I was recently infected with a virus, and have seemed to fight it off successfully so far. I was running TeaTimer and disallowed any registry changes regarding Browser Helper Objects (note that these were all changes to registry entries, not deletions). I blacklisted all of these changes namely because I wasn't doing anything when the changes popped up - my computer seemed to be idle, so I assumed that the changes were being made by some malicious code.
Now it appears that this happens all the time, and TeaTimer fills up my screen with notifications of the blacklisted changes that were denied.
Is there any way of knowing or confirming that these changes should indeed be blocked, or if I should allow them? If they should be blocked, I assume it means I still have malware on my machine and should post a report in that forum.

supplyer:

What version of Spybot - Search & Destroy are you running (Spybot > Help > About)?

1.5.2.20

supplyer:

Please post the portion of the Resident.log that shows the changes you are having problems with.
There are several ways (4 listed below) to access the TeaTimer's Resident.log file:
Right click on the TeaTimer (Spybot-SD Resident) system tray icon and select Show Log.
Go into Spybot > Mode > Advanced Mode > Tools > Resident.
Go into Spybot > Mode > Advanced mode > Tools > View Reports > View Previous reports. Select the Resident.log file and open it.
Using Windows Explorer, navigate to the Resident.log file located in one of the following directories:
Windows 95 or 98:
C:\Windows\Application Data\Spybot - Search & Destroy\Logs
Windows ME:
C:\Windows\All Users\Application Data\Spybot - Search & Destroy\Logs
Windows NT, 2000 or XP:
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs
Windows Vista:
C:\ProgramData\Spybot - Search & Destroy\Logs
Double click on Resident.log file and it should open with Notepad.
To copy information from the log into a post in the forum:
Copy the information into the Clipboard:
Highlight the portion of the log that you want to copy.
Right click and select Copy.
Paste (Ctrl+V) the information from the Clipboard to a new post in this thread.

Here is a sample of the logs demonstrating the registry changes that seem to happen constantly:

5/8/2008 3:13:47 PM Denied (based on user blacklist) value "{63F7460B-C831-4142-A4AA-5EC303EC4343}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:13:49 PM Denied (based on user blacklist) value "{BC7D8DE8-EF3D-4F44-8B54-03759FAC1367}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:13:49 PM Denied (based on user blacklist) value "{c900b400-cdfe-11d3-976a-00e02913a9e0}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:13:49 PM Denied (based on user blacklist) value "{cf021f40-3e14-23a5-cba2-717765728274}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:13:50 PM Denied (based on user blacklist) value "{fc3a74e5-f281-4f10-ae1e-733078684f3c}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:13:50 PM Denied (based on user blacklist) value "{ffff0001-0002-101a-a3c9-08002b2f49fb}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:03 PM Allowed (based on user decision) value "UserInit" (new data: "c:\windows\system32\userinit.exe,") changed in Winlogon!
5/8/2008 3:14:03 PM Denied (based on user blacklist) value "yayXrrOe" (new data: "") deleted in Winlogon Notifiers!
5/8/2008 3:14:06 PM Denied (based on user blacklist) value "{63F7460B-C831-4142-A4AA-5EC303EC4343}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:06 PM Denied (based on user blacklist) value "{BC7D8DE8-EF3D-4F44-8B54-03759FAC1367}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:06 PM Denied (based on user blacklist) value "{c900b400-cdfe-11d3-976a-00e02913a9e0}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:06 PM Denied (based on user blacklist) value "{cf021f40-3e14-23a5-cba2-717765728274}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:06 PM Denied (based on user blacklist) value "{fc3a74e5-f281-4f10-ae1e-733078684f3c}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:06 PM Denied (based on user blacklist) value "{ffff0001-0002-101a-a3c9-08002b2f49fb}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:07 PM Denied (based on user blacklist) value "yayXrrOe" (new data: "") deleted in Winlogon Notifiers!
5/8/2008 3:14:09 PM Denied (based on user blacklist) value "{63F7460B-C831-4142-A4AA-5EC303EC4343}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:09 PM Denied (based on user blacklist) value "{BC7D8DE8-EF3D-4F44-8B54-03759FAC1367}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:09 PM Denied (based on user blacklist) value "{c900b400-cdfe-11d3-976a-00e02913a9e0}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:09 PM Denied (based on user blacklist) value "{cf021f40-3e14-23a5-cba2-717765728274}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:09 PM Denied (based on user blacklist) value "{fc3a74e5-f281-4f10-ae1e-733078684f3c}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:10 PM Denied (based on user blacklist) value "{ffff0001-0002-101a-a3c9-08002b2f49fb}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:10 PM Denied (based on user blacklist) value "yayXrrOe" (new data: "") deleted in Winlogon Notifiers!
5/8/2008 3:14:12 PM Denied (based on user blacklist) value "{63F7460B-C831-4142-A4AA-5EC303EC4343}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:13 PM Denied (based on user blacklist) value "{BC7D8DE8-EF3D-4F44-8B54-03759FAC1367}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:13 PM Denied (based on user blacklist) value "{c900b400-cdfe-11d3-976a-00e02913a9e0}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:13 PM Denied (based on user blacklist) value "{cf021f40-3e14-23a5-cba2-717765728274}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:13 PM Denied (based on user blacklist) value "{fc3a74e5-f281-4f10-ae1e-733078684f3c}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:13 PM Denied (based on user blacklist) value "{ffff0001-0002-101a-a3c9-08002b2f49fb}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:13 PM Denied (based on user blacklist) value "yayXrrOe" (new data: "") deleted in Winlogon Notifiers!
5/8/2008 3:14:16 PM Denied (based on user blacklist) value "{63F7460B-C831-4142-A4AA-5EC303EC4343}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:16 PM Denied (based on user blacklist) value "{BC7D8DE8-EF3D-4F44-8B54-03759FAC1367}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:16 PM Denied (based on user blacklist) value "{c900b400-cdfe-11d3-976a-00e02913a9e0}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:16 PM Denied (based on user blacklist) value "{cf021f40-3e14-23a5-cba2-717765728274}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:16 PM Denied (based on user blacklist) value "{fc3a74e5-f281-4f10-ae1e-733078684f3c}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:17 PM Denied (based on user blacklist) value "{ffff0001-0002-101a-a3c9-08002b2f49fb}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:17 PM Denied (based on user blacklist) value "yayXrrOe" (new data: "") deleted in Winlogon Notifiers!
5/8/2008 3:14:19 PM Denied (based on user blacklist) value "{63F7460B-C831-4142-A4AA-5EC303EC4343}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:20 PM Denied (based on user blacklist) value "{BC7D8DE8-EF3D-4F44-8B54-03759FAC1367}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:20 PM Denied (based on user blacklist) value "{c900b400-cdfe-11d3-976a-00e02913a9e0}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:20 PM Denied (based on user blacklist) value "{cf021f40-3e14-23a5-cba2-717765728274}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:20 PM Denied (based on user blacklist) value "{fc3a74e5-f281-4f10-ae1e-733078684f3c}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:20 PM Denied (based on user blacklist) value "{ffff0001-0002-101a-a3c9-08002b2f49fb}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:20 PM Denied (based on user blacklist) value "yayXrrOe" (new data: "") deleted in Winlogon Notifiers!
5/8/2008 3:14:23 PM Denied (based on user blacklist) value "{63F7460B-C831-4142-A4AA-5EC303EC4343}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:23 PM Denied (based on user blacklist) value "{BC7D8DE8-EF3D-4F44-8B54-03759FAC1367}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:23 PM Denied (based on user blacklist) value "{c900b400-cdfe-11d3-976a-00e02913a9e0}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:23 PM Denied (based on user blacklist) value "{cf021f40-3e14-23a5-cba2-717765728274}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:23 PM Denied (based on user blacklist) value "{fc3a74e5-f281-4f10-ae1e-733078684f3c}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:23 PM Denied (based on user blacklist) value "{ffff0001-0002-101a-a3c9-08002b2f49fb}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:24 PM Denied (based on user blacklist) value "yayXrrOe" (new data: "") deleted in Winlogon Notifiers!
5/8/2008 3:14:26 PM Denied (based on user blacklist) value "{63F7460B-C831-4142-A4AA-5EC303EC4343}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:26 PM Denied (based on user blacklist) value "{BC7D8DE8-EF3D-4F44-8B54-03759FAC1367}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:26 PM Denied (based on user blacklist) value "{c900b400-cdfe-11d3-976a-00e02913a9e0}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:26 PM Denied (based on user blacklist) value "{cf021f40-3e14-23a5-cba2-717765728274}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:27 PM Denied (based on user blacklist) value "{fc3a74e5-f281-4f10-ae1e-733078684f3c}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:27 PM Denied (based on user blacklist) value "{ffff0001-0002-101a-a3c9-08002b2f49fb}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:27 PM Denied (based on user blacklist) value "yayXrrOe" (new data: "") deleted in Winlogon Notifiers!
5/8/2008 3:14:29 PM Denied (based on user blacklist) value "{63F7460B-C831-4142-A4AA-5EC303EC4343}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:30 PM Denied (based on user blacklist) value "{BC7D8DE8-EF3D-4F44-8B54-03759FAC1367}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:30 PM Denied (based on user blacklist) value "{c900b400-cdfe-11d3-976a-00e02913a9e0}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:30 PM Denied (based on user blacklist) value "{cf021f40-3e14-23a5-cba2-717765728274}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:30 PM Denied (based on user blacklist) value "{fc3a74e5-f281-4f10-ae1e-733078684f3c}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:30 PM Denied (based on user blacklist) value "{ffff0001-0002-101a-a3c9-08002b2f49fb}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:30 PM Denied (based on user blacklist) value "yayXrrOe" (new data: "") deleted in Winlogon Notifiers!
5/8/2008 3:14:33 PM Denied (based on user blacklist) value "{63F7460B-C831-4142-A4AA-5EC303EC4343}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:33 PM Denied (based on user blacklist) value "{BC7D8DE8-EF3D-4F44-8B54-03759FAC1367}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:33 PM Denied (based on user blacklist) value "{c900b400-cdfe-11d3-976a-00e02913a9e0}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:33 PM Denied (based on user blacklist) value "{cf021f40-3e14-23a5-cba2-717765728274}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:33 PM Denied (based on user blacklist) value "{fc3a74e5-f281-4f10-ae1e-733078684f3c}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:33 PM Denied (based on user blacklist) value "{ffff0001-0002-101a-a3c9-08002b2f49fb}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:35 PM Denied (based on user blacklist) value "yayXrrOe" (new data: "") deleted in Winlogon Notifiers!
5/8/2008 3:14:37 PM Denied (based on user blacklist) value "{63F7460B-C831-4142-A4AA-5EC303EC4343}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:38 PM Denied (based on user blacklist) value "{BC7D8DE8-EF3D-4F44-8B54-03759FAC1367}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:38 PM Denied (based on user blacklist) value "{c900b400-cdfe-11d3-976a-00e02913a9e0}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:38 PM Denied (based on user blacklist) value "{cf021f40-3e14-23a5-cba2-717765728274}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:38 PM Denied (based on user blacklist) value "{fc3a74e5-f281-4f10-ae1e-733078684f3c}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:38 PM Denied (based on user blacklist) value "{ffff0001-0002-101a-a3c9-08002b2f49fb}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:38 PM Denied (based on user blacklist) value "yayXrrOe" (new data: "") deleted in Winlogon Notifiers!
5/8/2008 3:14:41 PM Denied (based on user blacklist) value "{63F7460B-C831-4142-A4AA-5EC303EC4343}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:41 PM Denied (based on user blacklist) value "{BC7D8DE8-EF3D-4F44-8B54-03759FAC1367}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:41 PM Denied (based on user blacklist) value "{c900b400-cdfe-11d3-976a-00e02913a9e0}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:41 PM Denied (based on user blacklist) value "{cf021f40-3e14-23a5-cba2-717765728274}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:41 PM Denied (based on user blacklist) value "{fc3a74e5-f281-4f10-ae1e-733078684f3c}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:41 PM Denied (based on user blacklist) value "{ffff0001-0002-101a-a3c9-08002b2f49fb}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:42 PM Denied (based on user blacklist) value "yayXrrOe" (new data: "") deleted in Winlogon Notifiers!
5/8/2008 3:14:45 PM Denied (based on user blacklist) value "{63F7460B-C831-4142-A4AA-5EC303EC4343}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:45 PM Denied (based on user blacklist) value "{BC7D8DE8-EF3D-4F44-8B54-03759FAC1367}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:45 PM Denied (based on user blacklist) value "{c900b400-cdfe-11d3-976a-00e02913a9e0}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:45 PM Denied (based on user blacklist) value "{cf021f40-3e14-23a5-cba2-717765728274}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:45 PM Denied (based on user blacklist) value "{fc3a74e5-f281-4f10-ae1e-733078684f3c}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:45 PM Denied (based on user blacklist) value "{ffff0001-0002-101a-a3c9-08002b2f49fb}" (new data: "") deleted in Browser Helper Object!
5/8/2008 3:14:46 PM Denied (based on user blacklist) value "yayXrrOe" (new data: "") deleted in Winlogon Notifiers!

This pattern continues every 1-4 seconds according to the remainder of the logs.

Supplyer:

It appears that you are in the loop because you must have done a "Deny change" and checked the "Remember this decision" option on changes which instructed TeaTimer to deny all subsequent similar registry changes. Actually since most of the changes a the deletions of Browser Helper Objects, I suspect that you were using TeaTime 1.4 checked the "Remember this decision" and exited the registry change dialog without checking either the "Allow change or "Deny change" buttons. The reason I suspect that is because "Deny change" is not an option deletions of Browser Helper Objects. In any case the

If you check "Remember this decision" on a change, the information concerning that change it is stored in a file. TeaTimer uses that information to automatically "Allow" or "Deny" similar registry changes for all future changes. To edit that information:Right click on the TeaTimer system tray icon and select Settings. This will bring up TeaTimer's "White & Black List". There are four (4) Buttons across the top of the "White & Black List":
Allowed registry changes
Blocked registry changes
Allowed processes
Blocked processes
You can review all the entries that you have stored by clicking on these buttons. The entries that you should review are in "Blocked registry changes". You can delete entries by clicking on the scripted black "X" to the right of the entry that you want to delete, answering "Yes" to the confirmation dialog and then clicking the "OK" button when you're done.After you have done that, the next time a similar registry change occurs TeaTimer will issue a registry change dialog rather than automatically deny the change. At that time you should allow the change and I suggest that you do not use the "Remember this decision" option.

If you find that you cannot access the TeaTimer's "White & Black List" because of the loop, exit TeaTimer by right clicking on Spybot's TeaTimer System Tray Icon and selecting Exit Spybot-S&D Resident. After you have exited TeaTimer, delete the RegKeyBlack.sbe file where the automatic "Deny change" records are stored. You will find the RegKeyBlack.sbe file in one of the following locations:
Windows 95 or 98:
C:\Windows\Application Data\Spybot - Search & Destroy\Excludes
Windows ME:
C:\Windows\All Users\Application Data\Spybot - Search & Destroy\Excludes
Windows NT, 2000 or XP:
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Excludes
Windows Vista:
C:\ProgramData\Spybot - Search & Destroy\Excludes
Reboot your system.

After you have done that, the next time a similar registry changes occur TeaTimer will issue a registry change dialog rather than automatically deny the change. At that time you should allow the change and I suggest that you do not use the "Remember this decision" option.