*** Note: VX2 on AdAware did not find anything
-------------------- Ad Aware SE -----------------------
Ad-Aware SE Build 1.06r1
Logfile Created on:Tuesday, November 08, 2005 8:33:15 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R73 03.11.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BargainBuddy(TAC index:8):1 total references
ExactSearchBar(TAC index:5):1 total references
Possible Browser Hijack attempt(TAC index:3):14 total references
SahAgent(TAC index:9):5 total references
WindUpdates(TAC index:8):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
11-8-2005 8:33:15 PM - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 144
ThreadCreationTime : 11-9-2005 2:32:40 AM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 192
ThreadCreationTime : 11-9-2005 2:32:51 AM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 216
ThreadCreationTime : 11-9-2005 2:32:53 AM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 260
ThreadCreationTime : 11-9-2005 2:32:59 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 272
ThreadCreationTime : 11-9-2005 2:32:59 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 428
ThreadCreationTime : 11-9-2005 2:33:05 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 488
ThreadCreationTime : 11-9-2005 2:33:07 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 556
ThreadCreationTime : 11-9-2005 2:33:09 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1488
ThreadCreationTime : 11-9-2005 2:36:17 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:10 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1096
ThreadCreationTime : 11-9-2005 4:31:21 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WindUpdates Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\mediagateway.exe
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Flip Words "http://www.gamehouse.com/"
TAC Rating : 8
Category : Malware
Comment : (
http://www.gamehouse.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Flip Words
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Flip Words "http://www.gamehouse.com/"
TAC Rating : 8
Category : Malware
Comment : (
http://www.gamehouse.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Flip Words
Value : UninstallString
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Flip Words "http://www.gamehouse.com/"
TAC Rating : 8
Category : Malware
Comment : (
http://www.gamehouse.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Flip Words
Value : HelpLink
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Flip Words "http://www.gamehouse.com/"
TAC Rating : 8
Category : Malware
Comment : (
http://www.gamehouse.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Flip Words
Value : Publisher
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Flip Words "http://www.gamehouse.com/"
TAC Rating : 8
Category : Malware
Comment : (
http://www.gamehouse.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Flip Words
Value : URLInfoAbout
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Flip Words "http://www.gamehouse.com/"
TAC Rating : 8
Category : Malware
Comment : (
http://www.gamehouse.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Flip Words
Value : Contact
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Flip Words "http://www.gamehouse.com/"
TAC Rating : 8
Category : Malware
Comment : (
http://www.gamehouse.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Flip Words
Value : Comments
Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Jewel Quest "http://www.gamehouse.com/"
TAC Rating : 8
Category : Malware
Comment : (
http://www.gamehouse.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Jewel Quest
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Jewel Quest "http://www.gamehouse.com/"
TAC Rating : 8
Category : Malware
Comment : (
http://www.gamehouse.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Jewel Quest
Value : UninstallString
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Jewel Quest "http://www.gamehouse.com/"
TAC Rating : 8
Category : Malware
Comment : (
http://www.gamehouse.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Jewel Quest
Value : HelpLink
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Jewel Quest "http://www.gamehouse.com/"
TAC Rating : 8
Category : Malware
Comment : (
http://www.gamehouse.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Jewel Quest
Value : Publisher
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Jewel Quest "http://www.gamehouse.com/"
TAC Rating : 8
Category : Malware
Comment : (
http://www.gamehouse.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Jewel Quest
Value : URLInfoAbout
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Jewel Quest "http://www.gamehouse.com/"
TAC Rating : 8
Category : Malware
Comment : (
http://www.gamehouse.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Jewel Quest
Value : Contact
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Jewel Quest "http://www.gamehouse.com/"
TAC Rating : 8
Category : Malware
Comment : (
http://www.gamehouse.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Jewel Quest
Value : Comments
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 14
Objects found so far: 15
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
SahAgent Object Recognized!
Type : File
Data : A0029943.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{54038E76-03FD-46C3-A8A2-B572E97B7011}\RP197\
FileVersion : 4, 0, 3, 2
ProductVersion : 4, 0, 3, 2
SahAgent Object Recognized!
Type : File
Data : A0029944.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{54038E76-03FD-46C3-A8A2-B572E97B7011}\RP197\
FileVersion : 4, 1, 0, 0
ProductVersion : 4, 1, 0, 0
SahAgent Object Recognized!
Type : File
Data : A0029945.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{54038E76-03FD-46C3-A8A2-B572E97B7011}\RP197\
FileVersion : 4, 0, 2, 3
ProductVersion : 4, 0, 2, 3
SahAgent Object Recognized!
Type : File
Data : A0029946.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{54038E76-03FD-46C3-A8A2-B572E97B7011}\RP197\
FileVersion : 4, 0, 3, 0
ProductVersion : 4, 0, 3, 0
ExactSearchBar Object Recognized!
Type : File
Data : A0034140.exe
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{54038E76-03FD-46C3-A8A2-B572E97B7011}\RP224\
FileVersion : 5.101.1663.1
ProductVersion : 5.101.1663.1
ProductName : Microsoft(R) Windows NT(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : ECM ChkTrust
InternalName : CHKTRUST.EXE
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1997
OriginalFilename : CHKTRUST.EXE
BargainBuddy Object Recognized!
Type : File
Data : A0034141.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{54038E76-03FD-46C3-A8A2-B572E97B7011}\RP224\
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 21
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WindUpdates Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager
SahAgent Object Recognized!
Type : File
Data : setup.inf
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\WINDOWS\downloaded program files\
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 23
8:53:54 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:20:38.962
Objects scanned:142897
Objects identified:23
Objects ignored:0
New critical objects:23