View Full Version : Blacklist (Removal) After Uninstalled Spybot
kylehodgson
2008-08-04, 17:44
How can I get rid of the Blacklist my OLD spybot made? Its stopping my internet adaptor software!:oops:
The old entrys arn't recorded in the 4 Tab removal box's!
kylehodgson
2008-08-04, 17:55
01/08/2008 18:55:11 Allowed (based on user decision) value "StartCCC" (new data: ""C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun") changed in System Startup global entry!
01/08/2008 18:55:13 Allowed (based on user decision) value "ATICustomerCare" (new data: ""C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"") added in System Startup global entry!
01/08/2008 18:55:25 Allowed (based on user decision) value "ATICustomerCare" (new data: "") deleted in System Startup global entry!
04/08/2008 12:14:07 Allowed (based on lassh blacklist) value "KernelFaultCheck" (new data: "%systemroot%\system32\dumprep 0 -k") added in System Startup global entry!
04/08/2008 12:14:25 Allowed (based on lassh blacklist) value "KernelFaultCheck" (new data: "") deleted in System Startup global entry!
04/08/2008 12:16:59 Allowed (based on lassh blacklist) value "CTFMON.EXE" (new data: "C:\WINDOWS\system32\ctfmon.exe") added in System Startup user entry!
04/08/2008 12:17:00 Allowed (based on lassh blacklist) value "MSMSGS" (new data: ""C:\Program Files\Messenger\msmsgs.exe" /background") added in System Startup user entry!
04/08/2008 12:17:01 Allowed (based on authenticode whitelist) value "SpybotSD TeaTimer" (new data: "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe") added in System Startup user entry!
04/08/2008 12:17:01 Allowed (based on lassh blacklist) value "SoundMAXPnP" (new data: "C:\Program Files\Analog Devices\Core\smax4pnp.exe") added in System Startup global entry!
04/08/2008 12:17:01 Allowed (based on lassh blacklist) value "SoundMAX" (new data: ""C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray") added in System Startup global entry!
04/08/2008 12:17:35 Allowed (based on user decision) value "SunJavaUpdateSched" (new data: ""C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"") added in System Startup global entry!
04/08/2008 12:17:40 Allowed (based on user decision) value "AODAssist.exe" (new data: "C:\Program Files\AMD\AMD OverDrive\AODAssist.exe") added in System Startup global entry!
04/08/2008 12:17:40 Allowed (based on user whitelist) value "StartCCC" (new data: ""C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun") added in System Startup global entry!
04/08/2008 12:17:44 Allowed (based on user decision) value "Local Page" (new data: "C:\WINDOWS\system32\blank.htm") added in Browser page!
04/08/2008 12:17:47 Denied (based on user decision) value "Search Page" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch") added in Browser page!
04/08/2008 12:17:49 Denied (based on user decision) value "Start Page" (new data: "http://www.google.co.uk/") added in Browser page!
04/08/2008 12:17:50 Denied (based on user decision) value "Local Page" (new data: "%SystemRoot%\system32\blank.htm") added in Browser page!
04/08/2008 12:17:50 Denied (based on user decision) value "Search Page" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch") added in Browser page!
04/08/2008 12:17:51 Denied (based on user decision) value "Start Page" (new data: "http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home") added in Browser page!
04/08/2008 12:17:54 Denied (based on user decision) value "Default_Page_URL" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome") added in Browser page!
04/08/2008 12:17:54 Denied (based on user decision) value "Default_Search_URL" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch") added in Browser page!
04/08/2008 12:17:54 Denied (based on user decision) value "SearchAssistant" (new data: "http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm") added in Browser page!
04/08/2008 12:17:55 Denied (based on user decision) value "CustomizeSearch" (new data: "http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm") added in Browser page!
04/08/2008 12:23:33 Allowed (based on lassh blacklist) value "KernelFaultCheck" (new data: "%systemroot%\system32\dumprep 0 -k") added in System Startup global entry!
04/08/2008 12:23:54 Allowed (based on lassh blacklist) value "KernelFaultCheck" (new data: "") deleted in System Startup global entry!
04/08/2008 13:54:29 Allowed (based on lassh blacklist) value "KernelFaultCheck" (new data: "%systemroot%\system32\dumprep 0 -k") added in System Startup global entry!
04/08/2008 13:54:36 Allowed (based on lassh blacklist) value "KernelFaultCheck" (new data: "") deleted in System Startup global entry!
04/08/2008 14:03:21 Allowed (based on lassh blacklist) value "KernelFaultCheck" (new data: "%systemroot%\system32\dumprep 0 -k") added in System Startup global entry!
04/08/2008 14:03:41 Allowed (based on user decision) value "PostBootReminder" (new data: "{7849596a-48ea-486e-8937-a2a3009f31a9}") added in Shell services!
04/08/2008 14:03:44 Denied (based on user decision) value "CDBurn" (new data: "{fbeb8a05-beee-4442-804e-409d6c4515e9}") added in Shell services!
04/08/2008 14:03:46 Denied (based on user decision) value "WebCheck" (new data: "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}") added in Shell services!
04/08/2008 14:03:48 Denied (based on user decision) value "SysTray" (new data: "{35CEC8A3-2BE6-11D2-8773-92E220524153}") added in Shell services!
04/08/2008 14:03:51 Denied (based on user decision) value "BootExecute" (new data: "autocheck autochk *
") added in Session manager!
04/08/2008 14:03:53 Denied (based on user decision) value "ExcludeFromKnownDlls" (new data: "") added in Session manager!
04/08/2008 14:03:53 Denied (based on user decision) value "BootExecute" (new data: "autocheck autochk *
") added in Session manager!
04/08/2008 14:03:55 Denied (based on user decision) value "ExcludeFromKnownDlls" (new data: "") added in Session manager!
04/08/2008 14:03:56 Denied (based on user decision) value "scrnsave.exe" (new data: "C:\WINDOWS\System32\logon.scr") added in Desktop settings!
04/08/2008 14:03:59 Denied (based on user decision) value "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (new data: "") added in Internet Explorer searches!
04/08/2008 14:04:00 Allowed (based on lassh blacklist) value "KernelFaultCheck" (new data: "") deleted in System Startup global entry!
04/08/2008 14:53:56 Allowed (based on authenticode whitelist) value "SpybotSD TeaTimer" (new data: "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe") added in System Startup user entry!
Spybot in there somewhere disabled my Wireless Adaptor software. How can I remove this registy edit?
Recovery has a password on it any ideas of the password?
md usa spybot fan
2008-08-04, 19:06
kylehodgson:
There were eighteen 18 "Denied" registry changes and all were "Denied (based on user decision)" not from "Blocked registry changes" the blacklist created when you use "Remember this decision" in TeaTimer. Therefore it is quite possible that you have no entries in "Blocked registry changes".
I do see an "Allowed" registry changes that indicating "Allowed (based on user whitelist)". Therefore I think that you should have at least one entry in "Allowed registry changes".
There were twelve (12) "Allowed" registry changes that indicated "Allowed (based on lassh blacklist)" and two (2) "Allowed" registry changes that indicated "Allowed (based on authenticode whitelist)". These are changes automatically "Allowed" or "Denied" based on TeaTimer's internal database of blacklisted/white isted processes and all of those changes were to system startup entries.
I don't know exactly what has caused your problem, but I don't see any indication it stems from TeaTimer using "… the Blacklist my OLD spybot made …" since none of the entries from the Resident.log file that you posted indicate that there were any denials based on entries in either the RegKeyBlack.sbe or the ProcBlack.sbe files where TeaTimer stores "Allow change" or "Deny change" decisions when the "Remember this decision" option is elected.
GLisimaque
2008-10-30, 19:08
I installed the latest Spybot version and since then I cannot prevent (no question asked by TeaTimer) the WCESCOMM.EXE program from re-installing itself in the startup directory. I tried to create an SBI file but it only prevents the program from running (I guess because of the way I wrote it). Each time mu computer is re-strated I have to remove the netry by running manually SpyBot.
How can I NOT Allow the modification (when it adds itslef) below? What can I change/add/create to prevent this modification from being "allowed based on lassh blacklist"?
Gilles Lisimaque:snorkle:
30-Oct-08 9:43:43 Allowed (based on lassh blacklist) value "H/PC Connection Agent" (new data: ""C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"") added in System Startup user entry!
30-Oct-08 11:48:05 Allowed (based on lassh blacklist) value "H/PC Connection Agent" (new data: "") deleted in System Startup user entry!
30-Oct-08 12:52:21 Allowed (based on lassh blacklist) value "H/PC Connection Agent" (new data: ""C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"") added in System Startup user entry!
Sierradelight
2012-04-15, 01:54
How can I get rid of the Blacklist my OLD spybot made? Its stopping my internet adaptor software!:oops:
The old entrys arn't recorded in the 4 Tab removal box's!
This is for future reference to people who have this problem, I allowed (based on user decision)changes but i didn't realize it was actually disabling software to open. So my laptop completely shut down along with all the drivers. I tried to do a system restore, it wouldn't allow it. Kept telling me "The Volume Shadow copy service used by system restore us not working(0x81000202)." I had no idea what I did but I completely blocked any software from working, safemode, bios, f8...there is nothing on the "advanced settings" that showed "repair..."
so after 7 hours of just clicking and searching the resident log, I figured it out!
What you do is type in msconfig in the cmd box and go to selective startup and click "enable all."
after I restarted the computer, everything worked and I was able to do a system restore from a few days ago, before all this B.S.
I was a little mad at myself for not trying this earlier because it was such an easy fix, but well stuff happens.
(I did the above last, but I think it would work better if you try it first)
I also found myself at the Computer management, you can just type that in the cmd/search box. Computer Management--->Services and Applications--->services... it lists all the drivers and software. They were ALL disabled, so I started changing to automatic when I realized I could go to selective start up and enable all.
I really hope this helps people, because I could not find an answer anywhere.