My Ad-AwareSE has lost critical scan ability

[sheawolf]

Hi,
Thank you in advance for any help. I'm brand new here so I hope I have all the information needed. I've included the hijackthis log, and the Ad-Aware scan log below.

I have XP, all updates installed.

I've run Ad-Aware SE Personal (free) for over a year with no problems. Last week, I downloaded Spyware Detector. I ran its scan, and closed the program without taking any action. I then ran Ad-AwareSE and discovered some changes. First, on the Preparing System Scan screen, the "search for critical objects" option has disappeared. It only gives me 2 options - Search for negligible risk entries, and Search for low-risk threats. Second, on the Performing System Scan screen, the program runs just fine, but it won't find any critical objects. I've purposely visited a couple of websites that I know install cookies that Ad-AwareSE finds as critical, but now the program seems to ignore them.

I uninstalled Spyware Detector. I ran Spybot, Ewido, and TrendMicro, and while they removed any tracking items, they didn't change Ad-Aware. I uninstalled Ad-Aware, then downloaded it again from Lavasoft. I've done a system restore but that makes no difference either.


I just now downloaded Hijack This, ran the scan, and below are the results.


Logfile of HijackThis v1.99.1
Scan saved at 4:05:00 PM, on 7/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CallWave\IAM.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\slrundll.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 208.187.165.105:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CallWave.lnk = C:\Program Files\CallWave\IAM.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti...l_v1-0-3-9.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.co...veX/winrep.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.co...X/FileXfer.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://register3.valueactive.com/21...CX/FlashAX.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex...trol_v1-32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BA0069C-C180-4625-A377-DD8B8155E167}: NameServer = 205.171.3.65 205.171.2.65
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

-------------------------------------------------------

Ad-Aware Scan Results

Ad-Aware SE Build 1.06r1
Logfile Created on:Thursday, July 27, 2006 4:14:16 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R116 24.07.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):10 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


7-27-2006 4:14:16 PM - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 392
ThreadCreationTime : 7-27-2006 5:31:05 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 452
ThreadCreationTime : 7-27-2006 5:31:08 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 476
ThreadCreationTime : 7-27-2006 5:31:08 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 520
ThreadCreationTime : 7-27-2006 5:31:09 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 532
ThreadCreationTime : 7-27-2006 5:31:09 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 684
ThreadCreationTime : 7-27-2006 5:31:10 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 752
ThreadCreationTime : 7-27-2006 5:31:10 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 792
ThreadCreationTime : 7-27-2006 5:31:10 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 836
ThreadCreationTime : 7-27-2006 5:31:10 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 908
ThreadCreationTime : 7-27-2006 5:31:10 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [opxpapp.exe]
FilePath : C:\Program Files\Softex\OmniPass\
ProcessID : 932
ThreadCreationTime : 7-27-2006 5:31:10 PM
BasePriority : Normal


#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1140
ThreadCreationTime : 7-27-2006 5:31:11 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:13 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1216
ThreadCreationTime : 7-27-2006 5:31:11 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:14 [navapsvc.exe]
FilePath : c:\Program Files\Norton AntiVirus\
ProcessID : 1348
ThreadCreationTime : 7-27-2006 5:31:12 PM
BasePriority : Normal
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:15 [slserv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1416
ThreadCreationTime : 7-27-2006 5:31:12 PM
BasePriority : Normal
FileVersion : 2.80.00(24Apr2000)
ProductVersion : 2.80.00
ProductName : Modem
FileDescription : User-Level Modem Service
InternalName : slserv
LegalCopyright : Copyright © 1999-2000
OriginalFilename : slserv.exe

#:16 [symwsc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\Security Center\
ProcessID : 1536
ThreadCreationTime : 7-27-2006 5:31:12 PM
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright (c) 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe

#:17 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1980
ThreadCreationTime : 7-27-2006 5:31:16 PM
BasePriority : Normal
FileVersion : 1.0.9.002
ProductVersion : 1.0.9.002
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
LegalCopyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:18 [kbd.exe]
FilePath : C:\HP\KBD\
ProcessID : 2008
ThreadCreationTime : 7-27-2006 5:31:16 PM
BasePriority : High


#:19 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 188
ThreadCreationTime : 7-27-2006 5:31:17 PM
BasePriority : Normal
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
ProductName : RealOne Player (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:20 [iam.exe]
FilePath : C:\Program Files\CallWave\
ProcessID : 368
ThreadCreationTime : 7-27-2006 5:31:18 PM
BasePriority : Normal
FileVersion : 3.09.8 (9-February-2006)
ProductVersion : 3.09.8 (9-February-2006)
ProductName : CallWave Service
CompanyName : CallWave, Inc.
FileDescription : Internet Answering Machine
InternalName : CallApp
LegalCopyright : Copyright © 1999-2003 CallWave, Inc.
OriginalFilename : CallApp.exe

#:21 [ccevtmgr.exe]
FilePath : c:\Program Files\Common Files\Symantec Shared\
ProcessID : 496
ThreadCreationTime : 7-27-2006 5:31:19 PM
BasePriority : Normal
FileVersion : 1.03.4
ProductVersion : 1.03.4
ProductName : Event Manager
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:22 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 856
ThreadCreationTime : 7-27-2006 5:31:19 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:23 [devldr32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1920
ThreadCreationTime : 7-27-2006 5:31:23 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 17
ProductVersion : 1, 0, 0, 17
ProductName : Creative Ring3 NT Inteface
CompanyName : Creative Technology Ltd.
FileDescription : DevLdr32
InternalName : DevLdr
LegalCopyright : Copyright (C) Creative Technology Ltd. 1998-2001
OriginalFilename : DevLdr32.exe

#:24 [rnathchk.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 3884
ThreadCreationTime : 7-27-2006 10:11:18 PM
BasePriority : Normal
FileVersion : 7.0.0.1176
ProductVersion : 7.0.0.1176
ProductName : RealOne Player (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks ATH Check App
InternalName : rnathchk
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : rnathchk.EXE

#:25 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 2656
ThreadCreationTime : 7-27-2006 10:25:30 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:26 [slrundll.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3056
ThreadCreationTime : 7-27-2006 10:25:32 PM
BasePriority : Normal


#:27 [notepad.exe]
FilePath : C:\WINDOWS\
ProcessID : 1848
ThreadCreationTime : 7-27-2006 11:05:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Notepad
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : NOTEPAD.EXE

#:28 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1184
ThreadCreationTime : 7-27-2006 11:14:10 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Disk Scan Result for C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Disk Scan Result for C:\DOCUME~1\Owner\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 0



MRU List Object Recognized!
Location: : C:\Documents and Settings\Owner\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplicatio n
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-910422244-3713687026-645458699-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-910422244-3713687026-645458699-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-910422244-3713687026-645458699-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-910422244-3713687026-645458699-1003\software\microsoft\windows\currentversion\exp lorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-910422244-3713687026-645458699-1003\software\microsoft\windows\currentversion\exp lorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-910422244-3713687026-645458699-1003\software\microsoft\windows\currentversion\exp lorer\recentdocs
Description : list of recent documents opened



Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10

4:14:35 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:00:19.657
Objects scanned:83399
Objects identified:0
Objects ignored:0
New critical objects:0



_____________________________________

Again, I thank you in advance for any help you can give.

[tetonbob]

Seems like a question best answered by Lavasoft at their support forum.

I don't see any obvious malware in that log, and your other anti-spyware apps run.

Let's run another online scan to see if something is lurking.

Perform an online scan with Internet Explorer with Panda ActiveScan

Click on the "Free To Use ActiveScan" located on the top right hand corner

1. Click Check Now and a "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
2. Enter your e-mail address, country, and state & click Scan Now * The download of the 8 MB Panda's ActiveX control will take place *

Begin the scan by selecting My Computer

• If it finds any malware, it will offer you a report.
• Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
• Click on See report then click Save report

*Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------------------------------------

[sheawolf]

Hi,

Thank you.

I ran PandaActiveScan per your instructions, and it found absolutely nothing.

Regarding your suggestion to post at Lavasoft - I have a another problem that I need help on - I have registered at the Lavasoft forums but it won't let me post. I've attempted to activate my account but have been unsuccessful. It tells me to contact the administrator but then it won't let me do that. So, I'm at an impasse. I need to ask you a favor - would you be so kind as to please contact the administrator for me, give him/her my email so we can establish contact & get this resolved so I can at least post there? I would greatly appreciate it. If you would do this for me, please let me know & I'll furnish my email address.

Thank you in advance.

[tetonbob]

Did you get this when you registered?

Quote:

Thank you <user name>. Your registration has been submitted.

The board administrator has chosen to require validation for all email addresses. Within the next 10 minutes (usually instantly) you'll receive an email with instructions on the next step. Don't worry, it won't take long before you can post!

The email has been sent to <user email>

So, you got the registration email, and attempted to verify your registration by clicking on the embedded link, and it would not?

Then there's a set of instructions in the email about where to go if the activation link fails, with a user ID number and a validation key to input.

You might want to retry all those steps from your registration email again.

I can try to help if you've gone through the steps, but there's no guarantees I'll get any response.

Don't post your email address here. PM it to me, but only after you've tried their registration verification again.

[tetonbob]

I've been looking at your original comments about the Adaware interface, and have talked to one of their support team.

Quote:

First, on the Preparing System Scan screen, the "search for critical objects" option has disappeared. It only gives me 2 options - Search for negligible risk entries, and Search for low-risk threats.

Quote:

Originally Posted by CalamityJane

That's not an option that appears in the scanning selections. Ad-Aware scans automatically for critical objects which be presented at the end of the scan.

If it's not finding critical objects, that's a good thing.

My AdawareSe doesn't have any such "search for critical objects" option. See thumbnail below. Yes, this version is Pro, but I have SE Personal on other systems and it appears the same.

Have you just recently upgraded? I actually can't recall if older versions had this, but I don't think so.

Please feel free to post in their forum, as you should be able to now, but they will tell you the same thing, I reckon.

<edit> Also, you can see a screenshot of how it should look, by opening the Help section>Adaware Interface>Preparing System Scan. See second thumbnail below</edit>

[sheawolf]

Hi,

"If it's not finding critical objects, that's a good thing."

My problem is that I have deliberately visited websites that I know install critical tracking items which Ad-Aware has always found, but it doesn't "find" them anymore. And this sudden change happened right after the SD download, so I'm blaming them. I can't believe these websites have stopped depositing their tracking cookies. It's almost as if the critical function itself was "rewritten" to ignore items. I'm positive that, right now, if Ad-Aware was functioning properly, it would find perhaps 20-30 critical items.

At any rate, thank you very much for all your help, and I'll try to post on the Lavasoft forums.

[tetonbob]

I suppose that's within the realm of possibility, although I think unlikely. However, Panda online scan also IDs tracking/spyware cookies, and you say it was clean.

I've not used Spyware Detector, but according to their site:

This software is also powered by some advanced features that are similar to our corporate edition like, Block Active X, Block Cookies, Block BHOs, Registry back up, Live Monitoring for IE home page hijacking, system and win ini file change monitor, monitor registry changes, tracking cookies monitoring and Process monitoring. The software has a complete database of the most commonly and largely found spywares, which are detected and can be deleted immediately. Our live update module will enable our users to update their spyware database frequently.

Even though you've uninstalled it, it's possible changes to your system are still in effect.

Another thing to know about Spyware Detector was that it has in the past been listed on Eric Howes' Rogueware site. It has since been delisted, with this notation:

Note on Spyware Detector: Spyware Detector was listed on this page because of concerns with false positives. Testing with the latest version of Spyware Detector indicates that the problems with earlier versions have been satisfactorily resolved. Thus, we can no longer consider Spyware Detector to be "rogue/suspect" anti-spyware

Let me know what Lavasoft tells you, as I'm curious.

[sheawolf]

Hi,
Thank you so much for your help & advice. I've now posted this at Lavasoft. Thank you, thank you, for your help in contacting them on my behalf. I greatly appreciate it. I'll keep you posted.