I just downloaded the SP2 for XP and then I did all my weekly chores on my computer.
Stinger, Spy-bot and then adaware. Stinger and Spy-Bot were done all clean files. When I got to adaware it said:
24 running processes
39 objects recognized
0 objects ignored
39 new objects
0 processes identified
16 registry identified
4 registry values identified
17 files identified
2 folders identified
I really did not know what to do about this and by clicking here and there I ended up with 35 objects which I immediately quarantined. After that I redid the adaware scan and all is clean except I still have 35 Objects in quarantine.
This has never happened to me before and I don't really understand adaware at all. All I was told is I should scan once a week which is what I do but never has this happened. What should I do? I sure hope it is not too complicated because I don't have much confidence in myself that I would be able to fix this. Thank you in advance for all you have done for me so far.

Ad-ware should have let you see the objects, most would be mundane things like Tracking Cookies. By right clicking on an object you get many options, one of them is to get a brief description of the object.

However the title will be "tracking Cookie" "Mal ware" "spy ware" etc.

It should also tell you what those folders are, and what the files are.

It is possible that SP2 has files attached which are read a spy or ad ware. However the details will let you know if you should put it on the ignore list or not.

David

There is a log file kept which shows what has been found after scanning
Its a lot easier to read than the main Window
By the way, there is an update available (2 days old) Press the Globe link with the spy glass on top of the page click the Connect button (to download)then the Configure button(to save) when it's loaded only takes 10 seconds
Worth another scan with this new data?

I have not D/led SP2 yet
But from early reviews in Computer Mags there are a lot of setup changes to do
For Instance: New Microsoft Firewall settings which is switched on as default besides your own Firewall. 1 has to be switched off or detuned (To avoid conflicts)? New one is a high spec type
So we are all going to be Tiptoeing through this new setup minefield till at least the New Year?

I have ordered the SP2 disc from MS, and plan to scan it with AdAware and AVg when I get it, (paranoid anymore). LOL Your Adaware scan as said in the posts above should tell you what those objects are.

chris

I copied what is quarantined could someone tell me what I should do with this:

======================================================

IBIS TOOLBAR
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[0]=RegKey : CLSID\{339BB23F-A864-48C0-A59F-29EA915965EC}
obj[1]=RegKey : CLSID\{8952A998-1E7E-4716-B23D-3DBE03910972}
obj[2]=RegKey : CLSID\{F1616B86-9288-489D-B71A-0CCF2F1A89DA}
obj[3]=RegKey : CLSID\{FF76A5DA-6158-4439-99FF-EDC1B3FE100C}
obj[4]=RegKey : PROTOCOLS\Handler\tpro
obj[5]=RegKey : PROTOCOLS\Name-Space Handler\res\toolbar.ResProtocol
obj[6]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8952A998-1E7E-4716-B23D-3DBE03910972}
obj[7]=RegKey : toolbar.ResProtocol
obj[10]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\STO
obj[11]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TTOOL_UNINSTALL
obj[12]=RegKey : Software\Toolbar
obj[13]=RegKey : SOFTWARE\Toolbar
obj[14]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinTools
obj[15]=RegKey : SOFTWARE\WinTools
obj[16]=RegKey : SYSTEM\ControlSet001\Services\WinToolsSvc
obj[17]=RegKey : SYSTEM\ControlSet002\Services\WinToolsSvc
obj[18]=RegKey : SYSTEM\CurrentControlSet\Services\WinToolsSvc
obj[19]=RegValue : SOFTWARE\Microsoft\Windows\CurrentVersion\Run
obj[20]=Folder : c:\program files\common files\WinTools
obj[21]=Folder : c:\program files\Toolbar
obj[22]=File : c:\program files\common files\wintools\wtoolsa.exe
obj[23]=File : c:\program files\common files\wintools\wtoolsb.dll
obj[24]=File : c:\program files\common files\wintools\wsup.exe
obj[25]=File : c:\program files\common files\wintools\wtoolss.exe
obj[26]=File : c:\program files\common files\wintools\wtoolsc.cfg
obj[27]=File : c:\program files\common files\wintools\wtoolsd.cfg
obj[28]=File : c:\program files\common files\wintools\wtoolsp.cfg
obj[29]=File : c:\program files\common files\wintools\rmhgxlmu.wzg
obj[30]=File : c:\program files\toolbar\toolbar.dll
obj[31]=File : c:\program files\toolbar\iexploreskins.exe
obj[32]=File : c:\program files\toolbar\xzxsv.wzg
obj[33]=File : c:\program files\toolbar\yildhvi.olt
obj[34]=File : c:\program files\toolbar\cursors

POSSIBLE BROWSER HIJACK ATTEMPT
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[8]=RegData : Software\Microsoft\Internet Explorer\Main
obj[9]=RegData : Software\Microsoft\Internet Explorer\Search

LL
From what I see especially the bottom 2 items
I get the feeling that there is nothing here
The new configuration makes it look like Internet Explorer is being a piece of spyware
My advice? Don't touch it until we have a think about it.

To confirm this I would need to see the log from the scan of HiJackThis a small free program download from www.spychecker.com/program/hijackthis.html

Also download run this free Virus checker
http://housecall.trendmicro.com/housecall/start_corp.asp
And see if anything is produced? ...hopefully nothing
Admin! All I can see here, is the Quote button.
Means NO edits are possible Cannot report this either as the "Alert" Button missing also

I downloaded SP2 a couple of days ago (to XP Home) and have just run Spybot, which turned up one registry entry; McAfee VirusScan, which came up clean; and AdAware, which produced the usual number of running processes, and just one hit:

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"

My home page is "about: blank".

Agnitum Outpost firewall then warned me that my home page had been changed, and did I want to undo the change? This time I said No, keep the change, and it turned out to be MSN Messenger on the new home page.

SP2 seems to have added about 2 Gb to the contents of my hard disk. It also slows down the boot-up sequence. Furthermore, it took a LOT longer than the 30 minutes they said to download and install it.

quote:

---

Originally posted by bedstor:
There is a log file kept which shows what has been found after scanning
Its a lot easier to read than the main Window
By the way, there is an update available (2 days old) Press the Globe link with the spy glass on top of the page click the Connect button (to download)then the Configure button(to save) when it's loaded only takes 10 seconds
Worth another scan with this new data?

---

Did that and my files are still quarantined

Hi LL
As I said earlier I think the Adaware program picked up a Legit Internet Explorer system file and decided it was suspect
To double check and then delete the quarantined file do this:
Have you updated Adaware to the latest Version?
01R339 26.08.2004 build 273
Signatures total:28779
If that is correct? Simply open the quarantined file hit the blue "Restore" button. Then run the Adaware scan again .
This time there may be a different number found? Hopefully less Quarantine the findings and whatever the outcome I think it will be safe to delete this file.
Before you do this and stop your IE browser going wrong Go to the Control Panel Press Start and it should be seen On the Menu In here locate and open the Add /Remove Program Folder
Open the window look to the side of the list and click the button "Add Remove Windows components" button on the list
From here its risky (Could do with Dwights Input ) I do know there is a file repair option included in the Uninstall procedure But.. is there an easier way of accessing this without going via the Control Panel?

My answer has brought up a question which I am not sure of the answer
If you are willing to delete that Adaware Quarantine file and nothing happens We can breath easy Otherwise have a Windows CD on standby if it goes wrong!
Keep us informed on this Thanks.

AdAware's quarantined items can be safely deleted. While in quarantine, they are already out of the equation as far as the computer is concerned.