How can I get rid of the Blacklist my OLD spybot made? Its stopping my internet adaptor software!:oops:

The old entrys arn't recorded in the 4 Tab removal box's!

01/08/2008 18:55:11 Allowed (based on user decision) value "StartCCC" (new data: ""C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun") changed in System Startup global entry!
01/08/2008 18:55:13 Allowed (based on user decision) value "ATICustomerCare" (new data: ""C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"") added in System Startup global entry!
01/08/2008 18:55:25 Allowed (based on user decision) value "ATICustomerCare" (new data: "") deleted in System Startup global entry!
04/08/2008 12:14:07 Allowed (based on lassh blacklist) value "KernelFaultCheck" (new data: "%systemroot%\system32\dumprep 0 -k") added in System Startup global entry!
04/08/2008 12:14:25 Allowed (based on lassh blacklist) value "KernelFaultCheck" (new data: "") deleted in System Startup global entry!
04/08/2008 12:16:59 Allowed (based on lassh blacklist) value "CTFMON.EXE" (new data: "C:\WINDOWS\system32\ctfmon.exe") added in System Startup user entry!
04/08/2008 12:17:00 Allowed (based on lassh blacklist) value "MSMSGS" (new data: ""C:\Program Files\Messenger\msmsgs.exe" /background") added in System Startup user entry!
04/08/2008 12:17:01 Allowed (based on authenticode whitelist) value "SpybotSD TeaTimer" (new data: "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe") added in System Startup user entry!
04/08/2008 12:17:01 Allowed (based on lassh blacklist) value "SoundMAXPnP" (new data: "C:\Program Files\Analog Devices\Core\smax4pnp.exe") added in System Startup global entry!
04/08/2008 12:17:01 Allowed (based on lassh blacklist) value "SoundMAX" (new data: ""C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray") added in System Startup global entry!
04/08/2008 12:17:35 Allowed (based on user decision) value "SunJavaUpdateSched" (new data: ""C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"") added in System Startup global entry!
04/08/2008 12:17:40 Allowed (based on user decision) value "AODAssist.exe" (new data: "C:\Program Files\AMD\AMD OverDrive\AODAssist.exe") added in System Startup global entry!
04/08/2008 12:17:40 Allowed (based on user whitelist) value "StartCCC" (new data: ""C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun") added in System Startup global entry!
04/08/2008 12:17:44 Allowed (based on user decision) value "Local Page" (new data: "C:\WINDOWS\system32\blank.htm") added in Browser page!
04/08/2008 12:17:47 Denied (based on user decision) value "Search Page" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch") added in Browser page!
04/08/2008 12:17:49 Denied (based on user decision) value "Start Page" (new data: "http://www.google.co.uk/") added in Browser page!
04/08/2008 12:17:50 Denied (based on user decision) value "Local Page" (new data: "%SystemRoot%\system32\blank.htm") added in Browser page!
04/08/2008 12:17:50 Denied (based on user decision) value "Search Page" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch") added in Browser page!
04/08/2008 12:17:51 Denied (based on user decision) value "Start Page" (new data: "http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home") added in Browser page!
04/08/2008 12:17:54 Denied (based on user decision) value "Default_Page_URL" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome") added in Browser page!
04/08/2008 12:17:54 Denied (based on user decision) value "Default_Search_URL" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch") added in Browser page!
04/08/2008 12:17:54 Denied (based on user decision) value "SearchAssistant" (new data: "http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm") added in Browser page!
04/08/2008 12:17:55 Denied (based on user decision) value "CustomizeSearch" (new data: "http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm") added in Browser page!
04/08/2008 12:23:33 Allowed (based on lassh blacklist) value "KernelFaultCheck" (new data: "%systemroot%\system32\dumprep 0 -k") added in System Startup global entry!
04/08/2008 12:23:54 Allowed (based on lassh blacklist) value "KernelFaultCheck" (new data: "") deleted in System Startup global entry!
04/08/2008 13:54:29 Allowed (based on lassh blacklist) value "KernelFaultCheck" (new data: "%systemroot%\system32\dumprep 0 -k") added in System Startup global entry!
04/08/2008 13:54:36 Allowed (based on lassh blacklist) value "KernelFaultCheck" (new data: "") deleted in System Startup global entry!
04/08/2008 14:03:21 Allowed (based on lassh blacklist) value "KernelFaultCheck" (new data: "%systemroot%\system32\dumprep 0 -k") added in System Startup global entry!
04/08/2008 14:03:41 Allowed (based on user decision) value "PostBootReminder" (new data: "{7849596a-48ea-486e-8937-a2a3009f31a9}") added in Shell services!
04/08/2008 14:03:44 Denied (based on user decision) value "CDBurn" (new data: "{fbeb8a05-beee-4442-804e-409d6c4515e9}") added in Shell services!
04/08/2008 14:03:46 Denied (based on user decision) value "WebCheck" (new data: "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}") added in Shell services!
04/08/2008 14:03:48 Denied (based on user decision) value "SysTray" (new data: "{35CEC8A3-2BE6-11D2-8773-92E220524153}") added in Shell services!
04/08/2008 14:03:51 Denied (based on user decision) value "BootExecute" (new data: "autocheck autochk *
") added in Session manager!
04/08/2008 14:03:53 Denied (based on user decision) value "ExcludeFromKnownDlls" (new data: "") added in Session manager!
04/08/2008 14:03:53 Denied (based on user decision) value "BootExecute" (new data: "autocheck autochk *
") added in Session manager!
04/08/2008 14:03:55 Denied (based on user decision) value "ExcludeFromKnownDlls" (new data: "") added in Session manager!
04/08/2008 14:03:56 Denied (based on user decision) value "scrnsave.exe" (new data: "C:\WINDOWS\System32\logon.scr") added in Desktop settings!
04/08/2008 14:03:59 Denied (based on user decision) value "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (new data: "") added in Internet Explorer searches!
04/08/2008 14:04:00 Allowed (based on lassh blacklist) value "KernelFaultCheck" (new data: "") deleted in System Startup global entry!
04/08/2008 14:53:56 Allowed (based on authenticode whitelist) value "SpybotSD TeaTimer" (new data: "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe") added in System Startup user entry!











Spybot in there somewhere disabled my Wireless Adaptor software. How can I remove this registy edit?

Recovery has a password on it any ideas of the password?

kylehodgson:

There were eighteen 18 "Denied" registry changes and all were "Denied (based on user decision)" not from "Blocked registry changes" the blacklist created when you use "Remember this decision" in TeaTimer. Therefore it is quite possible that you have no entries in "Blocked registry changes".

I do see an "Allowed" registry changes that indicating "Allowed (based on user whitelist)". Therefore I think that you should have at least one entry in "Allowed registry changes".

There were twelve (12) "Allowed" registry changes that indicated "Allowed (based on lassh blacklist)" and two (2) "Allowed" registry changes that indicated "Allowed (based on authenticode whitelist)". These are changes automatically "Allowed" or "Denied" based on TeaTimer's internal database of blacklisted/white isted processes and all of those changes were to system startup entries.

I don't know exactly what has caused your problem, but I don't see any indication it stems from TeaTimer using "… the Blacklist my OLD spybot made …" since none of the entries from the Resident.log file that you posted indicate that there were any denials based on entries in either the RegKeyBlack.sbe or the ProcBlack.sbe files where TeaTimer stores "Allow change" or "Deny change" decisions when the "Remember this decision" option is elected.

I installed the latest Spybot version and since then I cannot prevent (no question asked by TeaTimer) the WCESCOMM.EXE program from re-installing itself in the startup directory. I tried to create an SBI file but it only prevents the program from running (I guess because of the way I wrote it). Each time mu computer is re-strated I have to remove the netry by running manually SpyBot.
How can I NOT Allow the modification (when it adds itslef) below? What can I change/add/create to prevent this modification from being "allowed based on lassh blacklist"?

Gilles Lisimaque:snorkle:

30-Oct-08 9:43:43 Allowed (based on lassh blacklist) value "H/PC Connection Agent" (new data: ""C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"") added in System Startup user entry!
30-Oct-08 11:48:05 Allowed (based on lassh blacklist) value "H/PC Connection Agent" (new data: "") deleted in System Startup user entry!
30-Oct-08 12:52:21 Allowed (based on lassh blacklist) value "H/PC Connection Agent" (new data: ""C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"") added in System Startup user entry!