Trojans(HJT and Adware Logs inside)

Might as well make it a good one. Started with 11 different trojans two days ago, now I'm down to 2. Both of which are not wanting to leave. Here are my HJTand Adaware scan logs. I do apologize for the triple posting, due to the text limit I obviously have to.I for the life of me cannot delete these with out them respawning themselves, I can't use my Media player or some MS Office programs

Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Tuesday, July 13, 2004 9:42:11 PM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R331 08.07.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry


7-13-2004 9:42:11 PM - Scan started. (Smart mode)

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 7-13-2004 7:25:05 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 7-13-2004 7:25:20 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 7-13-2004 7:25:23 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7-13-2004 7:25:25 PM
BasePriority : Normal
FileSize : 87 KB
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 7/26/2000 12:00:00 PM
Last accessed : 7/14/2004 1:04:20 AM
Last modified : 6/19/2003 7:05:04 PM

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7-13-2004 7:25:25 PM
BasePriority : Normal
FileSize : 32 KB
FileVersion : 5.00.2195.6695
ProductVersion : 5.00.2195.6695
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
OriginalFilename : lsasrv.dll and lsass.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 7/26/2000 12:00:00 PM
Last accessed : 7/14/2004 1:04:20 AM
Last modified : 6/19/2003 7:05:04 PM

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7-13-2004 7:25:33 PM
BasePriority : Normal
FileSize : 7 KB
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 7/26/2000 12:00:00 PM
Last accessed : 7/14/2004 1:04:21 AM
Last modified : 7/26/2000 12:00:00 PM

#:7 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7-13-2004 7:25:34 PM
BasePriority : Normal
FileSize : 44 KB
FileVersion : 5.00.2195.6659
ProductVersion : 5.00.2195.6659
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
OriginalFilename : spoolss.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 1/19/2004 7:47:01 PM
Last accessed : 7/14/2004 12:45:24 AM
Last modified : 6/19/2003 7:05:04 PM

#:8 [avgserv.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG6\
ThreadCreationTime : 7-13-2004 7:25:37 PM
BasePriority : Normal
FileSize : 16 KB
FileVersion : 6.0.1.696
ProductVersion : 6.0.1.696
Copyright : Copyright (c) GRISOFT 1998-2004
CompanyName : GRISOFT s.r.o
FileDescription : AvgServ - displays notification message
InternalName : AvgServ
OriginalFilename : AvgServ
ProductName : AVG6
Created on : 6/6/2004 9:10:28 AM
Last accessed : 7/14/2004 1:42:11 AM
Last modified : 6/6/2004 9:10:28 AM

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 7-13-2004 7:25:37 PM
BasePriority : Normal
FileSize : 7 KB
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 7/26/2000 12:00:00 PM
Last accessed : 7/14/2004 1:04:21 AM
Last modified : 7/26/2000 12:00:00 PM

#:10 [kpf4ss.exe]
FilePath : C:\Program Files\Kerio\Personal Firewall 4\
ThreadCreationTime : 7-13-2004 7:25:45 PM
BasePriority : Normal
FileSize : 1904 KB
FileVersion : 4.0.16
ProductVersion : 4.0.16
Copyright : Copyright (C) 1997-2004 Kerio Technologies
CompanyName : Kerio Technologies
FileDescription : Kerio Personal Firewall 4 - Service
InternalName : kpf4ss
OriginalFilename : kpf4ss.EXE
ProductName : Kerio Personal Firewall 4
Created on : 4/15/2004 3:05:40 PM
Last accessed : 7/14/2004 1:04:21 AM
Last modified : 4/15/2004 3:05:40 PM

#:11 [regsvc.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7-13-2004 7:25:50 PM
BasePriority : Normal
FileSize : 66 KB
FileVersion : 5.00.2195.6701
ProductVersion : 5.00.2195.6701
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
OriginalFilename : REGSVC.EXE
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 1/20/2004 3:35:33 AM
Last accessed : 7/14/2004 12:45:12 AM
Last modified : 6/19/2003 7:05:04 PM

#:12 [mstask.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7-13-2004 7:25:53 PM
BasePriority : Normal
FileSize : 116 KB
FileVersion : 4.71.2195.6704
ProductVersion : 4.71.2195.6704
Copyright : Copyright (C) Microsoft Corp. 1997
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
OriginalFilename : mstask.exe
ProductName : Microsoft
Created on : 1/20/2004 3:34:31 AM
Last accessed : 7/14/2004 1:04:20 AM
Last modified : 6/19/2003 7:05:04 PM

#:13 [winmgmt.exe]
FilePath : C:\WINDOWS\System32\WBEM\
ThreadCreationTime : 7-13-2004 7:25:55 PM
BasePriority : Normal
FileSize : 192 KB
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
Copyright : Copyright (C) Microsoft Corp. 1995-1999
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
ProductName : Windows Management Instrumentation
Created on : 1/20/2004 3:36:24 AM
Last accessed : 7/14/2004 12:48:27 AM
Last modified : 6/19/2003 7:05:04 PM

#:14 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7-13-2004 7:25:59 PM
BasePriority : Normal
FileSize : 7 KB
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 7/26/2000 12:00:00 PM
Last accessed : 7/14/2004 1:04:21 AM
Last modified : 7/26/2000 12:00:00 PM

#:15 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 7-13-2004 10:22:38 PM
BasePriority : Normal
FileSize : 237 KB
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 1/20/2004 3:32:14 AM
Last accessed : 7/14/2004 1:27:44 AM
Last modified : 6/19/2003 7:05:04 PM

#:16 [avgcc32.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG6\
ThreadCreationTime : 7-13-2004 10:23:11 PM
BasePriority : Normal
FileSize : 337 KB
FileVersion : 6, 0, 0, 515
ProductVersion : 6, 0, 0, 0
Copyright : Copyright
CompanyName : GRISOFT s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC32
OriginalFilename : AvgCC32.EXE
ProductName : AVG Anti-Virus System
Created on : 9/18/2003 5:11:01 AM
Last accessed : 7/14/2004 1:04:21 AM
Last modified : 1/19/2004 11:00:00 AM

#:17 [a2guard.exe]
FilePath : C:\Program Files\a2\
ThreadCreationTime : 7-13-2004 10:23:25 PM
BasePriority : Normal
FileSize : 608 KB
Created on : 12/13/2003 8:01:19 PM
Last accessed : 7/14/2004 1:04:21 AM
Last modified : 12/13/2003 8:01:19 PM

#:18 [sravwr.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 7-13-2004 10:38:05 PM
BasePriority : Normal
FileSize : 36 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : hgf
InternalName : load
OriginalFilename : load.exe
ProductName : asdf87
Created on : 7/13/2004 10:38:04 PM
Last accessed : 7/14/2004 1:42:12 AM
Last modified : 7/13/2004 10:38:04 PM

#:19 [a2start.exe]
FilePath : C:\Program Files\a2\
ThreadCreationTime : 7-14-2004 1:03:18 AM
BasePriority : Normal
FileSize : 643 KB
Created on : 12/13/2003 7:44:40 PM
Last accessed : 7/14/2004 1:05:05 AM
Last modified : 12/13/2003 7:44:40 PM

#:20 [kpf4gui.exe]
FilePath : C:\Program Files\Kerio\Personal Firewall 4\
ThreadCreationTime : 7-14-2004 1:04:12 AM
BasePriority : Normal
FileSize : 2452 KB
FileVersion : 4.0.16
ProductVersion : 4.0.16
Copyright : Copyright (C) 1997-2004 Kerio Technologies
CompanyName : Kerio Technologies
FileDescription : Kerio Personal Firewall 4 - GUI
InternalName : kpf4gui
OriginalFilename : kpf4gui.EXE
ProductName : Kerio Personal Firewall 4
Created on : 4/15/2004 3:05:14 PM
Last accessed : 7/14/2004 1:06:48 AM
Last modified : 4/15/2004 3:05:14 PM

#:21 [kpf4gui.exe]
FilePath : C:\Program Files\Kerio\Personal Firewall 4\
ThreadCreationTime : 7-14-2004 1:05:04 AM
BasePriority : Normal
FileSize : 2452 KB
FileVersion : 4.0.16
ProductVersion : 4.0.16
Copyright : Copyright (C) 1997-2004 Kerio Technologies
CompanyName : Kerio Technologies
FileDescription : Kerio Personal Firewall 4 - GUI
InternalName : kpf4gui
OriginalFilename : kpf4gui.EXE
ProductName : Kerio Personal Firewall 4
Created on : 4/15/2004 3:05:14 PM
Last accessed : 7/14/2004 1:06:48 AM
Last modified : 4/15/2004 3:05:14 PM

#:22 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 7-14-2004 1:05:44 AM
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft
Created on : 8/29/2002 12:14:40 PM
Last accessed : 7/14/2004 1:12:31 AM
Last modified : 8/29/2002 12:14:40 PM

#:23 [sysai.exe]
FilePath : C:\Program Files\SysAI\
ThreadCreationTime : 7-14-2004 1:05:51 AM
BasePriority : Normal
FileSize : 612 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright
CompanyName : Apropos Media
FileDescription : Internet Explorer
InternalName : Ads.
OriginalFilename : SysAI.exe
ProductName : Ads
Created on : 7/13/2004 10:46:32 PM
Last accessed : 7/14/2004 1:02:15 AM
Last modified : 7/13/2004 10:46:05 PM

#:24 [hijackthis.exe]
FilePath : C:\Documents and Settings\Stephanie Therrian\Desktop\
ThreadCreationTime : 7-14-2004 1:11:26 AM
BasePriority : Normal
FileSize : 181 KB
FileVersion : 1.98
ProductVersion : 1.98
Copyright : Freeware
CompanyName : Soeperman Enterprises Ltd.
FileDescription : HijackThis
InternalName : HijackThis
OriginalFilename : HijackThis.exe
ProductName : HijackThis
Created on : 7/2/2004 11:38:50 AM
Last accessed : 7/14/2004 1:11:26 AM
Last modified : 7/2/2004 11:38:50 AM

#:25 [notepad.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 7-14-2004 1:12:33 AM
BasePriority : Normal
FileSize : 49 KB
FileVersion : 5.00.2140.1
ProductVersion : 5.00.2140.1
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Notepad
InternalName : Notepad
OriginalFilename : NOTEPAD.EXE
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 1/19/2004 7:47:02 PM
Last accessed : 7/14/2004 1:42:13 AM
Last modified : 7/26/2000 12:00:00 PM

#:26 [a2start.exe]
FilePath : C:\Program Files\a2\
ThreadCreationTime : 7-14-2004 1:12:52 AM
BasePriority : Normal
FileSize : 643 KB
Created on : 12/13/2003 7:44:40 PM
Last accessed : 7/14/2004 1:05:05 AM
Last modified : 12/13/2003 7:44:40 PM

#:27 [a2scan.exe]
FilePath : C:\Program Files\a2\
ThreadCreationTime : 7-14-2004 1:12:56 AM
BasePriority : Normal
FileSize : 1563 KB
Created on : 12/13/2003 7:40:29 PM
Last accessed : 7/14/2004 1:04:21 AM
Last modified : 12/13/2003 7:40:29 PM

#:28 [em-pee three.exe]
FilePath : C:\Dru's Games\
ThreadCreationTime : 7-14-2004 1:28:39 AM
BasePriority : Normal
FileSize : 948 KB
FileVersion : 4.03.0011
ProductVersion : 4.03.0011
Copyright : Copyright freeza inc.
CompanyName : freeza inc.
FileDescription : music player
InternalName : em-pee three
OriginalFilename : em-pee three.exe
ProductName : em-pee three player
Created on : 12/20/2003 4:07:30 AM
Last accessed : 7/14/2004 1:28:34 AM
Last modified : 12/20/2003 4:07:30 AM

#:29 [avgw.exe]
FilePath : C:\Program Files\Grisoft\AVG6\
ThreadCreationTime : 7-14-2004 1:31:52 AM
BasePriority : Normal
FileSize : 428 KB
FileVersion : 6, 0, 0, 516
ProductVersion : 6, 0, 0, 0
Copyright : Copyright
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG 6.0 Application
InternalName : avgw
OriginalFilename : avgw.exe
ProductName : AVG Anti-Virus System
Created on : 9/18/2003 5:11:01 AM
Last accessed : 7/14/2004 1:05:05 AM
Last modified : 1/19/2004 11:00:00 AM

#:30 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 7-14-2004 1:40:44 AM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 4/28/2004 8:12:15 PM
Last accessed : 7/14/2004 1:40:36 AM
Last modified : 7/13/2003 1:00:20 AM

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

PeopleOnPage Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Apropos.Client


PeopleOnPage Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Apropos.Client.1.1


PeopleOnPage Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{A4A58A2C-B039-432B-8BC1-DCA7AC0757DC}


PeopleOnPage Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{01C5BF6C-E699-4CD7-BEA1-786FA05C83AB}


PeopleOnPage Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Apropos


PeopleOnPage Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Envolo


PeopleOnPage Object recognized!
Type : RegKey
Data : e_uninstall.log
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutoUpdate


PeopleOnPage Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : SOFTWARE\Apropos


Roings Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\roings


SahAgent Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{30402FF4-3E71-4A1C-9B4B-1CD3486A9FB2}


SahAgent Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{4828C95F-C5DB-4AB6-A945-8D8EC44B98A8}


SahAgent Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{4E570F74-DEEE-4FCF-B960-FEEFA4B8C6FC}


SahAgent Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopAtHomeSelect Agent


SahAgent Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\VGroup


SahAgent Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\WinSock2\Layered Provider Sample


SahAgent Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : TYPELIB\{cde442a3-dc2c-467e-a311-b4bc775d86c5}


SahAgent Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : WEBInstaller.execute


SahAgent Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : WEBInstaller.execute.1


WebHancer Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0}


WebHancer Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}


WebHancer Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0}


WebHancer Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent


WebHancer Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\whSurvey


WebHancer Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\webHancer


WebHancer Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}


WebHancer Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : WhIeHelperObj.WhIeHelperObj


WebHancer Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : WhIeHelperObj.WhIeHelperObj.1


SahAgent Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value : SAHAGENT


WebHancer Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : webHancer Agent


Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 29
Objects found so far: 29


Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Roings Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{E0CE16CB-741C-4B24-8D04-A817856E07F4}


Roings Object recognized!
Type : File
Data : mm20.ocx
Object : c:\windows\
FileSize : 60 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : df
InternalName : mm20
OriginalFilename : mm20.ocx
ProductName : DemoCtla
Created on : 7/13/2004 10:37:58 PM
Last accessed : 7/14/2004 1:44:37 AM
Last modified : 7/13/2004 10:37:58 PM



Roings Object recognized!
Type : RegKey
Data : c:\windows\mm20.ocx
Rootkey : HKEY_CLASSES_ROOT
Object : TYPELIB\{78A163D2-2358-464D-807B-0E2A078C7727}


Roings Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : IObjSafety.DemoCtl


Winpup32 Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : amlibs


Winpup32 Object recognized!
Type : File
Data : amlibs.exe
Object : c:\windows\system32\
FileSize : 64 KB
FileVersion : 7.00.0001
ProductVersion : 7.00.0001
CompanyName : thumbviewer
InternalName : rico
OriginalFilename : rico.exe
ProductName : builder
Created on : 7/13/2004 5:01:37 AM
Last accessed : 7/14/2004 1:04:21 AM
Last modified : 7/2/2004 1:25:04 PM



WebHancer Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : webHancer Survey Companion


WebHancer Object recognized!
Type : File
Data : whsurvey.exe
Object : c:\program files\webhancer\programs\
FileSize : 140 KB
FileVersion : 3.3.0
ProductVersion : 3.3.0
Copyright : Copyright
CompanyName : webHancer Corporation
FileDescription : webHancer Survey Companion
InternalName : whSurvey
OriginalFilename : whSurvey.exe
ProductName : webHancer Survey Companion
Created on : 7/13/2004 10:38:07 PM
Last accessed : 7/14/2004 1:45:13 AM
Last modified : 1/29/2004 2:30:23 PM



PeopleOnPage Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : AutoUpdater


PeopleOnPage Object recognized!
Type : File
Data : autoupdate.exe
Object : c:\program files\autoupdate\
FileSize : 220 KB
Created on : 7/13/2004 10:47:18 PM
Last accessed : 7/14/2004 1:45:13 AM
Last modified : 7/13/2004 10:46:47 PM



PeopleOnPage Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01C5BF6C-E699-4CD7-BEA1-786FA05C83AB}


SahAgent Object recognized!
Type : LSP
Data : c:\windows\system32\lsp.dll
Layered Service Provider: SAHagent MSAFD Tcpip [TCP/IP]


SahAgent Object recognized!
Type : File
Data : lsp.dll
Object : c:\windows\system32\
FileSize : 52 KB
FileVersion : 1, 1, 1, 20
ProductVersion : 1, 1, 1, 20
Copyright : Copyright
CompanyName : ITForum
FileDescription : LSP
InternalName : LSP
OriginalFilename : LSP.DLL
ProductName : ITForum LSP
Created on : 7/13/2004 10:38:35 PM
Last accessed : 7/14/2004 1:04:05 AM
Last modified : 11/13/2003 9:35:00 AM



SahAgent Object recognized!
Type : LSP
Data : c:\windows\system32\lsp.dll
Layered Service Provider: SAHagent MSAFD Tcpip [TCP/IP]


SahAgent Object recognized!
Type : LSP
Data : c:\windows\system32\lsp.dll
Layered Service Provider: SAHagent MSAFD Tcpip [UDP/IP]


SahAgent Object recognized!
Type : LSP
Data : c:\windows\system32\lsp.dll
Layered Service Provider: SAHagent MSAFD Tcpip [UDP/IP]


SahAgent Object recognized!
Type : LSP
Data : c:\windows\system32\lsp.dll
Layered Service Provider: SAHagent MSAFD Tcpip [RAW/IP]


SahAgent Object recognized!
Type : LSP
Data : c:\windows\system32\lsp.dll
Layered Service Provider: SAHagent MSAFD Tcpip [RAW/IP]


SahAgent Object recognized!
Type : LSP
Data : c:\windows\system32\lsp.dll
Layered Service Provider: SAHagent RSVP UDP Service Provider


SahAgent Object recognized!
Type : LSP
Data : c:\windows\system32\lsp.dll
Layered Service Provider: SAHagent RSVP UDP Service Provider


SahAgent Object recognized!
Type : LSP
Data : c:\windows\system32\lsp.dll
Layered Service Provider: SAHagent RSVP TCP Service Provider


SahAgent Object recognized!
Type : LSP
Data : c:\windows\system32\lsp.dll
Layered Service Provider: SAHagent RSVP TCP Service Provider


SahAgent Object recognized!
Type : LSP
Data : c:\windows\system32\lsp.dll
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{949AE477-C41B-4215-A415-D6CC87A28E2B}] SEQPACKET 3


SahAgent Object recognized!
Type : LSP
Data : c:\windows\system32\lsp.dll
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{949AE477-C41B-4215-A415-D6CC87A28E2B}] SEQPACKET 3


SahAgent Object recognized!
Type : LSP
Data : c:\windows\system32\lsp.dll
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{949AE477-C41B-4215-A415-D6CC87A28E2B}] DATAGRAM 3


SahAgent Object recognized!
Type : LSP
Data : c:\windows\system32\lsp.dll
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{949AE477-C41B-4215-A415-D6CC87A28E2B}] DATAGRAM 3


SahAgent Object recognized!
Type : LSP
Data : c:\windows\system32\lsp.dll
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{7DD77A00-8969-402D-8465-365FDD529370}] SEQPACKET 0


SahAgent Object recognized!
Type : LSP
Data : c:\windows\system32\lsp.dll
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{7DD77A00-8969-402D-8465-365FDD529370}] SEQPACKET 0


SahAgent Object recognized!
Type : LSP
Data : c:\windows\system32\lsp.dll
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{7DD77A00-8969-402D-8465-365FDD529370}] DATAGRAM 0


SahAgent Object recognized!
Type : LSP
Data : c:\windows\system32\lsp.dll
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{7DD77A00-8969-402D-8465-365FDD529370}] DATAGRAM 0


SahAgent Object recognized!
Type : LSP
Data : c:\windows\system32\lsp.dll
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{E08BBE52-FABC-40C0-9C85-DE8777D94129}] SEQPACKET 2


SahAgent Object recognized!
Type : LSP
Data : c:\windows\system32\lsp.dll
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{E08BBE52-FABC-40C0-9C85-DE8777D94129}] SEQPACKET 2


SahAgent Object recognized!
Type : LSP
Data : c:\windows\system32\lsp.dll
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{E08BBE52-FABC-40C0-9C85-DE8777D94129}] DATAGRAM 2


SahAgent Object recognized!
Type : LSP
Data : c:\windows\system32\lsp.dll
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{E08BBE52-FABC-40C0-9C85-DE8777D94129}] DATAGRAM 2


SahAgent Object recognized!
Type : LSP
Data : c:\windows\system32\lsp.dll
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{4569A66B-6EDB-4B34-A737-1B69ABD4C860}] SEQPACKET 4


SahAgent Object recognized!
Type : LSP
Data : c:\windows\system32\lsp.dll
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{4569A66B-6EDB-4B34-A737-1B69ABD4C860}] SEQPACKET 4


SahAgent Object recognized!
Type : LSP
Data : c:\windows\system32\lsp.dll
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{4569A66B-6EDB-4B34-A737-1B69ABD4C860}] DATAGRAM 4


SahAgent Object recognized!
Type : LSP
Data : c:\windows\system32\lsp.dll
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{4569A66B-6EDB-4B34-A737-1B69ABD4C860}] DATAGRAM 4


SahAgent Object recognized!
Type : LSP
Data : c:\windows\system32\lsp.dll
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{19C9F7EA-FB91-402D-B117-8C141140215D}] SEQPACKET 5


SahAgent Object recognized!
Type : LSP
Data : c:\windows\system32\lsp.dll
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{19C9F7EA-FB91-402D-B117-8C141140215D}] SEQPACKET 5


SahAgent Object recognized!
Type : LSP
Data : c:\windows\system32\lsp.dll
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{19C9F7EA-FB91-402D-B117-8C141140215D}] DATAGRAM 5


SahAgent Object recognized!
Type : LSP
Data : c:\windows\system32\lsp.dll
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{19C9F7EA-FB91-402D-B117-8C141140215D}] DATAGRAM 5


WebHancer Object recognized!
Type : LSP
Data : c:\windows\webhdll.dll
Layered Service Provider: webHancer OSMIM --> MSAFD Tcpip [TCP/IP]


WebHancer Object recognized!
Type : File
Data : webhdll.dll
Object : c:\windows\
FileSize : 40 KB
FileVersion : 3.3.0
ProductVersion : 3.3.0
Copyright : Copyright
CompanyName : webHancer Corporation
FileDescription : webHancer Winsock2 SPI
InternalName : webhdll
OriginalFilename : webhdll.dll
ProductName : webHancer Customer Companion
Created on : 7/12/2004 5:44:15 PM
Last accessed : 7/14/2004 1:45:47 AM
Last modified : 1/29/2004 2:29:51 PM



WebHancer Object recognized!
Type : LSP
Data : c:\windows\webhdll.dll
Layered Service Provider: webHancer OSMIM --> MSAFD Tcpip [TCP/IP]


WebHancer Object recognized!
Type : LSP
Data : c:\windows\webhdll.dll
Layered Service Provider: webHancer OSMIM --> MSAFD Tcpip [UDP/IP]


WebHancer Object recognized!
Type : LSP
Data : c:\windows\webhdll.dll
Layered Service Provider: webHancer OSMIM --> MSAFD Tcpip [UDP/IP]


WebHancer Object recognized!
Type : LSP
Data : c:\windows\webhdll.dll
Layered Service Provider: webHancer MSAFD Tcpip [TCP/IP]


WebHancer Object recognized!
Type : LSP
Data : c:\windows\webhdll.dll
Layered Service Provider: webHancer MSAFD Tcpip [TCP/IP]


WebHancer Object recognized!
Type : LSP
Data : c:\windows\webhdll.dll
Layered Service Provider: webHancer MSAFD Tcpip [UDP/IP]


WebHancer Object recognized!
Type : LSP
Data : c:\windows\webhdll.dll
Layered Service Provider: webHancer MSAFD Tcpip [UDP/IP]


WebHancer Object recognized!
Type : LSP
Data : c:\windows\webhdll.dll
Layered Service Provider: webHancer SAHagent MSAFD Tcpip [TCP/IP]


WebHancer Object recognized!
Type : LSP
Data : c:\windows\webhdll.dll
Layered Service Provider: webHancer SAHagent MSAFD Tcpip [TCP/IP]


WebHancer Object recognized!
Type : LSP
Data : c:\windows\webhdll.dll
Layered Service Provider: webHancer SAHagent MSAFD Tcpip [UDP/IP]


WebHancer Object recognized!
Type : LSP
Data : c:\windows\webhdll.dll
Layered Service Provider: webHancer SAHagent MSAFD Tcpip [UDP/IP]


SahAgent Object recognized!
Type : LSP
Data : c:\windows\system32\lsp.dll
Layered Service Provider: SAHagent


SahAgent Object recognized!
Type : LSP
Data : c:\windows\system32\lsp.dll
Layered Service Provider: SAHagent


WebHancer Object recognized!
Type : LSP
Data : c:\windows\webhdll.dll
Layered Service Provider: webHancer


WebHancer Object recognized!
Type : LSP
Data : c:\windows\webhdll.dll
Layered Service Provider: webHancer


Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 53
Objects found so far: 88


¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Tracking Cookie Object recognized!
Type : File
Data : dru@advertising[2].txt
Object : C:\Documents and Settings\Stephanie Therrian\Cookies\

Created on : 7/13/2004 11:48:01 PM
Last accessed : 7/14/2004 1:45:48 AM
Last modified : 7/14/2004 12:36:15 AM



Tracking Cookie Object recognized!
Type : File
Data : dru@atdmt[2].txt
Object : C:\Documents and Settings\Stephanie Therrian\Cookies\

Created on : 7/14/2004 1:10:57 AM
Last accessed : 7/14/2004 1:10:57 AM
Last modified : 7/14/2004 1:10:57 AM



Tracking Cookie Object recognized!
Type : File
Data : dru@clickagents[2].txt
Object : C:\Documents and Settings\Stephanie Therrian\Cookies\

Created on : 7/13/2004 11:36:52 PM
Last accessed : 7/14/2004 1:45:48 AM
Last modified : 7/13/2004 11:36:52 PM

 

Tracking Cookie Object recognized!
Type : File
Data : dru@doubleclick[1].txt
Object : C:\Documents and Settings\Stephanie Therrian\Cookies\

Created on : 7/13/2004 11:52:04 PM
Last accessed : 7/14/2004 12:58:50 AM
Last modified : 7/13/2004 11:53:59 PM



Tracking Cookie Object recognized!
Type : File
Data : dru@edge.ru4[1].txt
Object : C:\Documents and Settings\Stephanie Therrian\Cookies\
FileSize : 1 KB
Created on : 7/14/2004 12:41:56 AM
Last accessed : 7/14/2004 1:45:48 AM
Last modified : 7/14/2004 12:41:57 AM



Tracking Cookie Object recognized!
Type : File
Data : dru@fortunecity[1].txt
Object : C:\Documents and Settings\Stephanie Therrian\Cookies\

Created on : 7/14/2004 12:22:15 AM
Last accessed : 7/14/2004 1:45:49 AM
Last modified : 7/14/2004 12:22:15 AM



Tracking Cookie Object recognized!
Type : File
Data : dru@maxserving[1].txt
Object : C:\Documents and Settings\Stephanie Therrian\Cookies\

Created on : 7/13/2004 11:48:10 PM
Last accessed : 7/14/2004 1:45:49 AM
Last modified : 7/13/2004 11:48:10 PM



Tracking Cookie Object recognized!
Type : File
Data : dru@revenue[1].txt
Object : C:\Documents and Settings\Stephanie Therrian\Cookies\

Created on : 7/14/2004 12:27:25 AM
Last accessed : 7/14/2004 1:45:49 AM
Last modified : 7/14/2004 12:27:25 AM



Tracking Cookie Object recognized!
Type : File
Data : dru@servedby.advertising[1].txt
Object : C:\Documents and Settings\Stephanie Therrian\Cookies\

Created on : 7/14/2004 12:36:15 AM
Last accessed : 7/14/2004 1:45:49 AM
Last modified : 7/14/2004 12:36:15 AM


¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


Deep scanning and examining files (C
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Winpup32 Object recognized!
Type : File
Data : asdialr.exe
Object : C:\WINDOWS\system32\
FileSize : 64 KB
FileVersion : 7.00.0001
ProductVersion : 7.00.0001
CompanyName : thumbviewer
InternalName : rico
OriginalFilename : rico.exe
ProductName : builder
Created on : 7/13/2004 4:20:40 AM
Last accessed : 7/14/2004 1:04:21 AM
Last modified : 7/2/2004 1:25:04 PM



SahAgent Object recognized!
Type : File
Data : lsp.dll
Object : C:\WINDOWS\system32\
FileSize : 52 KB
FileVersion : 1, 1, 1, 20
ProductVersion : 1, 1, 1, 20
Copyright : Copyright
CompanyName : ITForum
FileDescription : LSP
InternalName : LSP
OriginalFilename : LSP.DLL
ProductName : ITForum LSP
Created on : 7/13/2004 10:38:35 PM
Last accessed : 7/14/2004 1:04:05 AM
Last modified : 11/13/2003 9:35:00 AM



SahAgent Object recognized!
Type : File
Data : sahagent.exe
Object : C:\WINDOWS\system32\
FileSize : 143 KB
FileVersion : 2, 0, 0, 1
ProductVersion : 2, 0, 0, 1
Copyright : Copyright
CompanyName : ITForum
FileDescription : SahAgent
InternalName : SahAgent
OriginalFilename : SahAgent.exe
ProductName : ITForum SahAgent
Created on : 7/13/2004 10:38:36 PM
Last accessed : 7/14/2004 1:46:23 AM
Last modified : 1/27/2004 9:34:18 AM



SahAgent Object recognized!
Type : File
Data : sahhtml.exe
Object : C:\WINDOWS\system32\
FileSize : 54 KB
FileVersion : 1, 1, 1, 5
ProductVersion : 1, 1, 1, 5
Copyright : Copyright
CompanyName : VGroup
FileDescription : Html
InternalName : Html
OriginalFilename : Html.exe
ProductName : VGroup Html
Created on : 7/13/2004 10:38:37 PM
Last accessed : 7/14/2004 1:46:23 AM
Last modified : 1/27/2004 9:35:24 AM




Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

PeopleOnPage Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{A2872B10-39F2-42DF-9335-7DD38CF75255}


PeopleOnPage Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{A1558B18-F76C-40FE-B358-9E47449F3CFE}


PeopleOnPage Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{A2872B10-39F2-42DF-9335-7DD38CF75255}


PeopleOnPage Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{A7D0472E-C1FC-4D8F-ABA1-98A7692561BF}


PeopleOnPage Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\AutoLoader


PeopleOnPage Object recognized!
Type : Folder
Object : c:\program files\AutoUpdate


PeopleOnPage Object recognized!
Type : Folder
Object : c:\docume~1\stepha~1\locals~1\temp\AutoUpdate0


PeopleOnPage Object recognized!
Type : Folder
Object : c:\docume~1\stepha~1\locals~1\temp\~apropos0


PeopleOnPage Object recognized!
Type : Folder
Object : c:\docume~1\stepha~1\locals~1\temp\~compoundinst0


PeopleOnPage Object recognized!
Type : Folder
Object : c:\docume~1\stepha~1\locals~1\temp\Atf


PeopleOnPage Object recognized!
Type : Folder
Object : c:\program files\SysAI


PeopleOnPage Object recognized!
Type : File
Data : libexpat.dll
Object : c:\program files\autoupdate\
FileSize : 140 KB
Created on : 7/13/2004 10:47:18 PM
Last accessed : 7/14/2004 1:46:32 AM
Last modified : 7/13/2004 10:46:47 PM



PeopleOnPage Object recognized!
Type : File
Data : aproposplugin.dll
Object : c:\program files\sysai\
FileSize : 64 KB
Created on : 7/13/2004 10:46:32 PM
Last accessed : 7/14/2004 1:05:50 AM
Last modified : 7/13/2004 10:46:04 PM



PeopleOnPage Object recognized!
Type : File
Data : auto_update_uninstall.exe
Object : c:\windows\system32\
FileSize : 228 KB
Created on : 7/13/2004 10:47:18 PM
Last accessed : 7/14/2004 1:45:50 AM
Last modified : 7/13/2004 10:46:47 PM



PeopleOnPage Object recognized!
Type : File
Data : auto_update_uninstall.log
Object : c:\windows\system32\

Created on : 7/13/2004 10:47:18 PM
Last accessed : 7/14/2004 1:46:32 AM
Last modified : 7/13/2004 10:47:18 PM



PeopleOnPage Object recognized!
Type : File
Data : atla.dll
Object : c:\docume~1\stepha~1\locals~1\temp\~apropos0\
FileSize : 72 KB
FileVersion : 3.00.8449
ProductVersion : 6.00.8449
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : ATL Module for Windows (ANSI)
InternalName : ATL
OriginalFilename : ATL.DLL
ProductName : Microsoft (R) Visual C++
Created on : 7/13/2004 10:46:06 PM
Last accessed : 7/14/2004 1:46:32 AM
Last modified : 7/13/2004 10:46:06 PM



PeopleOnPage Object recognized!
Type : File
Data : atlw.dll
Object : c:\docume~1\stepha~1\locals~1\temp\~apropos0\
FileSize : 73 KB
FileVersion : 3.00.9435
ProductVersion : 6.00.9435
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : ATL Module for Windows NT (Unicode)
InternalName : ATL
OriginalFilename : ATL.DLL
ProductName : Microsoft (R) Visual C++
Created on : 7/13/2004 10:46:06 PM
Last accessed : 7/14/2004 1:46:32 AM
Last modified : 7/13/2004 10:46:06 PM



PeopleOnPage Object recognized!
Type : File
Data : setup.inf
Object : c:\docume~1\stepha~1\locals~1\temp\~apropos0\
FileSize : 1 KB
Created on : 7/13/2004 10:46:06 PM
Last accessed : 7/14/2004 1:46:32 AM
Last modified : 7/13/2004 10:46:06 PM



PeopleOnPage Object recognized!
Type : File
Data : ace.dll
Object : c:\program files\sysai\
FileSize : 568 KB
FileVersion : 5.1.18
ProductVersion : 5.1.18
FileDescription : ACE
InternalName : ACEDLL
OriginalFilename : ACE.DLL
ProductName : ACE
Created on : 7/13/2004 10:46:32 PM
Last accessed : 7/14/2004 1:46:32 AM
Last modified : 7/13/2004 10:46:06 PM



PeopleOnPage Object recognized!
Type : File
Data : ai_13-07-2004.log
Object : c:\program files\sysai\

Created on : 7/13/2004 10:46:34 PM
Last accessed : 7/14/2004 12:31:41 AM
Last modified : 7/13/2004 10:46:35 PM



PeopleOnPage Object recognized!
Type : File
Data : atl.dll
Object : c:\program files\sysai\
FileSize : 73 KB
FileVersion : 3.00.9435
ProductVersion : 6.00.9435
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : ATL Module for Windows NT (Unicode)
InternalName : ATL
OriginalFilename : ATL.DLL
ProductName : Microsoft (R) Visual C++
Created on : 7/13/2004 10:46:33 PM
Last accessed : 7/14/2004 1:46:32 AM
Last modified : 7/13/2004 10:46:06 PM



PeopleOnPage Object recognized!
Type : File
Data : data.bin
Object : c:\program files\sysai\
FileSize : 114 KB
Created on : 7/13/2004 10:46:33 PM
Last accessed : 7/14/2004 1:46:32 AM
Last modified : 7/13/2004 10:46:06 PM



PeopleOnPage Object recognized!
Type : File
Data : libexpat.dll
Object : c:\program files\sysai\
FileSize : 140 KB
Created on : 7/13/2004 10:46:32 PM
Last accessed : 7/14/2004 1:46:32 AM
Last modified : 7/13/2004 10:46:06 PM



PeopleOnPage Object recognized!
Type : File
Data : plg0
Object : c:\program files\sysai\

Created on : 7/12/2004 1:27:35 PM
Last accessed : 7/14/2004 12:31:42 AM
Last modified : 7/12/2004 1:27:35 PM



PeopleOnPage Object recognized!
Type : File
Data : proxystub.dll
Object : c:\program files\sysai\
FileSize : 28 KB
Created on : 7/13/2004 10:46:32 PM
Last accessed : 7/14/2004 1:04:36 AM
Last modified : 7/13/2004 10:46:04 PM



PeopleOnPage Object recognized!
Type : File
Data : pstub0
Object : c:\program files\sysai\

Created on : 7/12/2004 1:27:36 PM
Last accessed : 7/14/2004 12:31:42 AM
Last modified : 7/12/2004 1:27:36 PM



PeopleOnPage Object recognized!
Type : File
Data : sysai.exe
Object : c:\program files\sysai\
FileSize : 612 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright
CompanyName : Apropos Media
FileDescription : Internet Explorer
InternalName : Ads.
OriginalFilename : SysAI.exe
ProductName : Ads
Created on : 7/13/2004 10:46:32 PM
Last accessed : 7/14/2004 1:02:15 AM
Last modified : 7/13/2004 10:46:05 PM



PeopleOnPage Object recognized!
Type : File
Data : uninstaller.exe
Object : c:\program files\sysai\
FileSize : 136 KB
Created on : 7/13/2004 10:46:33 PM
Last accessed : 7/14/2004 1:46:33 AM
Last modified : 7/13/2004 10:46:06 PM



PeopleOnPage Object recognized!
Type : File
Data : wingenerics.dll
Object : c:\program files\sysai\
FileSize : 568 KB
Created on : 7/13/2004 10:46:33 PM
Last accessed : 7/14/2004 1:46:33 AM
Last modified : 7/13/2004 10:46:05 PM



PeopleOnPage Object recognized!
Type : File
Data : auto_update_install.exe
Object : c:\docume~1\stepha~1\locals~1\temp\autoupdate0\
FileSize : 248 KB
Created on : 7/13/2004 10:46:47 PM
Last accessed : 7/14/2004 1:46:33 AM
Last modified : 7/13/2004 10:46:47 PM



PeopleOnPage Object recognized!
Type : File
Data : setup.inf
Object : c:\docume~1\stepha~1\locals~1\temp\autoupdate0\
FileSize : 2 KB
Created on : 7/13/2004 10:46:48 PM
Last accessed : 7/14/2004 1:46:33 AM
Last modified : 7/13/2004 10:46:48 PM



Roings Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{3E4BCF50-865B-4EF4-A0BC-BF57229EA525}


Roings Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{64A5BD22-8D8A-4193-9CF8-7DB5212ABB17}


Roings Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{9F61CFDF-5C79-4D35-B4DA-766B28367223}


Roings Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{E832FFDE-8ED2-47B7-BE50-729A238040A0}


Roings Object recognized!
Type : File
Data : asdf.txt
Object : c:\

Created on : 7/13/2004 10:37:58 PM
Last accessed : 7/14/2004 1:46:33 AM
Last modified : 7/13/2004 10:37:58 PM



Roings Object recognized!
Type : File
Data : affbun.txt
Object : c:\windows\
FileSize : 1 KB
Created on : 7/13/2004 10:37:57 PM
Last accessed : 7/14/2004 1:46:33 AM
Last modified : 7/13/2004 10:37:58 PM



Roings Object recognized!
Type : File
Data : usta32.ini
Object : c:\windows\

Created on : 7/13/2004 10:38:08 PM
Last accessed : 7/14/2004 1:46:33 AM
Last modified : 7/13/2004 10:38:09 PM



Roings Object recognized!
Type : File
Data : usta32a.ini
Object : c:\windows\

Created on : 7/13/2004 10:40:30 PM
Last accessed : 7/14/2004 1:00:46 AM
Last modified : 7/14/2004 1:00:46 AM



SahAgent Object recognized!
Type : File
Data : v.dat
Object : c:\windows\system32\
FileSize : 185 KB
Created on : 7/13/2004 10:38:37 PM
Last accessed : 7/14/2004 1:46:33 AM
Last modified : 7/13/2004 10:39:50 PM



SahAgent Object recognized!
Type : File
Data : vg.dat
Object : c:\windows\system32\
FileSize : 9 KB
Created on : 7/13/2004 10:38:38 PM
Last accessed : 7/14/2004 1:46:33 AM
Last modified : 7/13/2004 10:39:51 PM



SahAgent Object recognized!
Type : File
Data : setup.inf
Object : c:\windows\downloaded program files\
FileSize : 1 KB
Created on : 7/13/2004 10:38:28 PM
Last accessed : 7/14/2004 1:46:33 AM
Last modified : 1/5/2004 10:32:28 AM



SahAgent Object recognized!
Type : File
Data : webinstaller.dll
Object : c:\windows\downloaded program files\
FileSize : 88 KB
FileVersion : 1, 1, 1, 29
ProductVersion : 1, 1, 1, 29
Copyright : Copyright 2002
FileDescription : WEBInstaller Module
InternalName : WEBInstaller
OriginalFilename : WEBInstaller.DLL
ProductName : WEBInstaller Module
Created on : 7/13/2004 10:38:28 PM
Last accessed : 7/14/2004 1:43:46 AM
Last modified : 1/5/2004 10:46:24 AM



SahAgent Object recognized!
Type : File
Data : xmlparse_.dll
Object : c:\windows\downloaded program files\
FileSize : 52 KB
Created on : 7/13/2004 10:38:27 PM
Last accessed : 7/14/2004 1:46:33 AM
Last modified : 5/30/2002 2:12:48 AM



SahAgent Object recognized!
Type : File
Data : xmltok_.dll
Object : c:\windows\downloaded program files\
FileSize : 80 KB
Created on : 7/13/2004 10:38:27 PM
Last accessed : 7/14/2004 1:46:34 AM
Last modified : 5/30/2002 2:13:02 AM



SahAgent Object recognized!
Type : File
Data : sahuninstall.exe
Object : c:\windows\
FileSize : 29 KB
FileVersion : 2, 0, 0, 2
ProductVersion : 2, 0, 0, 2
Copyright : Copyright
FileDescription : SAHUninstall
InternalName : SAHUninstall
OriginalFilename : SAHUninstall.dll
ProductName : SAHUninstall
Created on : 7/13/2004 10:38:37 PM
Last accessed : 7/14/2004 1:46:34 AM
Last modified : 1/27/2004 9:34:48 AM



SahAgent Object recognized!
Type : File
Data : sahagent.log
Object : c:\
FileSize : 3 KB
Created on : 7/13/2004 10:38:35 PM
Last accessed : 7/14/2004 1:46:34 AM
Last modified : 7/13/2004 10:39:48 PM



SahAgent Object recognized!
Type : File
Data : mediamotor1001.sah
Object : c:\docume~1\stepha~1\locals~1\temp\

Created on : 7/13/2004 10:38:23 PM
Last accessed : 7/14/2004 1:46:34 AM
Last modified : 7/13/2004 10:38:23 PM



SahAgent Object recognized!
Type : File
Data : bundletracking.asp
Object : c:\docume~1\stepha~1\locals~1\temp\

Created on : 7/13/2004 10:38:25 PM
Last accessed : 7/14/2004 1:46:34 AM
Last modified : 7/13/2004 10:39:52 PM



WebHancer Object recognized!
Type : Folder
Object : c:\program files\webHancer


WebHancer Object recognized!
Type : Folder
Object : c:\program files\whInstall


WebHancer Object recognized!
Type : File
Data : license.txt
Object : c:\program files\webhancer\programs\
FileSize : 7 KB
Created on : 7/13/2004 10:38:06 PM
Last accessed : 7/14/2004 1:46:34 AM
Last modified : 5/22/2003 6:01:27 PM



WebHancer Object recognized!
Type : File
Data : readme.txt
Object : c:\program files\webhancer\programs\
FileSize : 1 KB
Created on : 7/13/2004 10:38:06 PM
Last accessed : 7/14/2004 1:46:34 AM
Last modified : 3/5/2002 3:00:35 PM



WebHancer Object recognized!
Type : File
Data : sporder.dll
Object : c:\program files\webhancer\programs\
FileSize : 11 KB
FileVersion : 4.00
ProductVersion : 4.00
Copyright : Copyright (C) Microsoft Corp. 1981-1996
CompanyName : Microsoft Corporation
FileDescription : WinSock2 reorder service providers
InternalName : sporder.dll
OriginalFilename : sporder.dll
ProductName : Microsoft(R) Windows NT(TM) Operating System
Created on : 7/13/2004 10:38:07 PM
Last accessed : 7/14/2004 1:46:34 AM
Last modified : 12/23/1999 7:12:46 PM



WebHancer Object recognized!
Type : File
Data : whagent.exe
Object : c:\program files\webhancer\programs\
FileSize : 168 KB
FileVersion : 3.3.0
ProductVersion : 3.3.0
Copyright : Copyright
CompanyName : webHancer Corporation
FileDescription : webHancer Customer Companion
InternalName : whAgent
OriginalFilename : whAgent.exe
ProductName : webHancer Customer Companion
Created on : 7/13/2004 10:38:07 PM
Last accessed : 7/14/2004 1:45:13 AM
Last modified : 1/29/2004 2:30:22 PM



WebHancer Object recognized!
Type : File
Data : whagent.ini
Object : c:\program files\webhancer\programs\

Created on : 7/13/2004 10:38:06 PM
Last accessed : 7/14/2004 1:46:34 AM
Last modified : 7/13/2004 10:41:10 PM



WebHancer Object recognized!
Type : File
Data : whiehlpr.dll
Object : c:\program files\webhancer\programs\
FileSize : 104 KB
FileVersion : 3.3.0
ProductVersion : 3.3.0
Copyright : Copyright
CompanyName : webHancer Corporation
FileDescription : webHancer IE Helper Module
InternalName : WhIeHelper
OriginalFilename : whiehlpr.dll
ProductName : webHancer Customer Companion
Created on : 7/13/2004 10:38:07 PM
Last accessed : 7/14/2004 1:05:55 AM
Last modified : 1/29/2004 2:29:49 PM



WebHancer Object recognized!
Type : File
Data : license.txt
Object : c:\program files\whinstall\
FileSize : 7 KB
Created on : 7/13/2004 10:38:06 PM
Last accessed : 7/14/2004 1:46:34 AM
Last modified : 5/22/2003 6:01:27 PM



WebHancer Object recognized!
Type : File
Data : readme.txt
Object : c:\program files\whinstall\
FileSize : 1 KB
Created on : 7/13/2004 10:38:06 PM
Last accessed : 7/14/2004 1:46:34 AM
Last modified : 3/5/2002 3:00:35 PM



WebHancer Object recognized!
Type : File
Data : sporder.dll
Object : c:\program files\whinstall\
FileSize : 11 KB
FileVersion : 4.00
ProductVersion : 4.00
Copyright : Copyright (C) Microsoft Corp. 1981-1996
CompanyName : Microsoft Corporation
FileDescription : WinSock2 reorder service providers
InternalName : sporder.dll
OriginalFilename : sporder.dll
ProductName : Microsoft(R) Windows NT(TM) Operating System
Created on : 7/13/2004 10:38:07 PM
Last accessed : 7/14/2004 1:46:34 AM
Last modified : 12/23/1999 7:12:46 PM



WebHancer Object recognized!
Type : File
Data : webhdll.dll
Object : c:\program files\whinstall\
FileSize : 40 KB
FileVersion : 3.3.0
ProductVersion : 3.3.0
Copyright : Copyright
CompanyName : webHancer Corporation
FileDescription : webHancer Winsock2 SPI
InternalName : webhdll
OriginalFilename : webhdll.dll
ProductName : webHancer Customer Companion
Created on : 7/13/2004 10:38:07 PM
Last accessed : 7/14/2004 1:46:34 AM
Last modified : 1/29/2004 2:29:51 PM



WebHancer Object recognized!
Type : File
Data : whagent.exe
Object : c:\program files\whinstall\
FileSize : 168 KB
FileVersion : 3.3.0
ProductVersion : 3.3.0
Copyright : Copyright
CompanyName : webHancer Corporation
FileDescription : webHancer Customer Companion
InternalName : whAgent
OriginalFilename : whAgent.exe
ProductName : webHancer Customer Companion
Created on : 7/13/2004 10:38:07 PM
Last accessed : 7/14/2004 1:46:34 AM
Last modified : 1/29/2004 2:30:22 PM



WebHancer Object recognized!
Type : File
Data : whagent.inf
Object : c:\program files\whinstall\
FileSize : 4 KB
Created on : 7/13/2004 10:38:06 PM
Last accessed : 7/14/2004 1:46:34 AM
Last modified : 5/3/2004 2:18:20 PM



WebHancer Object recognized!
Type : File
Data : whagent.ini
Object : c:\program files\whinstall\

Created on : 7/13/2004 10:38:06 PM
Last accessed : 7/14/2004 1:46:34 AM
Last modified : 7/20/2001 1:33:26 AM



WebHancer Object recognized!
Type : File
Data : whiehlpr.dll
Object : c:\program files\whinstall\
FileSize : 104 KB
FileVersion : 3.3.0
ProductVersion : 3.3.0
Copyright : Copyright
CompanyName : webHancer Corporation
FileDescription : webHancer IE Helper Module
InternalName : WhIeHelper
OriginalFilename : whiehlpr.dll
ProductName : webHancer Customer Companion
Created on : 7/13/2004 10:38:07 PM
Last accessed : 7/14/2004 1:46:34 AM
Last modified : 1/29/2004 2:29:49 PM



WebHancer Object recognized!
Type : File
Data : whinstaller.exe
Object : c:\program files\whinstall\
FileSize : 32 KB
FileVersion : 3.3.0
ProductVersion : 3.3.0
Copyright : Copyright
CompanyName : webHancer Corporation
FileDescription : webHancer Installer
InternalName : whInstaller
OriginalFilename : whInstaller.exe
ProductName : webHancer Customer Companion
Created on : 7/13/2004 10:38:07 PM
Last accessed : 7/14/2004 1:46:34 AM
Last modified : 1/29/2004 2:30:24 PM



WebHancer Object recognized!
Type : File
Data : whinstaller.ini
Object : c:\program files\whinstall\

Created on : 7/13/2004 10:38:06 PM
Last accessed : 7/14/2004 1:46:35 AM
Last modified : 11/13/2003 7:29:00 PM



WebHancer Object recognized!
Type : File
Data : whsurvey.exe
Object : c:\program files\whinstall\
FileSize : 140 KB
FileVersion : 3.3.0
ProductVersion : 3.3.0
Copyright : Copyright
CompanyName : webHancer Corporation
FileDescription : webHancer Survey Companion
InternalName : whSurvey
OriginalFilename : whSurvey.exe
ProductName : webHancer Survey Companion
Created on : 7/13/2004 10:38:07 PM
Last accessed : 7/14/2004 1:46:35 AM
Last modified : 1/29/2004 2:30:23 PM



WebHancer Object recognized!
Type : File
Data : whagent.inf
Object : c:\windows\
FileSize : 4 KB
Created on : 7/13/2004 10:38:06 PM
Last accessed : 7/14/2004 1:46:35 AM
Last modified : 5/3/2004 2:18:20 PM



WebHancer Object recognized!
Type : File
Data : whinstaller.exe
Object : c:\windows\
FileSize : 32 KB
FileVersion : 3.3.0
ProductVersion : 3.3.0
Copyright : Copyright
CompanyName : webHancer Corporation
FileDescription : webHancer Installer
InternalName : whInstaller
OriginalFilename : whInstaller.exe
ProductName : webHancer Customer Companion
Created on : 7/13/2004 10:38:07 PM
Last accessed : 7/14/2004 1:46:35 AM
Last modified : 1/29/2004 2:30:24 PM



WebHancer Object recognized!
Type : File
Data : whinstaller.ini
Object : c:\windows\

Created on : 7/13/2004 10:39:14 PM
Last accessed : 7/14/2004 1:46:35 AM
Last modified : 7/13/2004 10:39:14 PM



Winpup32 Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\pup


SahAgent Object recognized!
Type : File
Data : lsp_.dll
Object : c:\windows\Downloaded Program Files\
FileSize : 52 KB
FileVersion : 1, 1, 1, 20
ProductVersion : 1, 1, 1, 20
Copyright : Copyright
CompanyName : ITForum
FileDescription : LSP
InternalName : LSP
OriginalFilename : LSP.DLL
ProductName : ITForum LSP
Created on : 7/13/2004 10:38:27 PM
Last accessed : 7/14/2004 1:47:04 AM
Last modified : 11/13/2003 9:35:00 AM



SahAgent Object recognized!
Type : File
Data : sahagent_.exe
Object : c:\windows\Downloaded Program Files\
FileSize : 143 KB
FileVersion : 2, 0, 0, 1
ProductVersion : 2, 0, 0, 1
Copyright : Copyright
CompanyName : ITForum
FileDescription : SahAgent
InternalName : SahAgent
OriginalFilename : SahAgent.exe
ProductName : ITForum SahAgent
Created on : 7/13/2004 10:38:28 PM
Last accessed : 7/14/2004 1:47:04 AM
Last modified : 1/27/2004 9:34:18 AM



SahAgent Object recognized!
Type : File
Data : sahhtml_.exe
Object : c:\windows\Downloaded Program Files\
FileSize : 54 KB
FileVersion : 1, 1, 1, 5
ProductVersion : 1, 1, 1, 5
Copyright : Copyright
CompanyName : VGroup
FileDescription : Html
InternalName : Html
OriginalFilename : Html.exe
ProductName : VGroup Html
Created on : 7/13/2004 10:38:28 PM
Last accessed : 7/14/2004 1:47:04 AM
Last modified : 1/27/2004 9:35:24 AM



SahAgent Object recognized!
Type : File
Data : sahuninstall_.exe
Object : c:\windows\Downloaded Program Files\
FileSize : 29 KB
FileVersion : 2, 0, 0, 2
ProductVersion : 2, 0, 0, 2
Copyright : Copyright
FileDescription : SAHUninstall
InternalName : SAHUninstall
OriginalFilename : SAHUninstall.dll
ProductName : SAHUninstall
Created on : 7/13/2004 10:38:28 PM
Last accessed : 7/14/2004 1:47:04 AM
Last modified : 1/27/2004 9:34:48 AM



Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 76
Objects found so far: 177


9:49:24 PM Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:07:10:58
Objects scanned :66533
Objects identified :177
Objects ignored :0
New objects :177

 

Logfile of HijackThis v1.98.0
Scan saved at 9:12:31 PM, on 7/13/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\a2\a2guard.exe
C:\WINDOWS\sravwr.exe
C:\Program Files\a2\a2start.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\SysAI\SysAI.exe
C:\Documents and Settings\Stephanie Therrian\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\SearchBar.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.msu.edu:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r5.attbi.com;<local>
R3 - Default URLSearchHook is missing
O1 - Hosts: 66.159.20.52 superhova.com
O1 - Hosts: 66.159.20.52 www.superhova.com
O1 - Hosts: 66.159.20.52 www.movies-etc.com
O1 - Hosts: 66.159.20.52 22469.com
O1 - Hosts: 66.159.20.52 alehina.com
O1 - Hosts: 66.159.20.52 allowednet.com
O1 - Hosts: 66.159.20.52 amateurnudephoto.com
O1 - Hosts: 66.159.20.52 amateursgonebad.com
O1 - Hosts: 66.159.20.52 badbimbo.com
O1 - Hosts: 66.159.20.52 beautifulbondage.com
O1 - Hosts: 66.159.20.52 big-xxx-movies.com
O1 - Hosts: 66.159.20.52 bizshura.com
O1 - Hosts: 66.159.20.52 boyanxxx.com
O1 - Hosts: 66.159.20.52 cleanadulthost.com
O1 - Hosts: 66.159.20.52 cleanpornhost.com
O1 - Hosts: 66.159.20.52 cyberxxxhost.com
O1 - Hosts: 66.159.20.52 discretesex.com
O1 - Hosts: 66.159.20.52 easythumbs.com
O1 - Hosts: 66.159.20.52 exscapeporn.com
O1 - Hosts: 66.159.20.52 free-freeporn.com
O1 - Hosts: 66.159.20.52 freepornofreeporn.com
O1 - Hosts: 66.159.20.52 glamourmodelsgonebad.com
O1 - Hosts: 66.159.20.52 hot3movie.com
O1 - Hosts: 66.159.20.52 hot-adult-clips.com
O1 - Hosts: 66.159.20.52 hottestbabes.net
O1 - Hosts: 66.159.20.52 huge-****-big-****.com
O1 - Hosts: 66.159.20.52 hyperfree.com
O1 - Hosts: 66.159.20.52 inaughty.com
O1 - Hosts: 66.159.20.52 lady-love.com
O1 - Hosts: 66.159.20.52 bustyx.com
O1 - Hosts: 66.159.20.52 chubbyland.com
O1 - Hosts: 66.159.20.52 ethniccash.com
O1 - Hosts: 66.159.20.52 www.exscapeporn.com
O1 - Hosts: 66.159.20.52 www.fantasiegirl.com
O1 - Hosts: 66.159.20.52 www.free-freeporn.com
O1 - Hosts: 66.159.20.52 www.freepornofreeporn.com
O1 - Hosts: 66.159.20.52 www.glamourmodelsgonebad.com
O1 - Hosts: 66.159.20.52 link.siccash.com
O1 - Hosts: 66.159.20.52 logging.to
O1 - Hosts: 66.159.20.52 longsexvideos.com
O1 - Hosts: 66.159.20.52 lust-hero.com
O1 - Hosts: 66.159.20.52 maplebabe.com
O1 - Hosts: 66.159.20.52 maturitymovies.com
O1 - Hosts: 66.159.20.52 ogygallery.com
O1 - Hosts: 66.159.20.52 picsurfer.com
O1 - Hosts: 66.159.20.52 qualitysexvideo.com
O1 - Hosts: 66.159.20.52 snusksidan.com
O1 - Hosts: 66.159.20.52 spunkysheets.com
O1 - Hosts: 66.159.20.52 teencoreclub.com
O1 - Hosts: 66.159.20.52 www.sweetcams.net
O1 - Hosts: 66.159.20.52 www.teensample.com
O1 - Hosts: 66.159.20.52 www.teens-free-pics.com
O1 - Hosts: 66.159.20.52 www.terra.es
O1 - Hosts: 66.159.20.52 www.tgp-mpegs.com
O1 - Hosts: 66.159.20.52 teen-images.com
O1 - Hosts: 66.159.20.52 tgp.gammacash.com
O1 - Hosts: 66.159.20.52 tgpfriendly2.com
O1 - Hosts: 66.159.20.52 trannyday.com
O1 - Hosts: 66.159.20.52 video.netvideogirls.com
O1 - Hosts: 66.159.20.52 vidsweb.com
O1 - Hosts: 66.159.20.52 voyeurarena.com
O1 - Hosts: 66.159.20.52 wildcouple.net
O1 - Hosts: 66.159.20.52 www.warriorrun.com
O1 - Hosts: 66.159.20.52 xfusioncash.com
O1 - Hosts: 66.159.20.52 xxxcomfort.com
O1 - Hosts: 66.159.20.52 yabyab.com
O1 - Hosts: 66.159.20.52 biggestdickinporn.samplehosting.com
O1 - Hosts: 66.159.20.52 blackbootycam.samplehosting.com
O1 - Hosts: 66.159.20.52 samplehosting.com
O1 - Hosts: 66.159.20.52 galleries.18blowjobs.com
O1 - Hosts: 66.159.20.52 galleries.bigtitsroundasses.com
O1 - Hosts: 66.159.20.52 galleries.bikinivoyeur.com
O1 - Hosts: 66.159.20.52 galleries.blacksonblondes.com
O1 - Hosts: 66.159.20.52 galleries.easydrunkgirls.com
O1 - Hosts: 66.159.20.52 galleries.markscash.com
O1 - Hosts: 66.159.20.52 galleries.milfwhore.com
O1 - Hosts: 66.159.20.52 galleries.springbreakspycam.com
O1 - Hosts: 66.159.20.52 galleries.sweetmoney.com
O1 - Hosts: 66.159.18.75 astalavista.com
O1 - Hosts: 66.159.18.75 www.astalavista.com
O1 - Hosts: 66.159.20.52 www4.zpornstars.com
O1 - Hosts: 66.159.20.52 xxxvideohost.com
O1 - Hosts: 66.159.20.52 zpornstars.com
O1 - Hosts: 66.159.20.52 adult-cinema.org
O1 - Hosts: 66.159.20.52 adultlinks1.com
O1 - Hosts: 66.159.20.52 adultmegamovies.com
O1 - Hosts: 66.159.20.52 adultsexmovie.netadultsexmovie.net
O1 - Hosts: 66.159.20.52 adultwall.com
O1 - Hosts: 66.159.20.52 afro-sex.com
O1 - Hosts: 66.159.20.52 amateurlips.com
O1 - Hosts: 66.159.20.52 anyamateur.com
O1 - Hosts: 66.159.20.52 badassxxx.com
O1 - Hosts: 66.159.20.52 filth-hostz.com
O1 - Hosts: 66.159.20.52 fistbang.net
O1 - Hosts: 66.159.20.52 freexxxvideoclip.com
O1 - Hosts: 66.159.20.52 fvotd.com
O1 - Hosts: 66.159.20.52 ghostgalleries.com
O1 - Hosts: 66.159.20.52 hjemmesex.dk
O1 - Hosts: 66.159.20.52 www1.ndhosting.com
O1 - Hosts: 66.159.20.52 www3.ndhosting.com
O1 - Hosts: 66.159.20.52 www2.ndhosting.com
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\SysAI\AproposPlugin.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {46AA3173-E169-01BC-8650-675579AE2842} - C:\WINDOWS\system32\mlzx.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [S3Hotkey] s3hotkey.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [IMk9DL] C:\documents and settings\stephanie therrian\local settings\temp\IMk9DL.exe
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\system32\dp-him.exe
O4 - HKLM\..\Run: [filpwjpr] C:\WINDOWS\epon.exe
O4 - HKLM\..\Run: [AdRoarUpdate] C:\WINDOWS\ARUpdate.exe
O4 - HKLM\..\Run: [OSSProxy] C:\WINDOWS\SYSTEM32\ossproxy.exe -boot
O4 - HKLM\..\Run: [gpurzoh] C:\WINDOWS\ueoml.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [amlibs] C:\WINDOWS\system32\amlibs.exe
O4 - HKLM\..\Run: [jnftm] C:\WINDOWS\dsxh.exe
O4 - HKLM\..\Run: [rdxl] C:\WINDOWS\sravwr.exe
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\system32\SahAgent.exe
O4 - HKLM\..\Run: [r73O3pX] cipext32.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [snmpsnap] C:\WINDOWS\system32\snmpsnap.exe
O4 - HKCU\..\Run: [WNSC] C:\WINDOWS\system32\wnsintsu.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [awsERfbpj] clsssvc.exe
O4 - HKCU\..\Run: [a²] "C:\Program Files\a2\a2guard.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
O12 - Plugin for .2: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: ConferenceRoom Java Client - http://irc.d2jsp.org:8000/java/cr.cab
O16 - DPF: Video Poker - http://download.games.yahoo.com/games/clients/y/vpt0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot2_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt4_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt1_x.cab
O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/games/clients/y/ot0_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/WreckIt.cab
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - http://stream1000.babenet.com/cabs/videox.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.CAB
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.roings.com/cabs/downplug.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB



Thanks for any help!

 

I also used a squared and found C:\WINDOWS\mm20.ocx
The a2 scanner labels it as MALWARE.