybot 1.5.2.20.

___________

I don't know what the initial registry change was that you did an "Allow change" on because all the entries that posted are "Denied" changes for a startup entry named "MoneyAgent" executing "C:\Program Files\Microsoft Money\System\mnyexpr.exe". It appears that at some point in time you evidentially did a "Deny change" for a similar entry and used the "Remember this decision" option. Because you used the "Remember this decision" option for the entry TeaTimer is automatically denying the change. In addition it appears that whatever program you initiated is persistent in attempting to add the startup entry and if the entry is not added it keeps trying to add it repetitively.

It seems that the only way to prevent a repeat of the problem you encountered is to:
Stop using whatever program you started when the problem occurred (Microsoft Money I assume).
Eliminate the stored TeaTimer automatic "Deny change" entry in TeaTimer's "Black and White" list that was based on your use of the "Remember this decision" option and let the program you were using add the startup entry by doing an "Allow change" the next time the change occurs.
If you check "Remember this decision" on a change, the information concerning that change it is stored in a file. TeaTimer uses that information to automatically "Allow" or "Deny" similar registry changes for all future changes. To edit the stored information:Right click on the TeaTimer system tray icon and select Settings (see note #1). This will bring up TeaTimer's "White & Black List". There are four (4) Buttons across the top of the "White & Black List":
Allowed registry changes
Blocked registry changes
Allowed processes
Blocked processes
You can review all the entries that you have stored by clicking on these buttons. The entries that you should review are in "Blocked registry changes". You can delete entries by clicking on the scripted black "X" to the right of the entry that you want to delete, answering "Yes" to the confirmation dialog and then clicking the "OK" button when you're done.After you have done that, the next time a similar registry change occurs TeaTimer will issue a registry change dialog rather than automatically deny the change. At that time you should allow the change and I suggest that you do not use the "Remember this decision" option on the change.

Note #1: If the TeaTimer icon is not present in the system notification area of the Taskbar:
Using Windows Explorer, navigate to C:\Program Files\Spybot - Search & Destroy.
Double click TeaTimer.exe to start it (now that you know how to find TeaTimer.exe).
Then to make sure that TeaTimer will start in the future when you restart your system:
Going into Spybot > Mode > Advanced Mode > Tools > Resident. Under the heading "Resident protection status" make sure the following item is checked: Resident "TeaTimer" (Protection of over-all system settings) active.

Sorry about that, but yes, that is the version I have. I will follow the remainder of your instructions.

Thanks to all who offered help. It is greatly appreciated.