PDA

View Full Version : EF99BD32 Problem It won't go away need help fast



Bowser05
2006-10-30, 00:16
I tried posting in another topic but nobody is helping and I need to use my computer I have been waiting for hours for help. This is what is happening:

14:14 Registry change denied
Resident denied the change of {EF99BD32-C1FB-11D2-892F-0090271D4F88} (category Global browser toolbar) based on your blacklist

It won't stop flashing over and over again and the time I restarted and allowed it then the blue screen of death kept on coming on. This is a major problem I need to use my computer for homework for an upcoming midterm and I have tried various things they are not working. Help would be appreciated and I am new to this, so if there is any information you need please tell me how to get it and I will gladly post it. Thanks.

md usa spybot fan
2006-10-30, 06:32
I can't tell from the information that you provided whether you are blocking the addition, change or deletion of that registry entry. In any case I suggest that you allow the registry change to occur by removing the entry from TeaTimer's blacklist to stop the repetitive blocking of the change. To do that, right click on the TeaTimer system tray icon and select "Settings". Then go into the "Blocked registry changes" tab and remove the entry associated with that registry change by clicking on the scripted black "X" to the right of the entry and then clicking the "OK" button when you're done.

*********************

{EF99BD32-C1FB-11D2-892F-0090271D4F88} is associated with Yahoo! Toolbar (Yahoo Companion!). If the toolbar is present after you have stopped blocking the change and want to remove the toolbar, see if these instructions help:
How do I remove Yahoo! Toolbar for Internet Explorer?
http://help.yahoo.com/l/us/yahoo/toolbar/troubleshootie/toolbar-08.html
Other removal instructions:
How to Uninstall or Turn off the Yahoo! Companion Browser Toolbar
http://support.microsoft.com/kb/303047

Bowser05
2006-10-30, 07:56
The problem with me allowing the registry change is that whenever I start my computer 1 of 3 things will happen:

1: Computer will get past initial startup but will never reach the Loading Windows XP phase. Instead it will go to a black screen with a DOS cursor at the top left corner flashing indefinately.

2: It will actually make it to the XP Loading screen but then it will freeze there indefinately.

3: It will get to the sign-in screen for XP and then when I sign in, all normal registry changes will show-up and the computer will be fine, until this particular one pops up, it then asks me if I want to allow or deny. When I allow it my computer right afterwards goes straight to the 'Blue Screen of Death' no matter what. If I deny then it just keeps on flashing the Registry Change Denied box over and over again but I can use my computer just fine.

Also about the Yahoo! Toolbar, it isn't even installed so I don't really know what to do about that, I installed that months ago (I am using the newest version of IE if that is important at all).

Bowser05
2006-10-30, 10:18
I meant I uninstalled the Toolbar not installed. Sorry about that.

md usa spybot fan
2006-10-30, 15:29
I'm not sure that problems 1 and 2 above have anything to do with the changing of that registry entry. I would like to see the log of the changes that you are getting after you logon to the system including the "Yahoo! Toolbar" change you are denying.

You indicated in the following thread:
21:38 Registy change denied keeps poping-up
http://forums.spybot.info/showthread.php?t=8137

I will post the log if I can open Spybot...it isn't letting me.
Since you can't open Spybot to post the log, post the log as follows:

The Resident.log is stored in one of the following directories:
Windows 95 or 98:
C:\Windows\Application Data\Spybot - Search & Destroy\Logs
Windows ME:
C:\Windows\All Users\Application Data\Spybot - Search & Destroy\Logs
Windows NT, 2000 or XP:
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs
Using Windows Explorer, navigate to the Resident.log file. Double click on it and it should open with Notepad. Copy and paste the portion of the log that shows the registry changes that TeaTimer is getting after you are able to logon to the system, including the one in question, into a new post in this thread.

Bowser05
2006-10-30, 22:19
I should probably add that these problems still arise when I try turning on my PC and it happens multiple times before I am able to start up properly (besides blue screen since I have the registry change denied). Also I don't think my last post went through so I would like to mention that I meant that I uninstalled the Toolbar a while ago not installed. This is becoming a major problem because I spent 2 hours just trying to start up my computer this morning, but when I put it into hibernation mode it will start up just fine.

Bowser05
2006-10-30, 22:26
Sorry about that I didn't realize that you had replied. I shall post up the log, I can open Spybot at the moment I don't know why but I shall take advantage of the situation. It is very long and I don't know what exactly you want me to post so here is all of it.





--- Search result list ---


--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/917283
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/922770
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB911565)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows XP / SP3: Windows XP Hotfix - KB867282
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Security Update for Windows XP (KB883939)
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB887797
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Windows XP Hotfix - KB888310
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Hotfix for Windows XP (KB896344)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Security Update for Windows XP (KB896688)
/ Windows XP / SP3: Update for Windows XP (KB896727)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Update for Windows XP (KB900930)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901190)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB903235)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Update for Windows XP (KB904942)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Security Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Security Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912812)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Update for Windows XP (KB912945)
/ Windows XP / SP3: Security Update for Windows XP (KB913446)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Hotfix for Windows XP (KB914440)
/ Windows XP / SP3: Hotfix for Windows XP (KB915865)
/ Windows XP / SP3: Security Update for Windows XP (KB916281)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917159)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917422)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB918899)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920214)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Security Update for Windows XP (KB921398)
/ Windows XP / SP3: Security Update for Windows XP (KB921883)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922616)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Security Update for Windows XP (KB924191)
/ Windows XP / SP3: Security Update for Windows XP (KB924496)
/ Windows XP / SP3: Security Update for Windows XP (KB925486)
/ Windows XP OOB / SP10: High Definition Audio Driver Package - KB835221


--- Startup entries list ---
Located: HK_LM:Run, Adobe Photo Downloader
command: "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
file: C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
size: 57344
MD5: fd5f202b1fc7801735c9743b6a38e515

Located: HK_LM:Run, BJCFD
command: C:\Program Files\BroadJump\Client Foundation\CFD.exe
file: C:\Program Files\BroadJump\Client Foundation\CFD.exe
size: 368706
MD5: ba9af06103549a96f77036861fde357b

Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 84640
MD5: 61937bfdf7e4d169461a547acd09974c

Located: HK_LM:Run, CTDVDDET
command: "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
file: C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
size: 45056
MD5: db20fce248d269e1c396e70a91e587c8

Located: HK_LM:Run, CTHelper
command: CTHELPER.EXE
file: C:\WINDOWS\CTHELPER.EXE
size: 17920
MD5: 866346f3d82f0ca2c7d80aff41a6e1d3

Located: HK_LM:Run, CTSysVol
command: C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
file:

Located: HK_LM:Run, CTxfiHlp
command: CTXFIHLP.EXE
file: C:\WINDOWS\system32\CTXFIHLP.EXE
size: 18944
MD5: 279615246e6343b7c4badbcb8cf37067

Located: HK_LM:Run, CtxfiReg
command: CTXFIREG.EXE
file: C:\WINDOWS\system32\CTXFIREG.EXE
size: 42496
MD5: 8ed24b6e3faece600576f534f6431f3e

Located: HK_LM:Run, Dell Photo AIO Printer 922
command: "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
file: C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
size: 290816
MD5: 7c3caa179da9f396c130c63a6620eb54

Located: HK_LM:Run, dla
command: C:\WINDOWS\system32\dla\tfswctrl.exe
file: C:\WINDOWS\system32\dla\tfswctrl.exe
size: 122941
MD5: 352fbf618066d0ceb7dc8ecabeb1a8d7

Located: HK_LM:Run, DVDLauncher
command: "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
file: C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
size: 53248
MD5: b3e3c57fd22e71ce20389372d972c6dc

Located: HK_LM:Run, IAAnotif
command: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
file: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
size: 139264
MD5: 6ca4cc14fda11978617057e73d588475

Located: HK_LM:Run, IMJPMIG8.1
command: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
file: C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
size: 208952
MD5: 7bbe4cf421aecc7f0226edd75f12079f

Located: HK_LM:Run, IntelMeM
command: C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
file: C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
size: 221184
MD5: bc02e491e88492b02363ce1b384ff7a7

Located: HK_LM:Run, ISUSPM Startup
command: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
file: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe
size: 221184
MD5: a379b75a6ffe4dfd3184f35f0141ce91

Located: HK_LM:Run, ISUSScheduler
command: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
file: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
size: 81920
MD5: d2aeadfd998706b4216315b2bd3fa79e

Located: HK_LM:Run, KernelFaultCheck
command: %systemroot%\system32\dumprep 0 -k
file: C:\WINDOWS\system32\dumprep.exe
size: 10752
MD5: 13922eb54890c77005268882629a31fe

Located: HK_LM:Run, Logitech Hardware Abstraction Layer
command: KHALMNPR.EXE
file: C:\WINDOWS\KHALMNPR.EXE
size: 94208
MD5: 871323d64a8706f1b8a11149c2836fa0

Located: HK_LM:Run, MediaLifeService
command: "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
file: C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
size: 110739
MD5: 1507353ed79c7c2bdcf0ef34fdf4e995

Located: HK_LM:Run, MSPY2002
command: C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
file: C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
size: 59392
MD5: 1b17e09c1223f6d17336d2dd7a1af4f4

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff

Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 1519616
MD5: 66db459386d7bf62852b1bfa029fb887

Located: HK_LM:Run, osCheck
command: "C:\Program Files\Norton Internet Security\osCheck.exe"
file: C:\Program Files\Norton Internet Security\osCheck.exe
size: 26248
MD5: 3602c14e8b2bf31e7b4f14c162178945

Located: HK_LM:Run, PHIME2002A
command: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
file: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
size: 455168
MD5: 024dc0f68df5fd6ae9dd82dfbaf479d6

Located: HK_LM:Run, PHIME2002ASync
command: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
file: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
size: 455168
MD5: 024dc0f68df5fd6ae9dd82dfbaf479d6

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: 76a3a30b58405c2c6d833895253a51a9

Located: HK_LM:Run, SsAAD.exe
command: C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
file: C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
size: 81920
MD5: d728a3be3bbb48f7df4d847d0cf70bb9

Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
file: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
size: 36975
MD5: 61a3a9d5d98bf0331df5b716144a8100

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: dadb538f51007d5ea5fa1ee553183f80

Located: HK_LM:Run, UpdReg
command: C:\WINDOWS\UpdReg.EXE
file: C:\WINDOWS\UpdReg.EXE
size: 90112
MD5: c419df63e0121d72411285780c2fc6cc

Located: HK_LM:Run, Windows Media Connect 2
command: "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
file: C:\Program Files\Windows Media Connect 2\WMCCFG.exe
size: 368128
MD5: f22454c3fe517f3739a0725ba1894bdf

Located: HK_CU:Run, AIM
command: C:\Program Files\AIM\aim.exe -cnetwait.odl
file:

Located: HK_CU:Run, BitTorrent
command: "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
file:

Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8

Located: HK_CU:Run, DellSupport
command: "C:\Program Files\Dell Support\DSAgnt.exe" /startup
file: C:\Program Files\Dell Support\DSAgnt.exe
size: 306688
MD5: cea4715092cb7984420dbc9f51fb4c35

Bowser05
2006-10-30, 22:33
I don't know what else you need because total the log is exceeding 200,000 characters. If you could tell me what exactly I need to click when viewing the log that might make it simpler.

md usa spybot fan
2006-10-30, 22:50
What you posted is a Spybot Report (stored as SpybotSD.Report.txt) not the Resident.log that I requested in order to determine the nature of the registry change that you are getting.

Please review the instructions that I posted above or if you are now able to go load Spybot:
Go into Spybot > Mode > Advanced Mode > Tools > Resident > page (scroll) to the bottom of the listing and highlight a portion of the log that shows the registry changes that you are getting after you logon to the system including the "Yahoo! Toolbar" change you are denying, then right click and select Copy. Paste the log entries (Ctrl+V) to another post in this thread.

Bowser05
2006-10-31, 04:47
10/26/2006 5:41:53 PM Allowed value "Default_Search_URL" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch") changed in Browser page!
10/26/2006 5:41:53 PM Allowed value "scrnsave.exe" (new data: "C:\WINDOWS\system32\sstext3d.scr") changed in Desktop settings!
10/26/2006 6:36:37 PM Allowed value "Search Page" (new data: "http://go.microsoft.com/fwlink/?LinkId=54896") changed in Browser page!
10/26/2006 6:37:08 PM Allowed value "Start Page" (new data: "http://go.microsoft.com/fwlink/?LinkId=69157") changed in Browser page!
10/26/2006 6:37:10 PM Allowed value "Default_Page_URL" (new data: "http://go.microsoft.com/fwlink/?LinkId=69157") changed in Browser page!
10/26/2006 6:37:10 PM Allowed value "Default_Search_URL" (new data: "http://go.microsoft.com/fwlink/?LinkId=54896") changed in Browser page!
10/26/2006 6:37:11 PM Allowed value "NoIE4StubProcessing" (new data: "C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f") added in System Startup global entry!
10/26/2006 6:40:49 PM Allowed value "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (new data: "") deleted in Global browser toolbar!
10/26/2006 6:40:50 PM Allowed value "Start Page" (new data: "http://go.microsoft.com/fwlink/?LinkId=69157") changed in Browser page!
10/26/2006 6:40:50 PM Allowed value "Default_Page_URL" (new data: "http://go.microsoft.com/fwlink/?LinkId=69157") changed in Browser page!
10/26/2006 6:40:50 PM Allowed value "scrnsave.exe" (new data: "C:\WINDOWS\system32\sstext3d.scr") changed in Desktop settings!
10/27/2006 12:31:47 AM Allowed value "scrnsave.exe" (new data: "C:\WINDOWS\system32\ssbezier.scr") changed in Desktop settings!
10/27/2006 10:02:13 AM Allowed value "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (new data: "") deleted in Global browser toolbar!
10/27/2006 10:02:13 AM Allowed value "Start Page" (new data: "http://go.microsoft.com/fwlink/?LinkId=69157") changed in Browser page!
10/27/2006 10:02:13 AM Allowed value "Default_Page_URL" (new data: "http://go.microsoft.com/fwlink/?LinkId=69157") changed in Browser page!
10/27/2006 10:02:13 AM Allowed value "scrnsave.exe" (new data: "C:\WINDOWS\system32\ssbezier.scr") changed in Desktop settings!
10/27/2006 6:12:16 PM Allowed value "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (new data: "") deleted in Global browser toolbar!
10/27/2006 6:12:16 PM Allowed value "Start Page" (new data: "http://go.microsoft.com/fwlink/?LinkId=69157") changed in Browser page!
10/27/2006 6:12:16 PM Allowed value "Default_Page_URL" (new data: "http://go.microsoft.com/fwlink/?LinkId=69157") changed in Browser page!
10/27/2006 6:12:16 PM Allowed value "scrnsave.exe" (new data: "C:\WINDOWS\system32\ssbezier.scr") changed in Desktop settings!
10/28/2006 1:54:21 AM Allowed value "{3BB54395-5982-4788-8AF4-B5388FFDD0D8}" (new data: "") added in ActiveX Distribution Unit!
10/28/2006 1:54:24 AM Allowed value "{5736C456-EA94-4AAC-BB08-917ABDD035B3}" (new data: "") added in ActiveX Distribution Unit!
10/28/2006 1:54:26 AM Allowed value "{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}" (new data: "") added in ActiveX Distribution Unit!
10/28/2006 1:56:07 AM Allowed value "{339234B4-4E14-4280-B8B4-8BAE5AF99063}" (new data: "") added in ActiveX Distribution Unit!
10/28/2006 1:56:10 AM Allowed value "{05D44720-58E3-49E6-BDF6-D00330E511D3}" (new data: "") added in ActiveX Distribution Unit!
10/28/2006 3:00:43 AM Allowed value "scrnsave.exe" (new data: "C:\WINDOWS\EAWDEA~1.SCR") changed in Desktop settings!
10/28/2006 12:40:50 PM Allowed value "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (new data: "") deleted in Global browser toolbar!
10/28/2006 12:40:50 PM Allowed value "Start Page" (new data: "http://go.microsoft.com/fwlink/?LinkId=69157") changed in Browser page!
10/28/2006 12:40:50 PM Allowed value "Default_Page_URL" (new data: "http://go.microsoft.com/fwlink/?LinkId=69157") changed in Browser page!
10/28/2006 12:40:50 PM Allowed value "scrnsave.exe" (new data: "C:\WINDOWS\EAWDEA~1.SCR") changed in Desktop settings!
10/29/2006 1:58:43 AM Allowed value "scrnsave.exe" (new data: "C:\WINDOWS\EAWVEH~1.SCR") changed in Desktop settings!
10/29/2006 11:56:07 AM Allowed value "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (new data: "") deleted in Global browser toolbar!
10/29/2006 11:56:07 AM Allowed value "Start Page" (new data: "http://go.microsoft.com/fwlink/?LinkId=69157") changed in Browser page!
10/29/2006 11:56:07 AM Allowed value "Default_Page_URL" (new data: "http://go.microsoft.com/fwlink/?LinkId=69157") changed in Browser page!
10/29/2006 11:56:07 AM Allowed value "scrnsave.exe" (new data: "C:\WINDOWS\EAWVEH~1.SCR") changed in Desktop settings!

md usa spybot fan
2006-10-31, 06:19
Bowser05:

I do not see any log entries for the problem you originally described:


14:14 Registry change denied
Resident denied the change of {EF99BD32-C1FB-11D2-892F-0090271D4F88} (category Global browser toolbar) based on your blacklist
There are log entries for the deletion of the Global browser toolbar "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" which were allowed:




10/26/2006 6:40:49 PM Allowed value "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (new data: "") deleted in Global browser toolbar!

10/27/2006 6:12:16 PM Allowed value "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (new data: "") deleted in Global browser toolbar!

10/28/2006 12:40:50 PM Allowed value "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (new data: "") deleted in Global browser toolbar!

10/29/2006 11:56:07 AM Allowed value "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (new data: "") deleted in Global browser toolbar!

I suggest that you refresh the TeaTimer snapshot files to make sure that the snapshot file are in sync with the system registry as follows:
Right click Spybot's TeaTimer System Tray Icon > click Exit Spybot-S&D Resident.
TeaTimer closes.
TeaTimer's snapshot files are refreshed at this time.

Restart TeaTimer:
Using Windows Explorer, navigate to C:\Program Files\Spybot - Search & Destroy.
Double click TeaTimer.exe to start it.

Bowser05
2006-11-01, 21:50
See that is the problem, if I close Spybot then the 'Blues Screen' comes up RIGHT away. I need to have it open and I can't even turn off my computer anymore otherwise it takes hours to start up properly. I am guessing there is a virus that is associated with my long-gone Toolbar and Spybot is the only program detecting it, but it is restarting everytime it is supressed so that even though it isn't a threat right now necessarily, it isn't gone either so the moment Spybot isn't running, the supression is gone and BOOM my system is gone. I do see what you are talking about how it isn't up-to-date. I really don't know what else to do are there any other suggestions you have that might help?

Bowser05
2006-11-03, 00:21
Also, I was wondering if you knew exactly where in the Registry Editor I could find the information for Yahoo! Toolbar and/or Global browser Toolbar. I just want to see something real quick. Thanks and I hope we can figure out how to fix this soon because I don't like not being able to shut-down my PC. Again sorry for not being able to completely cooperate but you must understand that I can't because my computer will crash, and last time it took so long to start up, I don't want to take that chance of it NOT starting up this time.

Bowser05
2006-11-03, 04:17
Somebody help me please because nobody is helping me and my computer is starting to deteriorate.

md usa spybot fan
2006-11-03, 15:15
The entry is most likely in the following key:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

Bowser05
2006-11-04, 10:35
I tried deleting all items in my registry that went by the name that is having the problem. The change is still happening though. How can a registry change be happening for something that doesn't exist anymore? Any ideas on that?

md usa spybot fan
2006-11-04, 14:36
The cause of the problem is probably because TeaTimer's snapshot files are out of sync with the registry. TeaTimer takes snapshots of Registry entries and compares these with the Registry to determine if registry entries have changed. Until these snapshots are updated you are likely to get pop-ups of changes you made in the past. In other words, TeaTimer attempts to return the Registry to the state it was in when the snapshots were taken.

I suggested that you refresh TeaTimer's snapshot files by stopping and restarting TeaTimer, but you indicated that you could not do that because your system gets a BSOD (Blue Screen of Death) when you do.

Bowser05
2006-11-04, 22:36
If that might be the only solution at the moment then I will try it and take the chance I guess. I am going to back up my stuff and finish anything important I need to do on the computer then I will try what you are suggesting. Theoritically with the problem gone nothing should happen right? Lucky I have all of my drivers and installation discs with me. I will re-post if I can to report what happens.

md usa spybot fan
2006-11-04, 23:12
I hope you have backup for your personal files, software, etc. It sounds like you have one sick system and the only alternative in the long run may be to restore the system.

Bowser05
2006-11-04, 23:43
I did back everything up, but strangely after restarting Spybot 2 things happened.

1. The box stopped popping up and everything seems to be in order BUT
2. The resident log is still not up-to-date...still only showing up to the 29th of last month.

I am going to do a full virus scan with norton and then do a full problem check with Spybot and see what happens. If nothing shows up then for now I gues the problem is settled.