Results 1 to 5 of 5

Thread: Blacklist (Removal) After Uninstalled Spybot

  1. #1
    Junior Member
    Join Date
    Aug 2008
    Posts
    2

    Default Blacklist (Removal) After Uninstalled Spybot

    How can I get rid of the Blacklist my OLD spybot made? Its stopping my internet adaptor software!

    The old entrys arn't recorded in the 4 Tab removal box's!
    Last edited by kylehodgson; 2008-08-04 at 17:48.

  2. #2
    Junior Member
    Join Date
    Aug 2008
    Posts
    2

    Default Source

    01/08/2008 18:55:11 Allowed (based on user decision) value "StartCCC" (new data: ""C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun") changed in System Startup global entry!
    01/08/2008 18:55:13 Allowed (based on user decision) value "ATICustomerCare" (new data: ""C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"") added in System Startup global entry!
    01/08/2008 18:55:25 Allowed (based on user decision) value "ATICustomerCare" (new data: "") deleted in System Startup global entry!
    04/08/2008 12:14:07 Allowed (based on lassh blacklist) value "KernelFaultCheck" (new data: "%systemroot%\system32\dumprep 0 -k") added in System Startup global entry!
    04/08/2008 12:14:25 Allowed (based on lassh blacklist) value "KernelFaultCheck" (new data: "") deleted in System Startup global entry!
    04/08/2008 12:16:59 Allowed (based on lassh blacklist) value "CTFMON.EXE" (new data: "C:\WINDOWS\system32\ctfmon.exe") added in System Startup user entry!
    04/08/2008 12:17:00 Allowed (based on lassh blacklist) value "MSMSGS" (new data: ""C:\Program Files\Messenger\msmsgs.exe" /background") added in System Startup user entry!
    04/08/2008 12:17:01 Allowed (based on authenticode whitelist) value "SpybotSD TeaTimer" (new data: "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe") added in System Startup user entry!
    04/08/2008 12:17:01 Allowed (based on lassh blacklist) value "SoundMAXPnP" (new data: "C:\Program Files\Analog Devices\Core\smax4pnp.exe") added in System Startup global entry!
    04/08/2008 12:17:01 Allowed (based on lassh blacklist) value "SoundMAX" (new data: ""C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray") added in System Startup global entry!
    04/08/2008 12:17:35 Allowed (based on user decision) value "SunJavaUpdateSched" (new data: ""C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"") added in System Startup global entry!
    04/08/2008 12:17:40 Allowed (based on user decision) value "AODAssist.exe" (new data: "C:\Program Files\AMD\AMD OverDrive\AODAssist.exe") added in System Startup global entry!
    04/08/2008 12:17:40 Allowed (based on user whitelist) value "StartCCC" (new data: ""C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun") added in System Startup global entry!
    04/08/2008 12:17:44 Allowed (based on user decision) value "Local Page" (new data: "C:\WINDOWS\system32\blank.htm") added in Browser page!
    04/08/2008 12:17:47 Denied (based on user decision) value "Search Page" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch") added in Browser page!
    04/08/2008 12:17:49 Denied (based on user decision) value "Start Page" (new data: "http://www.google.co.uk/") added in Browser page!
    04/08/2008 12:17:50 Denied (based on user decision) value "Local Page" (new data: "%SystemRoot%\system32\blank.htm") added in Browser page!
    04/08/2008 12:17:50 Denied (based on user decision) value "Search Page" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch") added in Browser page!
    04/08/2008 12:17:51 Denied (based on user decision) value "Start Page" (new data: "http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home") added in Browser page!
    04/08/2008 12:17:54 Denied (based on user decision) value "Default_Page_URL" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome") added in Browser page!
    04/08/2008 12:17:54 Denied (based on user decision) value "Default_Search_URL" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch") added in Browser page!
    04/08/2008 12:17:54 Denied (based on user decision) value "SearchAssistant" (new data: "http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm") added in Browser page!
    04/08/2008 12:17:55 Denied (based on user decision) value "CustomizeSearch" (new data: "http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm") added in Browser page!
    04/08/2008 12:23:33 Allowed (based on lassh blacklist) value "KernelFaultCheck" (new data: "%systemroot%\system32\dumprep 0 -k") added in System Startup global entry!
    04/08/2008 12:23:54 Allowed (based on lassh blacklist) value "KernelFaultCheck" (new data: "") deleted in System Startup global entry!
    04/08/2008 13:54:29 Allowed (based on lassh blacklist) value "KernelFaultCheck" (new data: "%systemroot%\system32\dumprep 0 -k") added in System Startup global entry!
    04/08/2008 13:54:36 Allowed (based on lassh blacklist) value "KernelFaultCheck" (new data: "") deleted in System Startup global entry!
    04/08/2008 14:03:21 Allowed (based on lassh blacklist) value "KernelFaultCheck" (new data: "%systemroot%\system32\dumprep 0 -k") added in System Startup global entry!
    04/08/2008 14:03:41 Allowed (based on user decision) value "PostBootReminder" (new data: "{7849596a-48ea-486e-8937-a2a3009f31a9}") added in Shell services!
    04/08/2008 14:03:44 Denied (based on user decision) value "CDBurn" (new data: "{fbeb8a05-beee-4442-804e-409d6c4515e9}") added in Shell services!
    04/08/2008 14:03:46 Denied (based on user decision) value "WebCheck" (new data: "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}") added in Shell services!
    04/08/2008 14:03:48 Denied (based on user decision) value "SysTray" (new data: "{35CEC8A3-2BE6-11D2-8773-92E220524153}") added in Shell services!
    04/08/2008 14:03:51 Denied (based on user decision) value "BootExecute" (new data: "autocheck autochk *
    ") added in Session manager!
    04/08/2008 14:03:53 Denied (based on user decision) value "ExcludeFromKnownDlls" (new data: "") added in Session manager!
    04/08/2008 14:03:53 Denied (based on user decision) value "BootExecute" (new data: "autocheck autochk *
    ") added in Session manager!
    04/08/2008 14:03:55 Denied (based on user decision) value "ExcludeFromKnownDlls" (new data: "") added in Session manager!
    04/08/2008 14:03:56 Denied (based on user decision) value "scrnsave.exe" (new data: "C:\WINDOWS\System32\logon.scr") added in Desktop settings!
    04/08/2008 14:03:59 Denied (based on user decision) value "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (new data: "") added in Internet Explorer searches!
    04/08/2008 14:04:00 Allowed (based on lassh blacklist) value "KernelFaultCheck" (new data: "") deleted in System Startup global entry!
    04/08/2008 14:53:56 Allowed (based on authenticode whitelist) value "SpybotSD TeaTimer" (new data: "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe") added in System Startup user entry!











    Spybot in there somewhere disabled my Wireless Adaptor software. How can I remove this registy edit?

    Recovery has a password on it any ideas of the password?
    Last edited by kylehodgson; 2008-08-04 at 18:02. Reason: Recovery Password

  3. #3
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    kylehodgson:

    There were eighteen 18 "Denied" registry changes and all were "Denied (based on user decision)" not from "Blocked registry changes" the blacklist created when you use "Remember this decision" in TeaTimer. Therefore it is quite possible that you have no entries in "Blocked registry changes".

    I do see an "Allowed" registry changes that indicating "Allowed (based on user whitelist)". Therefore I think that you should have at least one entry in "Allowed registry changes".

    There were twelve (12) "Allowed" registry changes that indicated "Allowed (based on lassh blacklist)" and two (2) "Allowed" registry changes that indicated "Allowed (based on authenticode whitelist)". These are changes automatically "Allowed" or "Denied" based on TeaTimer's internal database of blacklisted/white isted processes and all of those changes were to system startup entries.

    I don't know exactly what has caused your problem, but I don't see any indication it stems from TeaTimer using "… the Blacklist my OLD spybot made …" since none of the entries from the Resident.log file that you posted indicate that there were any denials based on entries in either the RegKeyBlack.sbe or the ProcBlack.sbe files where TeaTimer stores "Allow change" or "Deny change" decisions when the "Remember this decision" option is elected.

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz Intel® Pentium® 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  4. #4
    Junior Member
    Join Date
    Oct 2008
    Posts
    3

    Question Allowed based on "lassh blacklist"

    I installed the latest Spybot version and since then I cannot prevent (no question asked by TeaTimer) the WCESCOMM.EXE program from re-installing itself in the startup directory. I tried to create an SBI file but it only prevents the program from running (I guess because of the way I wrote it). Each time mu computer is re-strated I have to remove the netry by running manually SpyBot.
    How can I NOT Allow the modification (when it adds itslef) below? What can I change/add/create to prevent this modification from being "allowed based on lassh blacklist"?

    Gilles Lisimaque

    30-Oct-08 9:43:43 Allowed (based on lassh blacklist) value "H/PC Connection Agent" (new data: ""C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"") added in System Startup user entry!
    30-Oct-08 11:48:05 Allowed (based on lassh blacklist) value "H/PC Connection Agent" (new data: "") deleted in System Startup user entry!
    30-Oct-08 12:52:21 Allowed (based on lassh blacklist) value "H/PC Connection Agent" (new data: ""C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"") added in System Startup user entry!
    Last edited by GLisimaque; 2008-10-30 at 19:10.

  5. #5
    Junior Member
    Join Date
    Apr 2012
    Posts
    1

    Default I figured it out

    Quote Originally Posted by kylehodgson View Post
    How can I get rid of the Blacklist my OLD spybot made? Its stopping my internet adaptor software!

    The old entrys arn't recorded in the 4 Tab removal box's!

    This is for future reference to people who have this problem, I allowed (based on user decision)changes but i didn't realize it was actually disabling software to open. So my laptop completely shut down along with all the drivers. I tried to do a system restore, it wouldn't allow it. Kept telling me "The Volume Shadow copy service used by system restore us not working(0x81000202)." I had no idea what I did but I completely blocked any software from working, safemode, bios, f8...there is nothing on the "advanced settings" that showed "repair..."
    so after 7 hours of just clicking and searching the resident log, I figured it out!

    What you do is type in msconfig in the cmd box and go to selective startup and click "enable all."
    after I restarted the computer, everything worked and I was able to do a system restore from a few days ago, before all this B.S.

    I was a little mad at myself for not trying this earlier because it was such an easy fix, but well stuff happens.

    (I did the above last, but I think it would work better if you try it first)
    I also found myself at the Computer management, you can just type that in the cmd/search box. Computer Management--->Services and Applications--->services... it lists all the drivers and software. They were ALL disabled, so I started changing to automatic when I realized I could go to selective start up and enable all.
    I really hope this helps people, because I could not find an answer anywhere.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •