Tech Support Guy banner
  • Please post in our Community Feedback thread for help with the new forum software! If you are having trouble logging in, please Contact Us for assistance.
Status
Not open for further replies.
1 - 17 of 17 Posts

·
Registered
Joined
·
1,241 Posts
Hi degreef,

Go to Start | Programs | Accessories | System Tools | System Information | Tools | Internet Explorer Repair Tool and use the repair tool. See if that works.

If not, we'll just roll you back to before the HJT fixes, and start again.

Cheers

Liam
 

·
Registered
Joined
·
1,241 Posts
Okay,

try this way..

Click on Start | Settings | Control Panel | Add/Remove Programs, then scroll down the list and highlight Internet Explorer 6.0 and Internet Tools by clicking once. A button will illuminate under the list saying Add/Remove program. Click on that and then click on the option to Repair, and click OK.

If that doesn't work, then please open HJT, and click config... | Backups, then restore all entries.

Cheers

Liam
 

·
Registered
Joined
·
12 Posts
Discussion Starter · #5 ·
We are making progress.

We Rolled Back to 3/25 and we can now access the internet on the problem computer again.

Thanks:

I have downloaded AdAware and hijackthis again.

Attached is the latest hijackthis log after the rollback and reboot.

LIAM - we love your fishing quote. Are you a fisherman?

Thanks for all the help.

Mike DeGreef
[email protected]
 

Attachments

·
Registered
Joined
·
1,241 Posts
Just posting it up front..

Give me a few minutes to run through it..

Oh, and I used to fish.. I just loved the quote.. :D

Logfile of HijackThis v1.97.7
Scan saved at 11:32:07 AM, on 3/29/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\CBA\PDS.EXE
C:\WINDOWS\SYSTEM\CBA\XFR.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\MSGSYS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
C:\PROGRAM FILES\CANON\MULTIPASS\MONITR32.EXE
C:\PROGRAM FILES\CANON\MULTIPASS\MPTBOX.EXE
C:\PROGRAM FILES\CANON CREATIVE\TEXTBRIDGE\BIN\INSTANTACCESS.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\ALOGSERV.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE
C:\PROGRAM FILES\NETRATINGS\PREMETER\PRMT.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE
C:\PROGRAM FILES\COMMON FILES\UPDATER\WUPDATER.EXE
C:\WINDOWS\SYSTEM\SAHAGENT.EXE
C:\WINDOWS\SYSTEM\FXREDIR.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE
C:\_DOWNLOADS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c00&s=searchbar&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c00&s=search&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=3c00&s=consumer&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c00&s=searchbar&LC=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c00&s=searchbar&LC=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c00&s=search&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r1.attbi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r1.attbi.com
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\REAL\TOOLBAR\REALBAR.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file)
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\REAL\TOOLBAR\REALBAR.DLL
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe
O4 - HKLM\..\Run: [MP_STATUS_MONITOR] "C:\Program Files\Canon\MultiPASS\monitr32.exe" I
O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\CANON\MULTIP~1\MPTBOX.EXE
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\CANONC~1\TEXTBR~1\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\CANONC~1\TEXTBR~1\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NORTON~1\VPTRAY.EXE
O4 - HKLM\..\Run: [Premeter] C:\PROGRA~1\NETRAT~1\PREMETER\PRMT.EXE
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\SYSTEM\SahAgent.exe
O4 - HKLM\..\Run: [CFJMPS] C:\WINDOWS\CFJMPS.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\CANONC~1\TEXTBR~1\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\NORTON~1\RTVSCN95.EXE
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\NORTON~1\DEFWATCH.EXE
O4 - HKLM\..\RunServices: [Intel PDS] C:\WINDOWS\system\cba\pds.exe
O4 - HKLM\..\RunServices: [Intel File Transfer] C:\WINDOWS\system\cba\xfr.exe
O4 - HKLM\..\RunServices: [TMA Distribution] C:\WINDOWS\system\cba\lcfinst.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
O9 - Extra 'Tools' menuitem: AV Live (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {AEAD8593-667F-11D3-82FA-005004185BB3} (Servicesoft VoiceControl) - http://12.18.140.235/java/nm.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37905.3577893519
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt1_x.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/16286240c50019e10921/netzip/RdxIE601.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.netpaloffers.net/NetpalOffers/DMO1/Fr03tp.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.com/games/popcaploader_v5.cab
 

·
Registered
Joined
·
1,241 Posts
Lets do it the easy way. Webhancer has a lot to answer for. :)

Please download AdAware 6 181 from here.

Before you scan with AdAware, check for updates of the reference file by clicking Check for updates now, and following the prompts.

Now to set it up for optimum performance...

Make sure the following settings are configured. Remember that ON=GREEN.

From main window click Start | Activate in-depth scan.

Then click Use custom scanning options | Customize and have these options switched ON...

Scan within archives
Scan active processes
Scan registryDeep scan registry
Scan my IE Favourites for banned URLs
Scan my host-files


Then click the Settings button.. (the gear icon on the top row) then Tweak | Scanning engine and check..

Unload recognised processes during scanning.
Cleaning engine.
Let windows remove files in use at next reboot.


and uncheck..

Automatically try to unregister objects prior to deletion.


Then click Proceed, to save your settings.

Now click the Scan button.

When scan is finished, check the little box to the left of each entry to select them for removal, and get rid of them.

Next, reboot again and download Spybot - Search & Destroy, from here: if you haven't already got the program.

Click on Settings, and Settings again. Go to the Webupdate section, and check Display also available beta versions.

Now press Online, and search for, and put a check mark next to all updates, and install following the prompts.

Next, close all Internet Explorer windows, and click Check for Problems. Once the scan is complete, have SpyBot remove all it finds marked in RED.

Next, please reboot and post a new log for a final once over.

Cheers

Liam
 

·
Registered
Joined
·
2,438 Posts
Run Ad-aware 6 again, and when it finishes, go to the results window by clicking Next.

Remove ONLY the Webhancer objects with the first A-A cleaning ...

Highlite one of the entries that are from Webhancer. Right click and choose the option to mark all of the entries of that group.
Remove them.
ReBoot/restart... your PC

Run A-A again, and right-click "select all" of the remaining objects.
 

·
Administrator
Joined
·
123,540 Posts
I thought this might help. I ran across someone who had the same problem after Ad-Aware deleted WebHancer. I'm copying my post to your other thread for the same problem.

I just did a google search and came across someone who had the same problem after Ad-Aware removed WedHancer because apparently it doesn't remove it correctly.

Here is the solution that was posted:

"So finally, the surprising conclusion about what works and what doesn't is as follows:

What does remove WebHancer:

Use Ad-Aware to remove WebHancer, remove everything from the 'Communications' section in Windows Setup (Control Panel, Add/Remove software, Windows Setup), delete the Registry key HKLM\System\CurrentControlSet\Services\Winsock2, reboot, put removed items from 'Communications' section in Windows Setup back.

What doesn't remove WebHancer

Use the WebHancer uninstaller
Use Ad-Aware to remove WebHancer
Use Ad-Aware to remove WebHancer and restore WSOCK32.dll from the Windows CD
Use Ad-Aware to remove WebHancer and remove everything from the Network properties list, reboot and reinstall then
Use Ad-Aware to remove WebHancer and remove all Network Adapters from Device Manager, reboot and reinstall them again
Use Ad-Aware to remove WebHancer and reinstall Windows"

I hope this information is useful. I'm also posting the link to the site if you want to read the entire article (it's quite long but interesting).

http://www.geocities.com/merijn_bel...ancer.html#skip

Cookie
 

·
Registered
Joined
·
12 Posts
Discussion Starter · #10 ·
Thanks again for all the help so far. We ran adaware and jsut quarentined webhancer as advised above, but when we ran it again and quarentined everything, we could not get on the net. We restored the quarentined objects except for webhancer and we seem to be working ok for now but still have all the extra stuff on the computer. How do I get rid of that without losing the internet capability?
 

·
Registered
Joined
·
12 Posts
Discussion Starter · #12 ·
I don't have any thing that I can identify as an LSP hijacker, but here is my adaware log. What do you think I should do with it? Your help, as always, is greatly appriciated.

#:1 [kernel32.dll]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4279179737
Threads : 4
Priority : High
FileSize : 524 KB
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
Copyright : Copyright (C) Microsoft Corp. 1991-2000
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
OriginalFilename : KERNEL32.DLL
ProductName : Microsoft(R) Windows(R) Millennium Operating System
Created on : 1/1/1601
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 6/9/2000 1:00:00 AM

#:2 [msgsrv32.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294955533
Threads : 1
Priority : Normal
FileSize : 11 KB
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
Copyright : Copyright (C) Microsoft Corp. 1992-1998
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
OriginalFilename : MSGSRV32.EXE
ProductName : Microsoft(R) Windows(R) Millennium Operating System
Created on : 1/1/1601
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 6/9/2000 1:00:00 AM

#:3 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294947449
Threads : 1
Priority : Normal
FileSize : 1 KB
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
OriginalFilename : mmtask.tsk
ProductName : Microsoft Windows
Created on : 1/1/1601
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 6/9/2000 1:00:00 AM

#:4 [mprexe.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294854717
Threads : 1
Priority : Normal
FileSize : 28 KB
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
Copyright : Copyright (C) Microsoft Corp. 1993-2000
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
OriginalFilename : MPREXE.EXE
ProductName : Microsoft(R) Windows(R) Millennium Operating System
Created on : 1/1/1601
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 6/9/2000 1:00:00 AM

#:5 [mstask.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294847353
Threads : 2
Priority : Normal
FileSize : 124 KB
FileVersion : 4.71.2721.1
ProductVersion : 4.71.2721.1
Copyright : Copyright (C) Microsoft Corp. 2000
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
OriginalFilename : mstask.exe
ProductName : Microsoft
Created on : 1/1/1601
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 6/9/2000 1:00:00 AM

#:6 [defwatch.exe]
FilePath : C:\PROGRAM FILES\NORTON ANTIVIRUS\
ProcessID : 4294790253
Threads : 2
Priority : Normal
FileSize : 28 KB
FileVersion : 7.03.00.755
ProductVersion : 7.03.00.755
Copyright : Copyright (C) Symantec Corporation 1991-2000
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
OriginalFilename : DefWatch.exe
ProductName : Norton AntiVirus
Created on : 3/15/2002 4:02:28 AM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 7/12/2000 1:31:00 PM

#:7 [pds.exe]
FilePath : C:\WINDOWS\SYSTEM\CBA\
ProcessID : 4294788649
Threads : 3
Priority : Normal
FileSize : 18 KB
FileVersion : 6.0.201.0940 E
ProductVersion : 6.0
Copyright : Copyright
CompanyName : Intel Corporation
FileDescription : CBA -- Ping Discovery Service
InternalName : PDS
OriginalFilename : PDS.EXE
ProductName : Intel Common Base Agent
Created on : 3/15/2002 4:03:34 AM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 7/12/2000 1:31:00 PM

#:8 [xfr.exe]
FilePath : C:\WINDOWS\SYSTEM\CBA\
ProcessID : 4294792873
Threads : 3
Priority : Normal
FileSize : 11 KB
FileVersion : 6.0.201.0940 E
ProductVersion : 6.0
Copyright : Copyright
CompanyName : Intel Corporation
FileDescription : CBA - Message Resource
InternalName : xfrrc
OriginalFilename : XFR.EXE
ProductName : Intel Common Base Agent
Created on : 3/15/2002 4:03:35 AM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 7/12/2000 1:31:00 PM

#:9 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294889657
Threads : 17
Priority : Normal
FileSize : 220 KB
FileVersion : 5.50.4134.100
ProductVersion : 5.50.4134.100
Copyright : Copyright (C) Microsoft Corp. 1981-2000
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 6/9/2000 1:00:00 AM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 6/9/2000 1:00:00 AM

#:10 [msgsys.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294824625
Threads : 3
Priority : Normal
FileSize : 14 KB
FileVersion : 6.0.201.0940 E
ProductVersion : 6.0
Copyright : Copyright
CompanyName : Intel Corporation
FileDescription : CBA -- Message System
InternalName : MsgExe
OriginalFilename : MsgSys.EXE
ProductName : Intel Common Base Agent
Created on : 3/15/2002 4:03:35 AM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 7/12/2000 1:31:00 PM

#:11 [stmgr.exe]
FilePath : C:\WINDOWS\SYSTEM\RESTORE\
ProcessID : 4294725941
Threads : 4
Priority : Normal
FileSize : 60 KB
FileVersion : 4.90.0.2533
ProductVersion : 4.90.0.2533
Copyright : Copyright (C) Microsoft Corp. 1981-2000
CompanyName : Microsoft Corporation
FileDescription : Microsoft (R) PC State Manager
InternalName : StateMgr.exe
OriginalFilename : StateMgr.exe
ProductName : Microsoft (r) PCHealth
Created on : 1/1/1601
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 6/9/2000 1:00:00 AM

#:12 [taskmon.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294869893
Threads : 1
Priority : Normal
FileSize : 28 KB
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
Copyright : Copyright (C) Microsoft Corp. 1998
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
OriginalFilename : TASKMON.EXE
ProductName : Microsoft(R) Windows(R) Millennium Operating System
Created on : 1/1/1601
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 6/9/2000 1:00:00 AM

#:13 [systray.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294718201
Threads : 2
Priority : Normal
FileSize : 36 KB
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
Copyright : Copyright (C) Microsoft Corp. 1993-2000
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
OriginalFilename : SYSTRAY.EXE
ProductName : Microsoft(R) Windows(R) Millennium Operating System
Created on : 1/1/1601
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 6/9/2000 1:00:00 AM

#:14 [pctvoice.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294751437
Threads : 2
Priority : Normal
FileSize : 36 KB
FileVersion : 0.0
ProductVersion : 1.0
Copyright : Copyright (C) PCtel,Inc. 2000 - 2001
CompanyName : PCtel, Inc.
FileDescription : PCTVOICE
InternalName : PCTVOICE
ProductName : PCTVOICE
Created on : 3/9/2001 5:53:25 PM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 9/27/2000 2:14:28 PM

#:15 [hidserv.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294668165
Threads : 3
Priority : Normal
FileSize : 25 KB
FileVersion : 4.90.3000.1
ProductVersion : 4.90.3000.1
Copyright : Copyright (C) Microsoft Corp. 1981-2000
CompanyName : Microsoft Corporation
FileDescription : HID Audio Service
InternalName : hidserv
OriginalFilename : HIDSERV.EXE
ProductName : Microsoft(R) Windows(R) Millennium Operating System
Created on : 12/19/2000 9:20:03 PM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 6/9/2000 1:00:00 AM

#:16 [cpqinet.exe]
FilePath : C:\COMPAQ\CPQINET\
ProcessID : 4294664045
Threads : 3
Priority : Normal
FileSize : 232 KB
FileVersion : 3, 0, 2, 7
ProductVersion : 2, 2, 0, 0
Copyright : Copyright
CompanyName : Compaq Computer Corporation
FileDescription : CPQInet
InternalName : CPQInet
OriginalFilename : CPQInet.exe
ProductName : CPQINET
Created on : 3/9/2001 6:28:53 PM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 7/27/2000 10:30:50 PM

#:17 [devgulp.exe]
FilePath : C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\
ProcessID : 4294667913
Threads : 2
Priority : Normal
FileSize : 76 KB
FileVersion : 1, 4, 4, 0
ProductVersion : 1, 4, 4, 0
Copyright : Copyright Compaq Computer Corporation, 1999-2000
CompanyName : Compaq Computer Corporation
FileDescription : Device Detective & Internet Alive
InternalName : DevGulp
OriginalFilename : DevGulp.EXE
ProductName : Digital Dashboard (LCD) Support Software
Created on : 3/9/2001 6:29:31 PM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 7/27/2000 10:09:38 AM

#:18 [monitr32.exe]
FilePath : C:\PROGRAM FILES\CANON\MULTIPASS\
ProcessID : 4294766325
Threads : 20
Priority : Normal
FileSize : 280 KB
FileVersion : 3.20
ProductVersion : 3.20
Copyright : Copyright
CompanyName : Canon Information Systems
FileDescription : Status Monitor
InternalName : 3.20
OriginalFilename : monitr32.exe
ProductName : Canon MultiPASS
Created on : 8/28/2001 4:08:29 AM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 11/10/2000 6:29:28 PM

#:19 [mptbox.exe]
FilePath : C:\PROGRAM FILES\CANON\MULTIPASS\
ProcessID : 4294585449
Threads : 3
Priority : Normal
FileSize : 92 KB
FileVersion : 3.20
ProductVersion : 3.20
Copyright : Copyright
CompanyName : Canon Information Systems
FileDescription : MultiPASS Tool Box
InternalName : 3.20
ProductName : Canon MultiPASS
Created on : 8/28/2001 4:08:34 AM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 11/10/2000 6:33:34 PM

#:20 [instantaccess.exe]
FilePath : C:\PROGRAM FILES\CANON CREATIVE\TEXTBRIDGE\BIN\
ProcessID : 4294742901
Threads : 1
Priority : Normal
FileSize : 36 KB
Created on : 8/28/2001 4:12:43 AM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 12/10/1998 9:57:12 PM

#:21 [wmiexe.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294619729
Threads : 3
Priority : Normal
FileSize : 16 KB
FileVersion : 4.90.2452.1
ProductVersion : 4.90.2452.1
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
OriginalFilename : wmiexe.exe
ProductName : Microsoft(R) Windows(R) Millennium Operating System
Created on : 1/1/1601
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 6/9/2000 1:00:00 AM

#:22 [alogserv.exe]
FilePath : C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\
ProcessID : 4294619493
Threads : 2
Priority : Normal
FileSize : 32 KB
FileVersion : 5.13.0000.1
ProductVersion : 5.13.0000.1
Copyright : Copyright
CompanyName : Network Associates Inc.
FileDescription : AlogServ.exe
InternalName : AlogServ.exe
OriginalFilename : AlogServ.exe
ProductName : VirusScan
Created on : 10/10/2000 1:13:00 PM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 10/10/2000 1:13:00 PM

#:23 [vptray.exe]
FilePath : C:\PROGRAM FILES\NORTON ANTIVIRUS\
ProcessID : 4294618261
Threads : 2
Priority : Normal
FileSize : 48 KB
FileVersion : 7.03.00.755
ProductVersion : 7.03.00.755
Copyright : Copyright (C) Symantec Corporation 1991-2000
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus
ProductName : Norton AntiVirus
Created on : 3/15/2002 4:02:30 AM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 7/12/2000 1:31:00 PM

#:24 [realsched.exe]
FilePath : C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\
ProcessID : 4294539909
Threads : 2
Priority : Normal
FileSize : 148 KB
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
OriginalFilename : realsched.exe
ProductName : RealOne Player (32-bit)
Created on : 11/16/2003 9:33:48 PM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 11/16/2003 9:33:50 PM

#:25 [mwsoemon.exe]
FilePath : C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\
ProcessID : 4294517173
Threads : 1
Priority : Normal
FileSize : 20 KB
FileVersion : 1,0,0,7
ProductVersion : 1,0,0,7
Copyright : Copyright
CompanyName : MyWebSearch.com
FileDescription : My Web Search Email Plugin
InternalName : My Web Search Email Plugin
OriginalFilename : mwsoemon.exe
ProductName : My Web Search Email Plugin
Created on : 11/21/2003 2:28:52 AM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 11/21/2003 2:28:54 AM

#:26 [prmt.exe]
FilePath : C:\PROGRAM FILES\NETRATINGS\PREMETER\
ProcessID : 4294521533
Threads : 1
Priority : Normal
FileSize : 228 KB
FileVersion : 1.0.5.0r
ProductVersion : 1.0.5.0r
Copyright : Copyright (c) 2002 NetRatings.
CompanyName : NetRatings
FileDescription : Premeter
InternalName : 1.0.5.0r
OriginalFilename : prmt.exe
ProductName : Premeter
Created on : 3/30/2004 6:33:39 AM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 6/3/2003 7:56:38 PM

#:27 [wupdater.exe]
FilePath : C:\PROGRAM FILES\COMMON FILES\UPDATER\
ProcessID : 4294546549
Threads : 2
Priority : Idle
FileSize : 60 KB
FileVersion : 1, 3, 5, 0
ProductVersion : 1, 3, 5, 0
Copyright : Copyright (C) 2003
FileDescription : Updater Application
InternalName : Updater
OriginalFilename : updater.exe
ProductName : Updater Application
Created on : 3/30/2004 6:33:39 AM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 11/15/2003 11:06:10 AM
Warning! eUniverse object found in memory(wupdater.exe)

eUniverse Object recognized!
Type : Process
Data : wupdater.exe
Object : C:\PROGRAM FILES\COMMON FILES\UPDATER\
FileSize : 60 KB
FileVersion : 1, 3, 5, 0
ProductVersion : 1, 3, 5, 0
Copyright : Copyright (C) 2003
FileDescription : Updater Application
InternalName : Updater
OriginalFilename : updater.exe
ProductName : Updater Application
Created on : 3/30/2004 6:33:39 AM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 11/15/2003 11:06:10 AM

"wupdater.exe"Process terminated successfully.

#:28 [fxredir.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294409333
Threads : 1
Priority : Normal
FileSize : 60 KB
FileVersion : 1.0
ProductVersion : 3.20B
Copyright : Copyright (C) Canon Information Systems 2000
CompanyName : Canon Information Ssytems
FileDescription : FxReDir
InternalName : FxReDir
ProductName : MuliPASS
Created on : 8/28/2001 4:08:33 AM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 11/10/2000 6:25:40 PM

#:29 [iexplore.exe]
FilePath : C:\PROGRAM FILES\INTERNET EXPLORER\
ProcessID : 4294899629
Threads : 10
Priority : Normal
FileSize : 89 KB
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft
Created on : 8/29/2002 3:07:38 PM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 8/29/2002 3:07:38 PM

#:30 [ddhelp.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294275613
Threads : 5
Priority : Realtime
FileSize : 32 KB
FileVersion : 4.09.00.0900
ProductVersion : 4.09.00.0900
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
OriginalFilename : DDHelp.exe
ProductName : Microsoft
Created on : 8/16/2003 4:16:40 PM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 12/12/2002 8:14:32 AM

#:31 [ad-aware.exe]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\
ProcessID : 4294284713
Threads : 2
Priority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 3/29/2004 7:27:45 PM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 7/13/2003 6:00:20 AM

Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Alexa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

eUniverse Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : bho.incredifindbho

eUniverse Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : bho.incredifindbho.1

eUniverse Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{5d60ff48-95be-4956-b4c6-6bb168a70310}

eUniverse Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{8B8F6968-2F24-41E3-B653-E9613226F14D}

eUniverse Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5d60ff48-95be-4956-b4c6-6bb168a70310}

eUniverse Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : TYPELIB\{de289bfa-737b-4abb-a4ec-f8753551b875}

EzuLa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_USERS
Object : .DEFAULT\Software\eZula

EzuLa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{07f0a543-47ba-11d4-8a6d-0050da2ee1be}

EzuLa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{19dfb2cb-9b27-11d4-b192-0050dab79376}

EzuLa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{2079884b-6ef3-11d4-8a74-0050da2ee1be}

EzuLa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{3d7247e8-5db8-11d4-8a72-0050da2ee1be}

EzuLa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\EZulaBootExe.InstallCtrl

EzuLa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\EZulaBootExe.InstallCtrl.1

EzuLa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\EZulaFSearchEng.eZulaCode

EzuLa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\EZulaFSearchEng.eZulaCode.1

EzuLa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\EZulaFSearchEng.eZulaHash

EzuLa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\EZulaFSearchEng.eZulaHash.1

EzuLa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\EZulaFSearchEng.eZulaSearch

EzuLa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\EZulaFSearchEng.eZulaSearch.1

EzuLa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\EZulaFSearchEng.PopupDisplay.1

EzuLa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\EZulaFSearchEng.ResultHelper.1

EzuLa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\EZulaFSearchEng.SearchHelper.1

EzuLa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\EZulaMain.eZulaSearchPipe

EzuLa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\EZulaMain.TrayIConM

EzuLa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\Interface\{07F0A542-47BA-11D4-8A6D-0050DA2EE1BE}

EzuLa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\Interface\{07F0A544-47BA-11D4-8A6D-0050DA2EE1BE}

EzuLa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\Interface\{1823BC4B-A253-4767-9CFC-9ACA62A6B136}

EzuLa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\Interface\{19DFB2CA-9B27-11D4-B192-0050DAB79376}

EzuLa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\Interface\{3D7247F1-5DB8-11D4-8A72-0050DA2EE1BE}

EzuLa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\Interface\{7EDC96E1-5DD3-11D4-B185-0050DAB79376}

EzuLa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\Interface\{8A0443A2-5DA2-11D4-B185-0050DAB79376}

EzuLa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\Interface\{8EBB1743-9A2F-11D4-8A7E-0050DA2EE1BE}

EzuLa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\TypeLib\{07F0A536-47BA-11D4-8A6D-0050DA2EE1BE}

EzuLa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\TypeLib\{58359011-BF36-11D3-99A2-0050DA2EE1BE}

EzuLa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Ezula

EzuLa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : TYPELIB\{07f0a536-47ba-11d4-8a6d-0050da2ee1be}

EzuLa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : TYPELIB\{58359011-bf36-11d3-99a2-0050da2ee1be}

Favoriteman Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : TypeLib\{53F066F0-A4C0-4F46-83EB-2DFD03F938CF}

iWon Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\FunWebProducts

NetPal Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000EF1-0786-4633-87C6-1AA7A44296DA}

NetRatings Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Premeter

NetRatings Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\NetRatings

SahAgent Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{30402FF4-3E71-4A1C-9B4B-1CD3486A9FB2}

SahAgent Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{4828C95F-C5DB-4AB6-A945-8D8EC44B98A8}

SahAgent Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{4E570F74-DEEE-4FCF-B960-FEEFA4B8C6FC}

SahAgent Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopAtHomeSelect Agent

SahAgent Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\VGroup

SahAgent Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\WinSock2\Layered Provider Sample

SahAgent Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : TYPELIB\{cde442a3-dc2c-467e-a311-b4bc775d86c5}

SahAgent Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : WEBInstaller.execute

SahAgent Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : WEBInstaller.execute.1

VX2.BetterInternet Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\twaintec

eUniverse Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\URLSearchHooks
Value : {5D60FF48-95BE-4956-B4C6-6BB168A70310}

EzuLa Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_USERS
Object : .default\Software\Microsoft\Windows\CurrentVersion\Run
Value : ezmmod

EzuLa Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : ezmmod

Favoriteman Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows
Value : Counter

Favoriteman Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows
Value : Server

Favoriteman Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows
Value : Object

NetRatings Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value : Premeter

SahAgent Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value : SAHAGENT

Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 95
Objects found so far: 96

Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Possible browser hijack attempt : {00000EF1-0786-4633-87C6-1AA7A44296DA} (http://www.netpaloffers.net/netpaloffers/dmo1/fr03tp.cab)

Possible Browser Hijack attempt Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000EF1-0786-4633-87C6-1AA7A44296DA}

eUniverse Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : updater

Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 2
Objects found so far: 98

Deep scanning and examining files (C:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

eUniverse Object recognized!
Type : File
Data : updaterinstall_112.exe
Object : C:\

eUniverse Object recognized!
Type : File
Data : setup_incred_10.exe
Object : C:\WINDOWS\SYSTEM\
FileSize : 136 KB
Created on : 3/30/2004 6:33:37 AM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 2/14/2004 12:13:38 AM

SahAgent Object recognized!
Type : File
Data : sahagent1014.exe
Object : C:\WINDOWS\SYSTEM\
FileSize : 53 KB
Created on : 3/30/2004 6:33:37 AM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 2/14/2004 12:13:42 AM

SahAgent Object recognized!
Type : File
Data : webinstaller.dll
Object : C:\WINDOWS\Downloaded Program Files\
FileSize : 88 KB
FileVersion : 1, 1, 1, 29
ProductVersion : 1, 1, 1, 29
Copyright : Copyright 2002
FileDescription : WEBInstaller Module
InternalName : WEBInstaller
OriginalFilename : WEBInstaller.DLL
ProductName : WEBInstaller Module
Created on : 3/30/2004 6:33:37 AM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 1/5/2004 2:46:24 PM

SahAgent Object recognized!
Type : File
Data : sahagent_.exe
Object : C:\WINDOWS\Downloaded Program Files\
FileSize : 143 KB
FileVersion : 2, 0, 0, 1
ProductVersion : 2, 0, 0, 1
Copyright : Copyright
CompanyName : ITForum
FileDescription : SahAgent
InternalName : SahAgent
OriginalFilename : SahAgent.exe
ProductName : ITForum SahAgent
Created on : 3/30/2004 6:33:37 AM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 1/27/2004 1:34:18 PM

SahAgent Object recognized!
Type : File
Data : sahuninstall_.exe
Object : C:\WINDOWS\Downloaded Program Files\
FileSize : 29 KB
FileVersion : 2, 0, 0, 2
ProductVersion : 2, 0, 0, 2
Copyright : Copyright
FileDescription : SAHUninstall
InternalName : SAHUninstall
OriginalFilename : SAHUninstall.dll
ProductName : SAHUninstall
Created on : 3/30/2004 6:33:37 AM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 1/27/2004 1:34:48 PM

SahAgent Object recognized!
Type : File
Data : sahhtml_.exe
Object : C:\WINDOWS\Downloaded Program Files\
FileSize : 54 KB
FileVersion : 1, 1, 1, 5
ProductVersion : 1, 1, 1, 5
Copyright : Copyright
CompanyName : VGroup
FileDescription : Html
InternalName : Html
OriginalFilename : Html.exe
ProductName : VGroup Html
Created on : 3/30/2004 6:33:37 AM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 1/27/2004 1:35:24 PM

Tracking Cookie Object recognized!
Type : File
Data : [email protected][2].txt
Object : C:\WINDOWS\Cookies\

Created on : 3/31/2004 1:53:11 AM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 3/31/2004 1:53:12 AM

SahAgent Object recognized!
Type : File
Data : sahuninstall.exe
Object : C:\WINDOWS\
FileSize : 29 KB
FileVersion : 2, 0, 0, 2
ProductVersion : 2, 0, 0, 2
Copyright : Copyright
FileDescription : SAHUninstall
InternalName : SAHUninstall
OriginalFilename : SAHUninstall.dll
ProductName : SAHUninstall
Created on : 3/30/2004 6:33:38 AM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 2/14/2004 12:13:58 AM

eUniverse Object recognized!
Type : File
Data : delupdat.exe
Object : C:\Program Files\Common Files\updater\
FileSize : 24 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright (C) 2003
FileDescription : kkv MFC Application
InternalName : kkv
OriginalFilename : kkv.EXE
ProductName : kkv Application
Created on : 3/30/2004 6:33:38 AM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 8/23/2003 1:16:40 AM

eUniverse Object recognized!
Type : File
Data : sui.exe
Object : C:\Program Files\Common Files\updater\
FileSize : 84 KB
FileVersion : 1, 3, 0, 0
ProductVersion : 1, 3, 0, 0
Copyright : Copyright (C) 2003
FileDescription : sui MFC Application
InternalName : sui
OriginalFilename : sui.EXE
ProductName : sui Application
Created on : 3/30/2004 6:33:38 AM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 11/6/2003 2:07:34 AM

NetRatings Object recognized!
Type : File
Data : prmt_update_en_1.0.4.0_standard.exe
Object : C:\Program Files\NetRatings\Premeter\
FileSize : 260 KB
Created on : 3/30/2004 6:33:38 AM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 5/30/2003 4:43:58 AM

NetRatings Object recognized!
Type : Folder
Object : C:\Program Files\NetRatings

eUniverse Object recognized!
Type : File
Data : incfindbho.dll
Object : C:\Program Files\IncrediFind\BHO\
FileSize : 40 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright 2003
FileDescription : BHO Module
InternalName : BHO
OriginalFilename : BHO.DLL
ProductName : BHO Module
Created on : 3/30/2004 6:33:38 AM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 10/16/2003 5:49:20 PM

SahAgent Object recognized!
Type : File
Data : bunsetup[1].cab
Object : C:\Recycled\Dc115.IE5\P739EME7\
FileSize : 205 KB
Created on : 3/30/2004 6:33:38 AM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 2/14/2004 12:13:46 AM

Disk scan result for C:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 113

Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

eUniverse Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\IncrediFind

eUniverse Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\updater

eUniverse Object recognized!
Type : Folder
Object : c:\program files\common files\updater

eUniverse Object recognized!
Type : Folder
Object : c:\program files\Dynamic Toolbar

eUniverse Object recognized!
Type : File
Data : data1.dat
Object : c:\program files\common files\updater\

Created on : 3/30/2004 6:33:38 AM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 2/14/2004 12:13:46 AM

eUniverse Object recognized!
Type : File
Data : data2.dat
Object : c:\program files\common files\updater\

Created on : 3/30/2004 6:33:38 AM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 3/31/2004 1:50:40 AM

eUniverse Object recognized!
Type : File
Data : kvuidyes
Object : c:\program files\common files\updater\

Created on : 3/30/2004 6:33:38 AM
Last accessed : 3/29/2004 8:00:00 AM
Last modified : 2/15/2004 12:43:08 AM

eUniverse Object recognized!
Type : File
Data : data1attempt.dat
Object : c:\program files\common files\updater\

Created on : 3/30/2004 6:33:38 AM
Last accessed : 3/29/2004 8:00:00 AM
Last modified : 10/8/2003 9:30:56 PM

eUniverse Object recognized!
Type : File
Data : realbar
Object : c:\program files\dynamic toolbar\

Created on : 3/30/2004 6:33:09 AM
Last accessed : 3/29/2004 8:00:00 AM
Last modified : 3/30/2004 6:33:10 AM

eUniverse Object recognized!
Type : File
Data : incredifindbholog.tmp
Object : c:\windows\temp\

Created on : 3/30/2004 6:33:38 AM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 3/31/2004 2:04:34 AM

iWon Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}

NetPal Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DMO

NetPal Object recognized!
Type : Folder
Object : c:\windows\favorites\netpal games

NetPal Object recognized!
Type : File
Data : gamehouse games.url
Object : c:\windows\favorites\netpal games\

Created on : 3/30/2004 6:33:39 AM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 2/14/2004 12:10:40 AM

NetPal Object recognized!
Type : File
Data : big fish games.url
Object : c:\windows\favorites\netpal games\

Created on : 3/30/2004 6:33:39 AM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 2/14/2004 12:10:40 AM

NetPal Object recognized!
Type : File
Data : flyordie games.url
Object : c:\windows\favorites\netpal games\

Created on : 3/30/2004 6:33:39 AM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 2/14/2004 12:10:40 AM

NetRatings Object recognized!
Type : Folder
Object : c:\program files\netratings\Premeter

NetRatings Object recognized!
Type : File
Data : prmt.exe
Object : c:\program files\netratings\premeter\
FileSize : 228 KB
FileVersion : 1.0.5.0r
ProductVersion : 1.0.5.0r
Copyright : Copyright (c) 2002 NetRatings.
CompanyName : NetRatings
FileDescription : Premeter
InternalName : 1.0.5.0r
OriginalFilename : prmt.exe
ProductName : Premeter
Created on : 3/30/2004 6:33:39 AM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 6/3/2003 7:56:38 PM

NetRatings Object recognized!
Type : File
Data : prmt_update_en_1.0.5.0_standard.exe
Object : c:\program files\netratings\premeter\
FileSize : 260 KB
Created on : 3/30/2004 6:33:39 AM
Last accessed : 3/29/2004 8:00:00 AM
Last modified : 6/9/2003 10:19:18 PM

SahAgent Object recognized!
Type : File
Data : xmlparse_.dll
Object : c:\windows\downloaded program files\
FileSize : 52 KB
Created on : 3/30/2004 6:33:38 AM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 5/30/2002 6:12:48 AM

SahAgent Object recognized!
Type : File
Data : xmltok_.dll
Object : c:\windows\downloaded program files\
FileSize : 80 KB
Created on : 3/30/2004 6:33:38 AM
Last accessed : 3/30/2004 8:00:00 AM
Last modified : 5/30/2002 6:13:02 AM

VX2.BetterInternet Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000020DD-C72E-4113-AF77-DD56626C6C42}

VX2.BetterInternet Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\twaintec
 

·
Registered
Joined
·
46,353 Posts
This is the most likely suspect.

SahAgent Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\WinSock2\Layered Provider Sample

Run Adaware again and fix only that one and see if you lose your internet connection again.
 

·
Registered
Joined
·
2,438 Posts
Fix all the SahAgent items as you did the Webhancer ... it is certain to be the culprit.

Run Ad-aware 6 again, and when it finishes, go to the results window by clicking Next.

Remove ONLY the SahAgent objects with this A-A cleaning ...

Highlite one of the entries that are from SahAgent. Right click and choose the option to mark all of the entries of that group.
Remove them.
ReBoot/restart... your PC

Then you can run A-A again, and right-click "select all" of the remaining objects.

These LSP hijackers can be a pain to remove ... :mad:
 

·
Registered
Joined
·
12 Posts
Discussion Starter · #15 ·
When I try to quarentine all the sahagent files my internet slows down. It is so slow I don't know if it will ever connect, so I stop it and restore the sahagent files.
 

·
Registered
Joined
·
1,241 Posts
Morning all,

It might mean another roll back, but have a look in Start | Settings | Control Panel | Add/Remove Programs and scroll down and see if you have Shop At Home Agent listed. If there, try uninstalling it.

I'm off out now, but it's just an idea. Usually it uninstalls well enough from there.

Cheers

Liam
 

·
Registered
Joined
·
2,438 Posts
Certainly worth a try ...

From a thread at the Lavasoft Forum:
SahAgent is a Winsock 2 (LSP) Layered Service Provider that redirects visits to merchant sites ... it is more commonly known as ShopAtHome.

Don't just attempt to delete its registry entries and files ... you will likely lose your network and Internet connections.

Ad-aware 6 (updated) will safely and successfully remove SahAgent if you follow instructions properly ... at the end of the A-A scan, mark ONLY the SahAgent items for removal ... re-boot, re-scan, and remove everything else.
 
1 - 17 of 17 Posts
Status
Not open for further replies.
Top