Question about Registry change

**CalamityJane** · 2005-10-23, 19:35

Hah! Found you guys :D

Trying to help a Spybot user in another forum. He keeps getting popups about this registry change? I see no problems in his HijackThis log, and that CSLID appears to belong to Adobe. Can anyone tell me what this change is or knows what this is?

23-10-2005 15:17:43 Denied value "ITBarLayout" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:44 Denied value "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (new data: "") deleted in User-specific browser toolbar!

This is the original thread if you need to see what we have done:
http://www.dslreports.com/forum/remark,14633447

Thanks for your help

md usa spybot fan · 2005-10-23, 21:48

CalamityJane:

Have bladerider stop TeaTimer and let the change (looks like a delete of the Adobe Toolbar) take place. To do that:

Right click Spybot's TeaTimer System Tray Icon > click Exit Spybot-S&D Resident.
- TeaTimer closes.

Then have him restart TeaTimer as follows:

Using Windows Explorer, navigate to C:\Program Files\Spybot - Search & Destroy.
Double click TeaTimer.exe to start it.

I assume that something is trying to delete the following entry repetitively:

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

It appears that when this change was initiated the TeaTimer pop-up dialog was answered with a "Deny change" "Remember this decision" or checked "Remember this decision" was check and the dialog was closed without answer either "Allow change" or "Deny change" and the problem escalated from there.

There is addition things that bladerider should do but I think that should alleviate the current problem.

**CalamityJane** · 2005-10-24, 00:57

Thanks for the reply md! I thought the same thing and I asked if he was trying to delete the toolbar...he said he was not.

**tashi** · 2005-10-25, 06:26

Postscript.
CJ's member:

Quote:

After I have shut down TeaTimer and left it off for a few minutes before starting it again the popups have stopped !!!

**CalamityJane** · 2005-10-25, 06:32

Quote:

Originally Posted by tashi

Postscript.
CJ's member:

I know! Saw that. Don't know what to make of that as it makes no sense to me

I'm waiting for Bubba to return and reply :p

Hi Tashi!!! Glad to see you here!!!

bubba · 2005-10-25, 21:39

Quote:

Originally Posted by CalamityJane

I'm waiting for Bubba to return and reply :p

I'd like a reply also....but it concerns is the Jane Family awight after Wilma

**CalamityJane** · 2005-10-26, 02:25

Well, Howdy, Bubba!

We're fine...a little soggy (8 inches of rain in under 24 hours), but fine

Good to see you here, too!!

**CalamityJane** · 2005-10-26, 02:30

Quote:

Originally Posted by md usa spybot fan

It appears that when this change was initiated the TeaTimer pop-up dialog was answered with a "Deny change" "Remember this decision" or checked "Remember this decision" was check and the dialog was closed without answer either "Allow change" or "Deny change" and the problem escalated from there.

~cleans glasses~ and this sinks in as about what Bubba was saying, I think

So user error in closing the dialogue box without checking an action to take and Spybot was trying to delete it repetitively because it didn't know? And that turning off Teatimer and turning it back on again fixed the dilema?

bubba · 2005-10-26, 04:16

Quote:

Originally Posted by CalamityJane

So user error in closing the dialogue box without checking an action to take

In the thread at DSLR I asked the user if they saw a Blocked registry changes entry under TeaTimer\Settings concerning ITBarLayout and their answer was yes.

Quote:

Originally Posted by bladerider

I have checked the Teatime and there is an entry in there for the ITBarLayout.

That told me they had previously on purpose or inadvertenly made a "Deny change". Since TeaTimer's reg snapshot prior to the toolbar addition did not have the toolbar as an entry....the user was receiving Registry change denied alert.

Quote:

Originally Posted by CalamityJane

And that turning off Teatimer and turning it back on again fixed the dilema?

Since musf says it about as good as anyone I'll quote his TeaTimer\Snapshot explanation.

Quote:

Originally Posted by md usa spybot fan

TeaTimer takes snapshots of Registry entries and compares these with the Registry at startup. Until these snapshots are updated you are likely to get pop-ups (at startup) of changes you made in the past. In other words, TeaTimer attempts to return the Registry to the state it was in when the snapshot was taken. This happens primarily when you reboot the system.

2005-10-23, 19:35	#1
CalamityJane Security Expert Join Date: Oct 2005 Location: Central Florida, USA Posts: 652	Question about Registry change Hah! Found you guys :D Trying to help a Spybot user in another forum. He keeps getting popups about this registry change? I see no problems in his HijackThis log, and that CSLID appears to belong to Adobe. Can anyone tell me what this change is or knows what this is? 23-10-2005 15:17:43 Denied value "ITBarLayout" (new data: "") deleted in User-specific browser toolbar! 23-10-2005 15:17:44 Denied value "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (new data: "") deleted in User-specific browser toolbar! This is the original thread if you need to see what we have done: http://www.dslreports.com/forum/remark,14633447 Thanks for your help __________________ Microsoft MVP 2003-2009 Windows-Security

2005-10-23, 21:48	#2
md usa spybot fan Spybot Advisor Team Join Date: Oct 2005 Posts: 5,879	CalamityJane: Have bladerider stop TeaTimer and let the change (looks like a delete of the Adobe Toolbar) take place. To do that: Right click Spybot's TeaTimer System Tray Icon > click Exit Spybot-S&D Resident. TeaTimer closes. Then have him restart TeaTimer as follows: Using Windows Explorer, navigate to C:\Program Files\Spybot - Search & Destroy. Double click TeaTimer.exe to start it. I assume that something is trying to delete the following entry repetitively: O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll It appears that when this change was initiated the TeaTimer pop-up dialog was answered with a "Deny change" "Remember this decision" or checked "Remember this decision" was check and the dialog was closed without answer either "Allow change" or "Deny change" and the problem escalated from there. There is addition things that bladerider should do but I think that should alleviate the current problem.

2005-10-24, 00:57	#3
CalamityJane Security Expert Join Date: Oct 2005 Location: Central Florida, USA Posts: 652	Thanks for the reply md! I thought the same thing and I asked if he was trying to delete the toolbar...he said he was not. __________________ Microsoft MVP 2003-2009 Windows-Security

2005-10-26, 02:25	#7
CalamityJane Security Expert Join Date: Oct 2005 Location: Central Florida, USA Posts: 652	Well, Howdy, Bubba! We're fine...a little soggy (8 inches of rain in under 24 hours), but fine Good to see you here, too!! __________________ Microsoft MVP 2003-2009 Windows-Security

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode