Trojans(HJT and Adware Logs inside)

Discussion in 'adware, spyware & hijack cleaning' started by Sinister, Jul 13, 2004.

Thread Status:
Not open for further replies.
  1. Sinister

    Sinister Registered Member

    Joined:
    Jul 13, 2004
    Posts:
    4
    Might as well make it a good one. Started with 11 different trojans two days ago, now I'm down to 2. Both of which are not wanting to leave. Here are my HJTand Adaware scan logs. I do apologize for the triple posting, due to the text limit I obviously have to.I for the life of me cannot delete these with out them respawning themselves, I can't use my Media player or some MS Office programs

    Lavasoft Ad-aware Personal Build 6.181
    Logfile created on :Tuesday, July 13, 2004 9:42:11 PM
    Created with Ad-aware Personal, free for private use.
    Using reference-file :01R331 08.07.2004
    ______________________________________________________

    Ad-aware Settings
    =========================
    Set : Activate in-depth scan (Recommended)
    Set : Safe mode (always request confirmation)
    Set : Scan active processes
    Set : Scan registry
    Set : Deep scan registry


    7-13-2004 9:42:11 PM - Scan started. (Smart mode)

    Listing running processes
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    #:1 [smss.exe]
    FilePath : \SystemRoot\System32\
    ThreadCreationTime : 7-13-2004 7:25:05 PM
    BasePriority : Normal


    #:2 [csrss.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ThreadCreationTime : 7-13-2004 7:25:20 PM
    BasePriority : Normal


    #:3 [winlogon.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ThreadCreationTime : 7-13-2004 7:25:23 PM
    BasePriority : High


    #:4 [services.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 7-13-2004 7:25:25 PM
    BasePriority : Normal
    FileSize : 87 KB
    FileVersion : 5.00.2195.6700
    ProductVersion : 5.00.2195.6700
    Copyright : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName : Microsoft Corporation
    FileDescription : Services and Controller app
    InternalName : services.exe
    OriginalFilename : services.exe
    ProductName : Microsoft(R) Windows (R) 2000 Operating System
    Created on : 7/26/2000 12:00:00 PM
    Last accessed : 7/14/2004 1:04:20 AM
    Last modified : 6/19/2003 7:05:04 PM

    #:5 [lsass.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 7-13-2004 7:25:25 PM
    BasePriority : Normal
    FileSize : 32 KB
    FileVersion : 5.00.2195.6695
    ProductVersion : 5.00.2195.6695
    Copyright : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName : Microsoft Corporation
    FileDescription : LSA Executable and Server DLL (Export Version)
    InternalName : lsasrv.dll and lsass.exe
    OriginalFilename : lsasrv.dll and lsass.exe
    ProductName : Microsoft(R) Windows (R) 2000 Operating System
    Created on : 7/26/2000 12:00:00 PM
    Last accessed : 7/14/2004 1:04:20 AM
    Last modified : 6/19/2003 7:05:04 PM

    #:6 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 7-13-2004 7:25:33 PM
    BasePriority : Normal
    FileSize : 7 KB
    FileVersion : 5.00.2134.1
    ProductVersion : 5.00.2134.1
    Copyright : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft(R) Windows (R) 2000 Operating System
    Created on : 7/26/2000 12:00:00 PM
    Last accessed : 7/14/2004 1:04:21 AM
    Last modified : 7/26/2000 12:00:00 PM

    #:7 [spoolsv.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 7-13-2004 7:25:34 PM
    BasePriority : Normal
    FileSize : 44 KB
    FileVersion : 5.00.2195.6659
    ProductVersion : 5.00.2195.6659
    Copyright : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName : Microsoft Corporation
    FileDescription : Spooler SubSystem App
    InternalName : spoolss.exe
    OriginalFilename : spoolss.exe
    ProductName : Microsoft(R) Windows (R) 2000 Operating System
    Created on : 1/19/2004 7:47:01 PM
    Last accessed : 7/14/2004 12:45:24 AM
    Last modified : 6/19/2003 7:05:04 PM

    #:8 [avgserv.exe]
    FilePath : C:\PROGRA~1\Grisoft\AVG6\
    ThreadCreationTime : 7-13-2004 7:25:37 PM
    BasePriority : Normal
    FileSize : 16 KB
    FileVersion : 6.0.1.696
    ProductVersion : 6.0.1.696
    Copyright : Copyright (c) GRISOFT 1998-2004
    CompanyName : GRISOFT s.r.o
    FileDescription : AvgServ - displays notification message
    InternalName : AvgServ
    OriginalFilename : AvgServ
    ProductName : AVG6
    Created on : 6/6/2004 9:10:28 AM
    Last accessed : 7/14/2004 1:42:11 AM
    Last modified : 6/6/2004 9:10:28 AM

    #:9 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 7-13-2004 7:25:37 PM
    BasePriority : Normal
    FileSize : 7 KB
    FileVersion : 5.00.2134.1
    ProductVersion : 5.00.2134.1
    Copyright : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft(R) Windows (R) 2000 Operating System
    Created on : 7/26/2000 12:00:00 PM
    Last accessed : 7/14/2004 1:04:21 AM
    Last modified : 7/26/2000 12:00:00 PM

    #:10 [kpf4ss.exe]
    FilePath : C:\Program Files\Kerio\Personal Firewall 4\
    ThreadCreationTime : 7-13-2004 7:25:45 PM
    BasePriority : Normal
    FileSize : 1904 KB
    FileVersion : 4.0.16
    ProductVersion : 4.0.16
    Copyright : Copyright (C) 1997-2004 Kerio Technologies
    CompanyName : Kerio Technologies
    FileDescription : Kerio Personal Firewall 4 - Service
    InternalName : kpf4ss
    OriginalFilename : kpf4ss.EXE
    ProductName : Kerio Personal Firewall 4
    Created on : 4/15/2004 3:05:40 PM
    Last accessed : 7/14/2004 1:04:21 AM
    Last modified : 4/15/2004 3:05:40 PM

    #:11 [regsvc.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 7-13-2004 7:25:50 PM
    BasePriority : Normal
    FileSize : 66 KB
    FileVersion : 5.00.2195.6701
    ProductVersion : 5.00.2195.6701
    Copyright : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName : Microsoft Corporation
    FileDescription : Remote Registry Service
    InternalName : regsvc
    OriginalFilename : REGSVC.EXE
    ProductName : Microsoft(R) Windows (R) 2000 Operating System
    Created on : 1/20/2004 3:35:33 AM
    Last accessed : 7/14/2004 12:45:12 AM
    Last modified : 6/19/2003 7:05:04 PM

    #:12 [mstask.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 7-13-2004 7:25:53 PM
    BasePriority : Normal
    FileSize : 116 KB
    FileVersion : 4.71.2195.6704
    ProductVersion : 4.71.2195.6704
    Copyright : Copyright (C) Microsoft Corp. 1997
    CompanyName : Microsoft Corporation
    FileDescription : Task Scheduler Engine
    InternalName : TaskScheduler
    OriginalFilename : mstask.exe
    ProductName : Microsoft
    Created on : 1/20/2004 3:34:31 AM
    Last accessed : 7/14/2004 1:04:20 AM
    Last modified : 6/19/2003 7:05:04 PM

    #:13 [winmgmt.exe]
    FilePath : C:\WINDOWS\System32\WBEM\
    ThreadCreationTime : 7-13-2004 7:25:55 PM
    BasePriority : Normal
    FileSize : 192 KB
    FileVersion : 1.50.1085.0100
    ProductVersion : 1.50.1085.0100
    Copyright : Copyright (C) Microsoft Corp. 1995-1999
    CompanyName : Microsoft Corporation
    FileDescription : Windows Management Instrumentation
    InternalName : WINMGMT
    ProductName : Windows Management Instrumentation
    Created on : 1/20/2004 3:36:24 AM
    Last accessed : 7/14/2004 12:48:27 AM
    Last modified : 6/19/2003 7:05:04 PM

    #:14 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 7-13-2004 7:25:59 PM
    BasePriority : Normal
    FileSize : 7 KB
    FileVersion : 5.00.2134.1
    ProductVersion : 5.00.2134.1
    Copyright : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft(R) Windows (R) 2000 Operating System
    Created on : 7/26/2000 12:00:00 PM
    Last accessed : 7/14/2004 1:04:21 AM
    Last modified : 7/26/2000 12:00:00 PM

    #:15 [explorer.exe]
    FilePath : C:\WINDOWS\
    ThreadCreationTime : 7-13-2004 10:22:38 PM
    BasePriority : Normal
    FileSize : 237 KB
    FileVersion : 5.00.3700.6690
    ProductVersion : 5.00.3700.6690
    Copyright : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName : Microsoft Corporation
    FileDescription : Windows Explorer
    InternalName : explorer
    OriginalFilename : EXPLORER.EXE
    ProductName : Microsoft(R) Windows (R) 2000 Operating System
    Created on : 1/20/2004 3:32:14 AM
    Last accessed : 7/14/2004 1:27:44 AM
    Last modified : 6/19/2003 7:05:04 PM

    #:16 [avgcc32.exe]
    FilePath : C:\PROGRA~1\Grisoft\AVG6\
    ThreadCreationTime : 7-13-2004 10:23:11 PM
    BasePriority : Normal
    FileSize : 337 KB
    FileVersion : 6, 0, 0, 515
    ProductVersion : 6, 0, 0, 0
    Copyright : Copyright
    CompanyName : GRISOFT s.r.o.
    FileDescription : AVG Control Center
    InternalName : AvgCC32
    OriginalFilename : AvgCC32.EXE
    ProductName : AVG Anti-Virus System
    Created on : 9/18/2003 5:11:01 AM
    Last accessed : 7/14/2004 1:04:21 AM
    Last modified : 1/19/2004 11:00:00 AM

    #:17 [a2guard.exe]
    FilePath : C:\Program Files\a2\
    ThreadCreationTime : 7-13-2004 10:23:25 PM
    BasePriority : Normal
    FileSize : 608 KB
    Created on : 12/13/2003 8:01:19 PM
    Last accessed : 7/14/2004 1:04:21 AM
    Last modified : 12/13/2003 8:01:19 PM

    #:18 [sravwr.exe]
    FilePath : C:\WINDOWS\
    ThreadCreationTime : 7-13-2004 10:38:05 PM
    BasePriority : Normal
    FileSize : 36 KB
    FileVersion : 1.00
    ProductVersion : 1.00
    CompanyName : hgf
    InternalName : load
    OriginalFilename : load.exe
    ProductName : asdf87
    Created on : 7/13/2004 10:38:04 PM
    Last accessed : 7/14/2004 1:42:12 AM
    Last modified : 7/13/2004 10:38:04 PM

    #:19 [a2start.exe]
    FilePath : C:\Program Files\a2\
    ThreadCreationTime : 7-14-2004 1:03:18 AM
    BasePriority : Normal
    FileSize : 643 KB
    Created on : 12/13/2003 7:44:40 PM
    Last accessed : 7/14/2004 1:05:05 AM
    Last modified : 12/13/2003 7:44:40 PM

    #:20 [kpf4gui.exe]
    FilePath : C:\Program Files\Kerio\Personal Firewall 4\
    ThreadCreationTime : 7-14-2004 1:04:12 AM
    BasePriority : Normal
    FileSize : 2452 KB
    FileVersion : 4.0.16
    ProductVersion : 4.0.16
    Copyright : Copyright (C) 1997-2004 Kerio Technologies
    CompanyName : Kerio Technologies
    FileDescription : Kerio Personal Firewall 4 - GUI
    InternalName : kpf4gui
    OriginalFilename : kpf4gui.EXE
    ProductName : Kerio Personal Firewall 4
    Created on : 4/15/2004 3:05:14 PM
    Last accessed : 7/14/2004 1:06:48 AM
    Last modified : 4/15/2004 3:05:14 PM

    #:21 [kpf4gui.exe]
    FilePath : C:\Program Files\Kerio\Personal Firewall 4\
    ThreadCreationTime : 7-14-2004 1:05:04 AM
    BasePriority : Normal
    FileSize : 2452 KB
    FileVersion : 4.0.16
    ProductVersion : 4.0.16
    Copyright : Copyright (C) 1997-2004 Kerio Technologies
    CompanyName : Kerio Technologies
    FileDescription : Kerio Personal Firewall 4 - GUI
    InternalName : kpf4gui
    OriginalFilename : kpf4gui.EXE
    ProductName : Kerio Personal Firewall 4
    Created on : 4/15/2004 3:05:14 PM
    Last accessed : 7/14/2004 1:06:48 AM
    Last modified : 4/15/2004 3:05:14 PM

    #:22 [iexplore.exe]
    FilePath : C:\Program Files\Internet Explorer\
    ThreadCreationTime : 7-14-2004 1:05:44 AM
    BasePriority : Normal
    FileSize : 89 KB
    FileVersion : 6.00.2800.1106
    ProductVersion : 6.00.2800.1106
    CompanyName : Microsoft Corporation
    FileDescription : Internet Explorer
    InternalName : iexplore
    OriginalFilename : IEXPLORE.EXE
    ProductName : Microsoft
    Created on : 8/29/2002 12:14:40 PM
    Last accessed : 7/14/2004 1:12:31 AM
    Last modified : 8/29/2002 12:14:40 PM

    #:23 [sysai.exe]
    FilePath : C:\Program Files\SysAI\
    ThreadCreationTime : 7-14-2004 1:05:51 AM
    BasePriority : Normal
    FileSize : 612 KB
    FileVersion : 1, 0, 0, 1
    ProductVersion : 1, 0, 0, 1
    Copyright : Copyright
    CompanyName : Apropos Media
    FileDescription : Internet Explorer
    InternalName : Ads.
    OriginalFilename : SysAI.exe
    ProductName : Ads
    Created on : 7/13/2004 10:46:32 PM
    Last accessed : 7/14/2004 1:02:15 AM
    Last modified : 7/13/2004 10:46:05 PM

    #:24 [hijackthis.exe]
    FilePath : C:\Documents and Settings\Stephanie Therrian\Desktop\
    ThreadCreationTime : 7-14-2004 1:11:26 AM
    BasePriority : Normal
    FileSize : 181 KB
    FileVersion : 1.98
    ProductVersion : 1.98
    Copyright : Freeware
    CompanyName : Soeperman Enterprises Ltd.
    FileDescription : HijackThis
    InternalName : HijackThis
    OriginalFilename : HijackThis.exe
    ProductName : HijackThis
    Created on : 7/2/2004 11:38:50 AM
    Last accessed : 7/14/2004 1:11:26 AM
    Last modified : 7/2/2004 11:38:50 AM

    #:25 [notepad.exe]
    FilePath : C:\WINDOWS\
    ThreadCreationTime : 7-14-2004 1:12:33 AM
    BasePriority : Normal
    FileSize : 49 KB
    FileVersion : 5.00.2140.1
    ProductVersion : 5.00.2140.1
    Copyright : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName : Microsoft Corporation
    FileDescription : Notepad
    InternalName : Notepad
    OriginalFilename : NOTEPAD.EXE
    ProductName : Microsoft(R) Windows (R) 2000 Operating System
    Created on : 1/19/2004 7:47:02 PM
    Last accessed : 7/14/2004 1:42:13 AM
    Last modified : 7/26/2000 12:00:00 PM

    #:26 [a2start.exe]
    FilePath : C:\Program Files\a2\
    ThreadCreationTime : 7-14-2004 1:12:52 AM
    BasePriority : Normal
    FileSize : 643 KB
    Created on : 12/13/2003 7:44:40 PM
    Last accessed : 7/14/2004 1:05:05 AM
    Last modified : 12/13/2003 7:44:40 PM

    #:27 [a2scan.exe]
    FilePath : C:\Program Files\a2\
    ThreadCreationTime : 7-14-2004 1:12:56 AM
    BasePriority : Normal
    FileSize : 1563 KB
    Created on : 12/13/2003 7:40:29 PM
    Last accessed : 7/14/2004 1:04:21 AM
    Last modified : 12/13/2003 7:40:29 PM

    #:28 [em-pee three.exe]
    FilePath : C:\Dru's Games\
    ThreadCreationTime : 7-14-2004 1:28:39 AM
    BasePriority : Normal
    FileSize : 948 KB
    FileVersion : 4.03.0011
    ProductVersion : 4.03.0011
    Copyright : Copyright freeza inc.
    CompanyName : freeza inc.
    FileDescription : music player
    InternalName : em-pee three
    OriginalFilename : em-pee three.exe
    ProductName : em-pee three player
    Created on : 12/20/2003 4:07:30 AM
    Last accessed : 7/14/2004 1:28:34 AM
    Last modified : 12/20/2003 4:07:30 AM

    #:29 [avgw.exe]
    FilePath : C:\Program Files\Grisoft\AVG6\
    ThreadCreationTime : 7-14-2004 1:31:52 AM
    BasePriority : Normal
    FileSize : 428 KB
    FileVersion : 6, 0, 0, 516
    ProductVersion : 6, 0, 0, 0
    Copyright : Copyright
    CompanyName : GRISOFT, s.r.o.
    FileDescription : AVG 6.0 Application
    InternalName : avgw
    OriginalFilename : avgw.exe
    ProductName : AVG Anti-Virus System
    Created on : 9/18/2003 5:11:01 AM
    Last accessed : 7/14/2004 1:05:05 AM
    Last modified : 1/19/2004 11:00:00 AM

    #:30 [ad-aware.exe]
    FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
    ThreadCreationTime : 7-14-2004 1:40:44 AM
    BasePriority : Normal
    FileSize : 668 KB
    FileVersion : 6.0.1.181
    ProductVersion : 6.0.0.0
    Copyright : Copyright
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-aware 6 core application
    InternalName : Ad-aware.exe
    OriginalFilename : Ad-aware.exe
    ProductName : Lavasoft Ad-aware Plus
    Created on : 4/28/2004 8:12:15 PM
    Last accessed : 7/14/2004 1:40:36 AM
    Last modified : 7/13/2003 1:00:20 AM

    Memory scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0


    Started registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    PeopleOnPage Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : Apropos.Client


    PeopleOnPage Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : Apropos.Client.1.1


    PeopleOnPage Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : CLSID\{A4A58A2C-B039-432B-8BC1-DCA7AC0757DC}


    PeopleOnPage Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : CLSID\{01C5BF6C-E699-4CD7-BEA1-786FA05C83AB}


    PeopleOnPage Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\Apropos


    PeopleOnPage Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\Envolo


    PeopleOnPage Object recognized!
    Type : RegKey
    Data : e_uninstall.log
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutoUpdate


    PeopleOnPage Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CURRENT_USER
    Object : SOFTWARE\Apropos


    Roings Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\roings


    SahAgent Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : CLSID\{30402FF4-3E71-4A1C-9B4B-1CD3486A9FB2}


    SahAgent Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : Interface\{4828C95F-C5DB-4AB6-A945-8D8EC44B98A8}


    SahAgent Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : Interface\{4E570F74-DEEE-4FCF-B960-FEEFA4B8C6FC}


    SahAgent Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopAtHomeSelect Agent


    SahAgent Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\VGroup


    SahAgent Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : Software\WinSock2\Layered Provider Sample


    SahAgent Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : TYPELIB\{cde442a3-dc2c-467e-a311-b4bc775d86c5}


    SahAgent Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : WEBInstaller.execute


    SahAgent Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : WEBInstaller.execute.1


    WebHancer Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0}


    WebHancer Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}


    WebHancer Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0}


    WebHancer Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent


    WebHancer Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\whSurvey


    WebHancer Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : Software\webHancer


    WebHancer Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}


    WebHancer Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : WhIeHelperObj.WhIeHelperObj


    WebHancer Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : WhIeHelperObj.WhIeHelperObj.1


    SahAgent Object recognized!
    Type : RegValue
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Value : SAHAGENT


    WebHancer Object recognized!
    Type : RegValue
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : Software\Microsoft\Windows\CurrentVersion\Run
    Value : webHancer Agent


    Registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 29
    Objects found so far: 29


    Started deep registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Roings Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : CLSID\{E0CE16CB-741C-4B24-8D04-A817856E07F4}


    Roings Object recognized!
    Type : File
    Data : mm20.ocx
    Object : c:\windows\
    FileSize : 60 KB
    FileVersion : 1.00
    ProductVersion : 1.00
    CompanyName : df
    InternalName : mm20
    OriginalFilename : mm20.ocx
    ProductName : DemoCtla
    Created on : 7/13/2004 10:37:58 PM
    Last accessed : 7/14/2004 1:44:37 AM
    Last modified : 7/13/2004 10:37:58 PM



    Roings Object recognized!
    Type : RegKey
    Data : c:\windows\mm20.ocx
    Rootkey : HKEY_CLASSES_ROOT
    Object : TYPELIB\{78A163D2-2358-464D-807B-0E2A078C7727}


    Roings Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : IObjSafety.DemoCtl


    Winpup32 Object recognized!
    Type : RegValue
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : Software\Microsoft\Windows\CurrentVersion\Run
    Value : amlibs


    Winpup32 Object recognized!
    Type : File
    Data : amlibs.exe
    Object : c:\windows\system32\
    FileSize : 64 KB
    FileVersion : 7.00.0001
    ProductVersion : 7.00.0001
    CompanyName : thumbviewer
    InternalName : rico
    OriginalFilename : rico.exe
    ProductName : builder
    Created on : 7/13/2004 5:01:37 AM
    Last accessed : 7/14/2004 1:04:21 AM
    Last modified : 7/2/2004 1:25:04 PM



    WebHancer Object recognized!
    Type : RegValue
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : Software\Microsoft\Windows\CurrentVersion\Run
    Value : webHancer Survey Companion


    WebHancer Object recognized!
    Type : File
    Data : whsurvey.exe
    Object : c:\program files\webhancer\programs\
    FileSize : 140 KB
    FileVersion : 3.3.0
    ProductVersion : 3.3.0
    Copyright : Copyright
    CompanyName : webHancer Corporation
    FileDescription : webHancer Survey Companion
    InternalName : whSurvey
    OriginalFilename : whSurvey.exe
    ProductName : webHancer Survey Companion
    Created on : 7/13/2004 10:38:07 PM
    Last accessed : 7/14/2004 1:45:13 AM
    Last modified : 1/29/2004 2:30:23 PM



    PeopleOnPage Object recognized!
    Type : RegValue
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : Software\Microsoft\Windows\CurrentVersion\Run
    Value : AutoUpdater


    PeopleOnPage Object recognized!
    Type : File
    Data : autoupdate.exe
    Object : c:\program files\autoupdate\
    FileSize : 220 KB
    Created on : 7/13/2004 10:47:18 PM
    Last accessed : 7/14/2004 1:45:13 AM
    Last modified : 7/13/2004 10:46:47 PM



    PeopleOnPage Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01C5BF6C-E699-4CD7-BEA1-786FA05C83AB}


    SahAgent Object recognized!
    Type : LSP
    Data : c:\windows\system32\lsp.dll
    Layered Service Provider: SAHagent MSAFD Tcpip [TCP/IP]


    SahAgent Object recognized!
    Type : File
    Data : lsp.dll
    Object : c:\windows\system32\
    FileSize : 52 KB
    FileVersion : 1, 1, 1, 20
    ProductVersion : 1, 1, 1, 20
    Copyright : Copyright
    CompanyName : ITForum
    FileDescription : LSP
    InternalName : LSP
    OriginalFilename : LSP.DLL
    ProductName : ITForum LSP
    Created on : 7/13/2004 10:38:35 PM
    Last accessed : 7/14/2004 1:04:05 AM
    Last modified : 11/13/2003 9:35:00 AM



    SahAgent Object recognized!
    Type : LSP
    Data : c:\windows\system32\lsp.dll
    Layered Service Provider: SAHagent MSAFD Tcpip [TCP/IP]


    SahAgent Object recognized!
    Type : LSP
    Data : c:\windows\system32\lsp.dll
    Layered Service Provider: SAHagent MSAFD Tcpip [UDP/IP]


    SahAgent Object recognized!
    Type : LSP
    Data : c:\windows\system32\lsp.dll
    Layered Service Provider: SAHagent MSAFD Tcpip [UDP/IP]


    SahAgent Object recognized!
    Type : LSP
    Data : c:\windows\system32\lsp.dll
    Layered Service Provider: SAHagent MSAFD Tcpip [RAW/IP]


    SahAgent Object recognized!
    Type : LSP
    Data : c:\windows\system32\lsp.dll
    Layered Service Provider: SAHagent MSAFD Tcpip [RAW/IP]


    SahAgent Object recognized!
    Type : LSP
    Data : c:\windows\system32\lsp.dll
    Layered Service Provider: SAHagent RSVP UDP Service Provider


    SahAgent Object recognized!
    Type : LSP
    Data : c:\windows\system32\lsp.dll
    Layered Service Provider: SAHagent RSVP UDP Service Provider


    SahAgent Object recognized!
    Type : LSP
    Data : c:\windows\system32\lsp.dll
    Layered Service Provider: SAHagent RSVP TCP Service Provider


    SahAgent Object recognized!
    Type : LSP
    Data : c:\windows\system32\lsp.dll
    Layered Service Provider: SAHagent RSVP TCP Service Provider


    SahAgent Object recognized!
    Type : LSP
    Data : c:\windows\system32\lsp.dll
    Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{949AE477-C41B-4215-A415-D6CC87A28E2B}] SEQPACKET 3


    SahAgent Object recognized!
    Type : LSP
    Data : c:\windows\system32\lsp.dll
    Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{949AE477-C41B-4215-A415-D6CC87A28E2B}] SEQPACKET 3


    SahAgent Object recognized!
    Type : LSP
    Data : c:\windows\system32\lsp.dll
    Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{949AE477-C41B-4215-A415-D6CC87A28E2B}] DATAGRAM 3


    SahAgent Object recognized!
    Type : LSP
    Data : c:\windows\system32\lsp.dll
    Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{949AE477-C41B-4215-A415-D6CC87A28E2B}] DATAGRAM 3


    SahAgent Object recognized!
    Type : LSP
    Data : c:\windows\system32\lsp.dll
    Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{7DD77A00-8969-402D-8465-365FDD529370}] SEQPACKET 0


    SahAgent Object recognized!
    Type : LSP
    Data : c:\windows\system32\lsp.dll
    Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{7DD77A00-8969-402D-8465-365FDD529370}] SEQPACKET 0


    SahAgent Object recognized!
    Type : LSP
    Data : c:\windows\system32\lsp.dll
    Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{7DD77A00-8969-402D-8465-365FDD529370}] DATAGRAM 0


    SahAgent Object recognized!
    Type : LSP
    Data : c:\windows\system32\lsp.dll
    Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{7DD77A00-8969-402D-8465-365FDD529370}] DATAGRAM 0


    SahAgent Object recognized!
    Type : LSP
    Data : c:\windows\system32\lsp.dll
    Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{E08BBE52-FABC-40C0-9C85-DE8777D94129}] SEQPACKET 2


    SahAgent Object recognized!
    Type : LSP
    Data : c:\windows\system32\lsp.dll
    Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{E08BBE52-FABC-40C0-9C85-DE8777D94129}] SEQPACKET 2


    SahAgent Object recognized!
    Type : LSP
    Data : c:\windows\system32\lsp.dll
    Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{E08BBE52-FABC-40C0-9C85-DE8777D94129}] DATAGRAM 2


    SahAgent Object recognized!
    Type : LSP
    Data : c:\windows\system32\lsp.dll
    Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{E08BBE52-FABC-40C0-9C85-DE8777D94129}] DATAGRAM 2


    SahAgent Object recognized!
    Type : LSP
    Data : c:\windows\system32\lsp.dll
    Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{4569A66B-6EDB-4B34-A737-1B69ABD4C860}] SEQPACKET 4


    SahAgent Object recognized!
    Type : LSP
    Data : c:\windows\system32\lsp.dll
    Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{4569A66B-6EDB-4B34-A737-1B69ABD4C860}] SEQPACKET 4


    SahAgent Object recognized!
    Type : LSP
    Data : c:\windows\system32\lsp.dll
    Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{4569A66B-6EDB-4B34-A737-1B69ABD4C860}] DATAGRAM 4


    SahAgent Object recognized!
    Type : LSP
    Data : c:\windows\system32\lsp.dll
    Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{4569A66B-6EDB-4B34-A737-1B69ABD4C860}] DATAGRAM 4


    SahAgent Object recognized!
    Type : LSP
    Data : c:\windows\system32\lsp.dll
    Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{19C9F7EA-FB91-402D-B117-8C141140215D}] SEQPACKET 5


    SahAgent Object recognized!
    Type : LSP
    Data : c:\windows\system32\lsp.dll
    Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{19C9F7EA-FB91-402D-B117-8C141140215D}] SEQPACKET 5


    SahAgent Object recognized!
    Type : LSP
    Data : c:\windows\system32\lsp.dll
    Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{19C9F7EA-FB91-402D-B117-8C141140215D}] DATAGRAM 5


    SahAgent Object recognized!
    Type : LSP
    Data : c:\windows\system32\lsp.dll
    Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{19C9F7EA-FB91-402D-B117-8C141140215D}] DATAGRAM 5


    WebHancer Object recognized!
    Type : LSP
    Data : c:\windows\webhdll.dll
    Layered Service Provider: webHancer OSMIM --> MSAFD Tcpip [TCP/IP]


    WebHancer Object recognized!
    Type : File
    Data : webhdll.dll
    Object : c:\windows\
    FileSize : 40 KB
    FileVersion : 3.3.0
    ProductVersion : 3.3.0
    Copyright : Copyright
    CompanyName : webHancer Corporation
    FileDescription : webHancer Winsock2 SPI
    InternalName : webhdll
    OriginalFilename : webhdll.dll
    ProductName : webHancer Customer Companion
    Created on : 7/12/2004 5:44:15 PM
    Last accessed : 7/14/2004 1:45:47 AM
    Last modified : 1/29/2004 2:29:51 PM



    WebHancer Object recognized!
    Type : LSP
    Data : c:\windows\webhdll.dll
    Layered Service Provider: webHancer OSMIM --> MSAFD Tcpip [TCP/IP]


    WebHancer Object recognized!
    Type : LSP
    Data : c:\windows\webhdll.dll
    Layered Service Provider: webHancer OSMIM --> MSAFD Tcpip [UDP/IP]


    WebHancer Object recognized!
    Type : LSP
    Data : c:\windows\webhdll.dll
    Layered Service Provider: webHancer OSMIM --> MSAFD Tcpip [UDP/IP]


    WebHancer Object recognized!
    Type : LSP
    Data : c:\windows\webhdll.dll
    Layered Service Provider: webHancer MSAFD Tcpip [TCP/IP]


    WebHancer Object recognized!
    Type : LSP
    Data : c:\windows\webhdll.dll
    Layered Service Provider: webHancer MSAFD Tcpip [TCP/IP]


    WebHancer Object recognized!
    Type : LSP
    Data : c:\windows\webhdll.dll
    Layered Service Provider: webHancer MSAFD Tcpip [UDP/IP]


    WebHancer Object recognized!
    Type : LSP
    Data : c:\windows\webhdll.dll
    Layered Service Provider: webHancer MSAFD Tcpip [UDP/IP]


    WebHancer Object recognized!
    Type : LSP
    Data : c:\windows\webhdll.dll
    Layered Service Provider: webHancer SAHagent MSAFD Tcpip [TCP/IP]


    WebHancer Object recognized!
    Type : LSP
    Data : c:\windows\webhdll.dll
    Layered Service Provider: webHancer SAHagent MSAFD Tcpip [TCP/IP]


    WebHancer Object recognized!
    Type : LSP
    Data : c:\windows\webhdll.dll
    Layered Service Provider: webHancer SAHagent MSAFD Tcpip [UDP/IP]


    WebHancer Object recognized!
    Type : LSP
    Data : c:\windows\webhdll.dll
    Layered Service Provider: webHancer SAHagent MSAFD Tcpip [UDP/IP]


    SahAgent Object recognized!
    Type : LSP
    Data : c:\windows\system32\lsp.dll
    Layered Service Provider: SAHagent


    SahAgent Object recognized!
    Type : LSP
    Data : c:\windows\system32\lsp.dll
    Layered Service Provider: SAHagent


    WebHancer Object recognized!
    Type : LSP
    Data : c:\windows\webhdll.dll
    Layered Service Provider: webHancer


    WebHancer Object recognized!
    Type : LSP
    Data : c:\windows\webhdll.dll
    Layered Service Provider: webHancer


    Deep registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 53
    Objects found so far: 88


    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Tracking Cookie Object recognized!
    Type : File
    Data : dru@advertising[2].txt
    Object : C:\Documents and Settings\Stephanie Therrian\Cookies\

    Created on : 7/13/2004 11:48:01 PM
    Last accessed : 7/14/2004 1:45:48 AM
    Last modified : 7/14/2004 12:36:15 AM



    Tracking Cookie Object recognized!
    Type : File
    Data : dru@atdmt[2].txt
    Object : C:\Documents and Settings\Stephanie Therrian\Cookies\

    Created on : 7/14/2004 1:10:57 AM
    Last accessed : 7/14/2004 1:10:57 AM
    Last modified : 7/14/2004 1:10:57 AM



    Tracking Cookie Object recognized!
    Type : File
    Data : dru@clickagents[2].txt
    Object : C:\Documents and Settings\Stephanie Therrian\Cookies\

    Created on : 7/13/2004 11:36:52 PM
    Last accessed : 7/14/2004 1:45:48 AM
    Last modified : 7/13/2004 11:36:52 PM
     
  2. Sinister

    Sinister Registered Member

    Joined:
    Jul 13, 2004
    Posts:
    4
    Tracking Cookie Object recognized!
    Type : File
    Data : dru@doubleclick[1].txt
    Object : C:\Documents and Settings\Stephanie Therrian\Cookies\

    Created on : 7/13/2004 11:52:04 PM
    Last accessed : 7/14/2004 12:58:50 AM
    Last modified : 7/13/2004 11:53:59 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : dru@edge.ru4[1].txt
    Object : C:\Documents and Settings\Stephanie Therrian\Cookies\
    FileSize : 1 KB
    Created on : 7/14/2004 12:41:56 AM
    Last accessed : 7/14/2004 1:45:48 AM
    Last modified : 7/14/2004 12:41:57 AM



    Tracking Cookie Object recognized!
    Type : File
    Data : dru@fortunecity[1].txt
    Object : C:\Documents and Settings\Stephanie Therrian\Cookies\

    Created on : 7/14/2004 12:22:15 AM
    Last accessed : 7/14/2004 1:45:49 AM
    Last modified : 7/14/2004 12:22:15 AM



    Tracking Cookie Object recognized!
    Type : File
    Data : dru@maxserving[1].txt
    Object : C:\Documents and Settings\Stephanie Therrian\Cookies\

    Created on : 7/13/2004 11:48:10 PM
    Last accessed : 7/14/2004 1:45:49 AM
    Last modified : 7/13/2004 11:48:10 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : dru@revenue[1].txt
    Object : C:\Documents and Settings\Stephanie Therrian\Cookies\

    Created on : 7/14/2004 12:27:25 AM
    Last accessed : 7/14/2004 1:45:49 AM
    Last modified : 7/14/2004 12:27:25 AM



    Tracking Cookie Object recognized!
    Type : File
    Data : dru@servedby.advertising[1].txt
    Object : C:\Documents and Settings\Stephanie Therrian\Cookies\

    Created on : 7/14/2004 12:36:15 AM
    Last accessed : 7/14/2004 1:45:49 AM
    Last modified : 7/14/2004 12:36:15 AM


    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


    Deep scanning and examining files (C:)
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Winpup32 Object recognized!
    Type : File
    Data : asdialr.exe
    Object : C:\WINDOWS\system32\
    FileSize : 64 KB
    FileVersion : 7.00.0001
    ProductVersion : 7.00.0001
    CompanyName : thumbviewer
    InternalName : rico
    OriginalFilename : rico.exe
    ProductName : builder
    Created on : 7/13/2004 4:20:40 AM
    Last accessed : 7/14/2004 1:04:21 AM
    Last modified : 7/2/2004 1:25:04 PM



    SahAgent Object recognized!
    Type : File
    Data : lsp.dll
    Object : C:\WINDOWS\system32\
    FileSize : 52 KB
    FileVersion : 1, 1, 1, 20
    ProductVersion : 1, 1, 1, 20
    Copyright : Copyright
    CompanyName : ITForum
    FileDescription : LSP
    InternalName : LSP
    OriginalFilename : LSP.DLL
    ProductName : ITForum LSP
    Created on : 7/13/2004 10:38:35 PM
    Last accessed : 7/14/2004 1:04:05 AM
    Last modified : 11/13/2003 9:35:00 AM



    SahAgent Object recognized!
    Type : File
    Data : sahagent.exe
    Object : C:\WINDOWS\system32\
    FileSize : 143 KB
    FileVersion : 2, 0, 0, 1
    ProductVersion : 2, 0, 0, 1
    Copyright : Copyright
    CompanyName : ITForum
    FileDescription : SahAgent
    InternalName : SahAgent
    OriginalFilename : SahAgent.exe
    ProductName : ITForum SahAgent
    Created on : 7/13/2004 10:38:36 PM
    Last accessed : 7/14/2004 1:46:23 AM
    Last modified : 1/27/2004 9:34:18 AM



    SahAgent Object recognized!
    Type : File
    Data : sahhtml.exe
    Object : C:\WINDOWS\system32\
    FileSize : 54 KB
    FileVersion : 1, 1, 1, 5
    ProductVersion : 1, 1, 1, 5
    Copyright : Copyright
    CompanyName : VGroup
    FileDescription : Html
    InternalName : Html
    OriginalFilename : Html.exe
    ProductName : VGroup Html
    Created on : 7/13/2004 10:38:37 PM
    Last accessed : 7/14/2004 1:46:23 AM
    Last modified : 1/27/2004 9:35:24 AM




    Performing conditional scans..
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    PeopleOnPage Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : CLSID\{A2872B10-39F2-42DF-9335-7DD38CF75255}


    PeopleOnPage Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : Interface\{A1558B18-F76C-40FE-B358-9E47449F3CFE}


    PeopleOnPage Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : Interface\{A2872B10-39F2-42DF-9335-7DD38CF75255}


    PeopleOnPage Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : Interface\{A7D0472E-C1FC-4D8F-ABA1-98A7692561BF}


    PeopleOnPage Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\AutoLoader


    PeopleOnPage Object recognized!
    Type : Folder
    Object : c:\program files\AutoUpdate


    PeopleOnPage Object recognized!
    Type : Folder
    Object : c:\docume~1\stepha~1\locals~1\temp\AutoUpdate0


    PeopleOnPage Object recognized!
    Type : Folder
    Object : c:\docume~1\stepha~1\locals~1\temp\~apropos0


    PeopleOnPage Object recognized!
    Type : Folder
    Object : c:\docume~1\stepha~1\locals~1\temp\~compoundinst0


    PeopleOnPage Object recognized!
    Type : Folder
    Object : c:\docume~1\stepha~1\locals~1\temp\Atf


    PeopleOnPage Object recognized!
    Type : Folder
    Object : c:\program files\SysAI


    PeopleOnPage Object recognized!
    Type : File
    Data : libexpat.dll
    Object : c:\program files\autoupdate\
    FileSize : 140 KB
    Created on : 7/13/2004 10:47:18 PM
    Last accessed : 7/14/2004 1:46:32 AM
    Last modified : 7/13/2004 10:46:47 PM



    PeopleOnPage Object recognized!
    Type : File
    Data : aproposplugin.dll
    Object : c:\program files\sysai\
    FileSize : 64 KB
    Created on : 7/13/2004 10:46:32 PM
    Last accessed : 7/14/2004 1:05:50 AM
    Last modified : 7/13/2004 10:46:04 PM



    PeopleOnPage Object recognized!
    Type : File
    Data : auto_update_uninstall.exe
    Object : c:\windows\system32\
    FileSize : 228 KB
    Created on : 7/13/2004 10:47:18 PM
    Last accessed : 7/14/2004 1:45:50 AM
    Last modified : 7/13/2004 10:46:47 PM



    PeopleOnPage Object recognized!
    Type : File
    Data : auto_update_uninstall.log
    Object : c:\windows\system32\

    Created on : 7/13/2004 10:47:18 PM
    Last accessed : 7/14/2004 1:46:32 AM
    Last modified : 7/13/2004 10:47:18 PM



    PeopleOnPage Object recognized!
    Type : File
    Data : atla.dll
    Object : c:\docume~1\stepha~1\locals~1\temp\~apropos0\
    FileSize : 72 KB
    FileVersion : 3.00.8449
    ProductVersion : 6.00.8449
    Copyright : Copyright
    CompanyName : Microsoft Corporation
    FileDescription : ATL Module for Windows (ANSI)
    InternalName : ATL
    OriginalFilename : ATL.DLL
    ProductName : Microsoft (R) Visual C++
    Created on : 7/13/2004 10:46:06 PM
    Last accessed : 7/14/2004 1:46:32 AM
    Last modified : 7/13/2004 10:46:06 PM



    PeopleOnPage Object recognized!
    Type : File
    Data : atlw.dll
    Object : c:\docume~1\stepha~1\locals~1\temp\~apropos0\
    FileSize : 73 KB
    FileVersion : 3.00.9435
    ProductVersion : 6.00.9435
    Copyright : Copyright
    CompanyName : Microsoft Corporation
    FileDescription : ATL Module for Windows NT (Unicode)
    InternalName : ATL
    OriginalFilename : ATL.DLL
    ProductName : Microsoft (R) Visual C++
    Created on : 7/13/2004 10:46:06 PM
    Last accessed : 7/14/2004 1:46:32 AM
    Last modified : 7/13/2004 10:46:06 PM



    PeopleOnPage Object recognized!
    Type : File
    Data : setup.inf
    Object : c:\docume~1\stepha~1\locals~1\temp\~apropos0\
    FileSize : 1 KB
    Created on : 7/13/2004 10:46:06 PM
    Last accessed : 7/14/2004 1:46:32 AM
    Last modified : 7/13/2004 10:46:06 PM



    PeopleOnPage Object recognized!
    Type : File
    Data : ace.dll
    Object : c:\program files\sysai\
    FileSize : 568 KB
    FileVersion : 5.1.18
    ProductVersion : 5.1.18
    FileDescription : ACE
    InternalName : ACEDLL
    OriginalFilename : ACE.DLL
    ProductName : ACE
    Created on : 7/13/2004 10:46:32 PM
    Last accessed : 7/14/2004 1:46:32 AM
    Last modified : 7/13/2004 10:46:06 PM



    PeopleOnPage Object recognized!
    Type : File
    Data : ai_13-07-2004.log
    Object : c:\program files\sysai\

    Created on : 7/13/2004 10:46:34 PM
    Last accessed : 7/14/2004 12:31:41 AM
    Last modified : 7/13/2004 10:46:35 PM



    PeopleOnPage Object recognized!
    Type : File
    Data : atl.dll
    Object : c:\program files\sysai\
    FileSize : 73 KB
    FileVersion : 3.00.9435
    ProductVersion : 6.00.9435
    Copyright : Copyright
    CompanyName : Microsoft Corporation
    FileDescription : ATL Module for Windows NT (Unicode)
    InternalName : ATL
    OriginalFilename : ATL.DLL
    ProductName : Microsoft (R) Visual C++
    Created on : 7/13/2004 10:46:33 PM
    Last accessed : 7/14/2004 1:46:32 AM
    Last modified : 7/13/2004 10:46:06 PM



    PeopleOnPage Object recognized!
    Type : File
    Data : data.bin
    Object : c:\program files\sysai\
    FileSize : 114 KB
    Created on : 7/13/2004 10:46:33 PM
    Last accessed : 7/14/2004 1:46:32 AM
    Last modified : 7/13/2004 10:46:06 PM



    PeopleOnPage Object recognized!
    Type : File
    Data : libexpat.dll
    Object : c:\program files\sysai\
    FileSize : 140 KB
    Created on : 7/13/2004 10:46:32 PM
    Last accessed : 7/14/2004 1:46:32 AM
    Last modified : 7/13/2004 10:46:06 PM



    PeopleOnPage Object recognized!
    Type : File
    Data : plg0
    Object : c:\program files\sysai\

    Created on : 7/12/2004 1:27:35 PM
    Last accessed : 7/14/2004 12:31:42 AM
    Last modified : 7/12/2004 1:27:35 PM



    PeopleOnPage Object recognized!
    Type : File
    Data : proxystub.dll
    Object : c:\program files\sysai\
    FileSize : 28 KB
    Created on : 7/13/2004 10:46:32 PM
    Last accessed : 7/14/2004 1:04:36 AM
    Last modified : 7/13/2004 10:46:04 PM



    PeopleOnPage Object recognized!
    Type : File
    Data : pstub0
    Object : c:\program files\sysai\

    Created on : 7/12/2004 1:27:36 PM
    Last accessed : 7/14/2004 12:31:42 AM
    Last modified : 7/12/2004 1:27:36 PM



    PeopleOnPage Object recognized!
    Type : File
    Data : sysai.exe
    Object : c:\program files\sysai\
    FileSize : 612 KB
    FileVersion : 1, 0, 0, 1
    ProductVersion : 1, 0, 0, 1
    Copyright : Copyright
    CompanyName : Apropos Media
    FileDescription : Internet Explorer
    InternalName : Ads.
    OriginalFilename : SysAI.exe
    ProductName : Ads
    Created on : 7/13/2004 10:46:32 PM
    Last accessed : 7/14/2004 1:02:15 AM
    Last modified : 7/13/2004 10:46:05 PM



    PeopleOnPage Object recognized!
    Type : File
    Data : uninstaller.exe
    Object : c:\program files\sysai\
    FileSize : 136 KB
    Created on : 7/13/2004 10:46:33 PM
    Last accessed : 7/14/2004 1:46:33 AM
    Last modified : 7/13/2004 10:46:06 PM



    PeopleOnPage Object recognized!
    Type : File
    Data : wingenerics.dll
    Object : c:\program files\sysai\
    FileSize : 568 KB
    Created on : 7/13/2004 10:46:33 PM
    Last accessed : 7/14/2004 1:46:33 AM
    Last modified : 7/13/2004 10:46:05 PM



    PeopleOnPage Object recognized!
    Type : File
    Data : auto_update_install.exe
    Object : c:\docume~1\stepha~1\locals~1\temp\autoupdate0\
    FileSize : 248 KB
    Created on : 7/13/2004 10:46:47 PM
    Last accessed : 7/14/2004 1:46:33 AM
    Last modified : 7/13/2004 10:46:47 PM



    PeopleOnPage Object recognized!
    Type : File
    Data : setup.inf
    Object : c:\docume~1\stepha~1\locals~1\temp\autoupdate0\
    FileSize : 2 KB
    Created on : 7/13/2004 10:46:48 PM
    Last accessed : 7/14/2004 1:46:33 AM
    Last modified : 7/13/2004 10:46:48 PM



    Roings Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : Interface\{3E4BCF50-865B-4EF4-A0BC-BF57229EA525}


    Roings Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : Interface\{64A5BD22-8D8A-4193-9CF8-7DB5212ABB17}


    Roings Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : Interface\{9F61CFDF-5C79-4D35-B4DA-766B28367223}


    Roings Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : Interface\{E832FFDE-8ED2-47B7-BE50-729A238040A0}


    Roings Object recognized!
    Type : File
    Data : asdf.txt
    Object : c:\

    Created on : 7/13/2004 10:37:58 PM
    Last accessed : 7/14/2004 1:46:33 AM
    Last modified : 7/13/2004 10:37:58 PM



    Roings Object recognized!
    Type : File
    Data : affbun.txt
    Object : c:\windows\
    FileSize : 1 KB
    Created on : 7/13/2004 10:37:57 PM
    Last accessed : 7/14/2004 1:46:33 AM
    Last modified : 7/13/2004 10:37:58 PM



    Roings Object recognized!
    Type : File
    Data : usta32.ini
    Object : c:\windows\

    Created on : 7/13/2004 10:38:08 PM
    Last accessed : 7/14/2004 1:46:33 AM
    Last modified : 7/13/2004 10:38:09 PM



    Roings Object recognized!
    Type : File
    Data : usta32a.ini
    Object : c:\windows\

    Created on : 7/13/2004 10:40:30 PM
    Last accessed : 7/14/2004 1:00:46 AM
    Last modified : 7/14/2004 1:00:46 AM



    SahAgent Object recognized!
    Type : File
    Data : v.dat
    Object : c:\windows\system32\
    FileSize : 185 KB
    Created on : 7/13/2004 10:38:37 PM
    Last accessed : 7/14/2004 1:46:33 AM
    Last modified : 7/13/2004 10:39:50 PM



    SahAgent Object recognized!
    Type : File
    Data : vg.dat
    Object : c:\windows\system32\
    FileSize : 9 KB
    Created on : 7/13/2004 10:38:38 PM
    Last accessed : 7/14/2004 1:46:33 AM
    Last modified : 7/13/2004 10:39:51 PM



    SahAgent Object recognized!
    Type : File
    Data : setup.inf
    Object : c:\windows\downloaded program files\
    FileSize : 1 KB
    Created on : 7/13/2004 10:38:28 PM
    Last accessed : 7/14/2004 1:46:33 AM
    Last modified : 1/5/2004 10:32:28 AM



    SahAgent Object recognized!
    Type : File
    Data : webinstaller.dll
    Object : c:\windows\downloaded program files\
    FileSize : 88 KB
    FileVersion : 1, 1, 1, 29
    ProductVersion : 1, 1, 1, 29
    Copyright : Copyright 2002
    FileDescription : WEBInstaller Module
    InternalName : WEBInstaller
    OriginalFilename : WEBInstaller.DLL
    ProductName : WEBInstaller Module
    Created on : 7/13/2004 10:38:28 PM
    Last accessed : 7/14/2004 1:43:46 AM
    Last modified : 1/5/2004 10:46:24 AM



    SahAgent Object recognized!
    Type : File
    Data : xmlparse_.dll
    Object : c:\windows\downloaded program files\
    FileSize : 52 KB
    Created on : 7/13/2004 10:38:27 PM
    Last accessed : 7/14/2004 1:46:33 AM
    Last modified : 5/30/2002 2:12:48 AM



    SahAgent Object recognized!
    Type : File
    Data : xmltok_.dll
    Object : c:\windows\downloaded program files\
    FileSize : 80 KB
    Created on : 7/13/2004 10:38:27 PM
    Last accessed : 7/14/2004 1:46:34 AM
    Last modified : 5/30/2002 2:13:02 AM



    SahAgent Object recognized!
    Type : File
    Data : sahuninstall.exe
    Object : c:\windows\
    FileSize : 29 KB
    FileVersion : 2, 0, 0, 2
    ProductVersion : 2, 0, 0, 2
    Copyright : Copyright
    FileDescription : SAHUninstall
    InternalName : SAHUninstall
    OriginalFilename : SAHUninstall.dll
    ProductName : SAHUninstall
    Created on : 7/13/2004 10:38:37 PM
    Last accessed : 7/14/2004 1:46:34 AM
    Last modified : 1/27/2004 9:34:48 AM



    SahAgent Object recognized!
    Type : File
    Data : sahagent.log
    Object : c:\
    FileSize : 3 KB
    Created on : 7/13/2004 10:38:35 PM
    Last accessed : 7/14/2004 1:46:34 AM
    Last modified : 7/13/2004 10:39:48 PM



    SahAgent Object recognized!
    Type : File
    Data : mediamotor1001.sah
    Object : c:\docume~1\stepha~1\locals~1\temp\

    Created on : 7/13/2004 10:38:23 PM
    Last accessed : 7/14/2004 1:46:34 AM
    Last modified : 7/13/2004 10:38:23 PM



    SahAgent Object recognized!
    Type : File
    Data : bundletracking.asp
    Object : c:\docume~1\stepha~1\locals~1\temp\

    Created on : 7/13/2004 10:38:25 PM
    Last accessed : 7/14/2004 1:46:34 AM
    Last modified : 7/13/2004 10:39:52 PM



    WebHancer Object recognized!
    Type : Folder
    Object : c:\program files\webHancer


    WebHancer Object recognized!
    Type : Folder
    Object : c:\program files\whInstall


    WebHancer Object recognized!
    Type : File
    Data : license.txt
    Object : c:\program files\webhancer\programs\
    FileSize : 7 KB
    Created on : 7/13/2004 10:38:06 PM
    Last accessed : 7/14/2004 1:46:34 AM
    Last modified : 5/22/2003 6:01:27 PM



    WebHancer Object recognized!
    Type : File
    Data : readme.txt
    Object : c:\program files\webhancer\programs\
    FileSize : 1 KB
    Created on : 7/13/2004 10:38:06 PM
    Last accessed : 7/14/2004 1:46:34 AM
    Last modified : 3/5/2002 3:00:35 PM



    WebHancer Object recognized!
    Type : File
    Data : sporder.dll
    Object : c:\program files\webhancer\programs\
    FileSize : 11 KB
    FileVersion : 4.00
    ProductVersion : 4.00
    Copyright : Copyright (C) Microsoft Corp. 1981-1996
    CompanyName : Microsoft Corporation
    FileDescription : WinSock2 reorder service providers
    InternalName : sporder.dll
    OriginalFilename : sporder.dll
    ProductName : Microsoft(R) Windows NT(TM) Operating System
    Created on : 7/13/2004 10:38:07 PM
    Last accessed : 7/14/2004 1:46:34 AM
    Last modified : 12/23/1999 7:12:46 PM



    WebHancer Object recognized!
    Type : File
    Data : whagent.exe
    Object : c:\program files\webhancer\programs\
    FileSize : 168 KB
    FileVersion : 3.3.0
    ProductVersion : 3.3.0
    Copyright : Copyright
    CompanyName : webHancer Corporation
    FileDescription : webHancer Customer Companion
    InternalName : whAgent
    OriginalFilename : whAgent.exe
    ProductName : webHancer Customer Companion
    Created on : 7/13/2004 10:38:07 PM
    Last accessed : 7/14/2004 1:45:13 AM
    Last modified : 1/29/2004 2:30:22 PM



    WebHancer Object recognized!
    Type : File
    Data : whagent.ini
    Object : c:\program files\webhancer\programs\

    Created on : 7/13/2004 10:38:06 PM
    Last accessed : 7/14/2004 1:46:34 AM
    Last modified : 7/13/2004 10:41:10 PM



    WebHancer Object recognized!
    Type : File
    Data : whiehlpr.dll
    Object : c:\program files\webhancer\programs\
    FileSize : 104 KB
    FileVersion : 3.3.0
    ProductVersion : 3.3.0
    Copyright : Copyright
    CompanyName : webHancer Corporation
    FileDescription : webHancer IE Helper Module
    InternalName : WhIeHelper
    OriginalFilename : whiehlpr.dll
    ProductName : webHancer Customer Companion
    Created on : 7/13/2004 10:38:07 PM
    Last accessed : 7/14/2004 1:05:55 AM
    Last modified : 1/29/2004 2:29:49 PM



    WebHancer Object recognized!
    Type : File
    Data : license.txt
    Object : c:\program files\whinstall\
    FileSize : 7 KB
    Created on : 7/13/2004 10:38:06 PM
    Last accessed : 7/14/2004 1:46:34 AM
    Last modified : 5/22/2003 6:01:27 PM



    WebHancer Object recognized!
    Type : File
    Data : readme.txt
    Object : c:\program files\whinstall\
    FileSize : 1 KB
    Created on : 7/13/2004 10:38:06 PM
    Last accessed : 7/14/2004 1:46:34 AM
    Last modified : 3/5/2002 3:00:35 PM



    WebHancer Object recognized!
    Type : File
    Data : sporder.dll
    Object : c:\program files\whinstall\
    FileSize : 11 KB
    FileVersion : 4.00
    ProductVersion : 4.00
    Copyright : Copyright (C) Microsoft Corp. 1981-1996
    CompanyName : Microsoft Corporation
    FileDescription : WinSock2 reorder service providers
    InternalName : sporder.dll
    OriginalFilename : sporder.dll
    ProductName : Microsoft(R) Windows NT(TM) Operating System
    Created on : 7/13/2004 10:38:07 PM
    Last accessed : 7/14/2004 1:46:34 AM
    Last modified : 12/23/1999 7:12:46 PM



    WebHancer Object recognized!
    Type : File
    Data : webhdll.dll
    Object : c:\program files\whinstall\
    FileSize : 40 KB
    FileVersion : 3.3.0
    ProductVersion : 3.3.0
    Copyright : Copyright
    CompanyName : webHancer Corporation
    FileDescription : webHancer Winsock2 SPI
    InternalName : webhdll
    OriginalFilename : webhdll.dll
    ProductName : webHancer Customer Companion
    Created on : 7/13/2004 10:38:07 PM
    Last accessed : 7/14/2004 1:46:34 AM
    Last modified : 1/29/2004 2:29:51 PM



    WebHancer Object recognized!
    Type : File
    Data : whagent.exe
    Object : c:\program files\whinstall\
    FileSize : 168 KB
    FileVersion : 3.3.0
    ProductVersion : 3.3.0
    Copyright : Copyright
    CompanyName : webHancer Corporation
    FileDescription : webHancer Customer Companion
    InternalName : whAgent
    OriginalFilename : whAgent.exe
    ProductName : webHancer Customer Companion
    Created on : 7/13/2004 10:38:07 PM
    Last accessed : 7/14/2004 1:46:34 AM
    Last modified : 1/29/2004 2:30:22 PM



    WebHancer Object recognized!
    Type : File
    Data : whagent.inf
    Object : c:\program files\whinstall\
    FileSize : 4 KB
    Created on : 7/13/2004 10:38:06 PM
    Last accessed : 7/14/2004 1:46:34 AM
    Last modified : 5/3/2004 2:18:20 PM



    WebHancer Object recognized!
    Type : File
    Data : whagent.ini
    Object : c:\program files\whinstall\

    Created on : 7/13/2004 10:38:06 PM
    Last accessed : 7/14/2004 1:46:34 AM
    Last modified : 7/20/2001 1:33:26 AM



    WebHancer Object recognized!
    Type : File
    Data : whiehlpr.dll
    Object : c:\program files\whinstall\
    FileSize : 104 KB
    FileVersion : 3.3.0
    ProductVersion : 3.3.0
    Copyright : Copyright
    CompanyName : webHancer Corporation
    FileDescription : webHancer IE Helper Module
    InternalName : WhIeHelper
    OriginalFilename : whiehlpr.dll
    ProductName : webHancer Customer Companion
    Created on : 7/13/2004 10:38:07 PM
    Last accessed : 7/14/2004 1:46:34 AM
    Last modified : 1/29/2004 2:29:49 PM



    WebHancer Object recognized!
    Type : File
    Data : whinstaller.exe
    Object : c:\program files\whinstall\
    FileSize : 32 KB
    FileVersion : 3.3.0
    ProductVersion : 3.3.0
    Copyright : Copyright
    CompanyName : webHancer Corporation
    FileDescription : webHancer Installer
    InternalName : whInstaller
    OriginalFilename : whInstaller.exe
    ProductName : webHancer Customer Companion
    Created on : 7/13/2004 10:38:07 PM
    Last accessed : 7/14/2004 1:46:34 AM
    Last modified : 1/29/2004 2:30:24 PM



    WebHancer Object recognized!
    Type : File
    Data : whinstaller.ini
    Object : c:\program files\whinstall\

    Created on : 7/13/2004 10:38:06 PM
    Last accessed : 7/14/2004 1:46:35 AM
    Last modified : 11/13/2003 7:29:00 PM



    WebHancer Object recognized!
    Type : File
    Data : whsurvey.exe
    Object : c:\program files\whinstall\
    FileSize : 140 KB
    FileVersion : 3.3.0
    ProductVersion : 3.3.0
    Copyright : Copyright
    CompanyName : webHancer Corporation
    FileDescription : webHancer Survey Companion
    InternalName : whSurvey
    OriginalFilename : whSurvey.exe
    ProductName : webHancer Survey Companion
    Created on : 7/13/2004 10:38:07 PM
    Last accessed : 7/14/2004 1:46:35 AM
    Last modified : 1/29/2004 2:30:23 PM



    WebHancer Object recognized!
    Type : File
    Data : whagent.inf
    Object : c:\windows\
    FileSize : 4 KB
    Created on : 7/13/2004 10:38:06 PM
    Last accessed : 7/14/2004 1:46:35 AM
    Last modified : 5/3/2004 2:18:20 PM



    WebHancer Object recognized!
    Type : File
    Data : whinstaller.exe
    Object : c:\windows\
    FileSize : 32 KB
    FileVersion : 3.3.0
    ProductVersion : 3.3.0
    Copyright : Copyright
    CompanyName : webHancer Corporation
    FileDescription : webHancer Installer
    InternalName : whInstaller
    OriginalFilename : whInstaller.exe
    ProductName : webHancer Customer Companion
    Created on : 7/13/2004 10:38:07 PM
    Last accessed : 7/14/2004 1:46:35 AM
    Last modified : 1/29/2004 2:30:24 PM



    WebHancer Object recognized!
    Type : File
    Data : whinstaller.ini
    Object : c:\windows\

    Created on : 7/13/2004 10:39:14 PM
    Last accessed : 7/14/2004 1:46:35 AM
    Last modified : 7/13/2004 10:39:14 PM



    Winpup32 Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\pup


    SahAgent Object recognized!
    Type : File
    Data : lsp_.dll
    Object : c:\windows\Downloaded Program Files\
    FileSize : 52 KB
    FileVersion : 1, 1, 1, 20
    ProductVersion : 1, 1, 1, 20
    Copyright : Copyright
    CompanyName : ITForum
    FileDescription : LSP
    InternalName : LSP
    OriginalFilename : LSP.DLL
    ProductName : ITForum LSP
    Created on : 7/13/2004 10:38:27 PM
    Last accessed : 7/14/2004 1:47:04 AM
    Last modified : 11/13/2003 9:35:00 AM



    SahAgent Object recognized!
    Type : File
    Data : sahagent_.exe
    Object : c:\windows\Downloaded Program Files\
    FileSize : 143 KB
    FileVersion : 2, 0, 0, 1
    ProductVersion : 2, 0, 0, 1
    Copyright : Copyright
    CompanyName : ITForum
    FileDescription : SahAgent
    InternalName : SahAgent
    OriginalFilename : SahAgent.exe
    ProductName : ITForum SahAgent
    Created on : 7/13/2004 10:38:28 PM
    Last accessed : 7/14/2004 1:47:04 AM
    Last modified : 1/27/2004 9:34:18 AM



    SahAgent Object recognized!
    Type : File
    Data : sahhtml_.exe
    Object : c:\windows\Downloaded Program Files\
    FileSize : 54 KB
    FileVersion : 1, 1, 1, 5
    ProductVersion : 1, 1, 1, 5
    Copyright : Copyright
    CompanyName : VGroup
    FileDescription : Html
    InternalName : Html
    OriginalFilename : Html.exe
    ProductName : VGroup Html
    Created on : 7/13/2004 10:38:28 PM
    Last accessed : 7/14/2004 1:47:04 AM
    Last modified : 1/27/2004 9:35:24 AM



    SahAgent Object recognized!
    Type : File
    Data : sahuninstall_.exe
    Object : c:\windows\Downloaded Program Files\
    FileSize : 29 KB
    FileVersion : 2, 0, 0, 2
    ProductVersion : 2, 0, 0, 2
    Copyright : Copyright
    FileDescription : SAHUninstall
    InternalName : SAHUninstall
    OriginalFilename : SAHUninstall.dll
    ProductName : SAHUninstall
    Created on : 7/13/2004 10:38:28 PM
    Last accessed : 7/14/2004 1:47:04 AM
    Last modified : 1/27/2004 9:34:48 AM



    Conditional scan result:
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 76
    Objects found so far: 177


    9:49:24 PM Scan complete

    Summary of this scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    Total scanning time :00:07:10:58
    Objects scanned :66533
    Objects identified :177
    Objects ignored :0
    New objects :177
     
  3. Sinister

    Sinister Registered Member

    Joined:
    Jul 13, 2004
    Posts:
    4
    Logfile of HijackThis v1.98.0
    Scan saved at 9:12:31 PM, on 7/13/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\WINDOWS\system32\regsvc.exe
    C:\WINDOWS\system32\MSTask.exe
    C:\WINDOWS\System32\WBEM\WinMgmt.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\Program Files\a2\a2guard.exe
    C:\WINDOWS\sravwr.exe
    C:\Program Files\a2\a2start.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\SysAI\SysAI.exe
    C:\Documents and Settings\Stephanie Therrian\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\SearchBar.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.msu.edu:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r5.attbi.com;<local>
    R3 - Default URLSearchHook is missing
    O1 - Hosts: 66.159.20.52 superhova.com
    O1 - Hosts: 66.159.20.52 www.superhova.com
    O1 - Hosts: 66.159.20.52 www.movies-etc.com
    O1 - Hosts: 66.159.20.52 22469.com
    O1 - Hosts: 66.159.20.52 alehina.com
    O1 - Hosts: 66.159.20.52 allowednet.com
    O1 - Hosts: 66.159.20.52 amateurnudephoto.com
    O1 - Hosts: 66.159.20.52 amateursgonebad.com
    O1 - Hosts: 66.159.20.52 badbimbo.com
    O1 - Hosts: 66.159.20.52 beautifulbondage.com
    O1 - Hosts: 66.159.20.52 big-xxx-movies.com
    O1 - Hosts: 66.159.20.52 bizshura.com
    O1 - Hosts: 66.159.20.52 boyanxxx.com
    O1 - Hosts: 66.159.20.52 cleanadulthost.com
    O1 - Hosts: 66.159.20.52 cleanpornhost.com
    O1 - Hosts: 66.159.20.52 cyberxxxhost.com
    O1 - Hosts: 66.159.20.52 discretesex.com
    O1 - Hosts: 66.159.20.52 easythumbs.com
    O1 - Hosts: 66.159.20.52 exscapeporn.com
    O1 - Hosts: 66.159.20.52 free-freeporn.com
    O1 - Hosts: 66.159.20.52 freepornofreeporn.com
    O1 - Hosts: 66.159.20.52 glamourmodelsgonebad.com
    O1 - Hosts: 66.159.20.52 hot3movie.com
    O1 - Hosts: 66.159.20.52 hot-adult-clips.com
    O1 - Hosts: 66.159.20.52 hottestbabes.net
    O1 - Hosts: 66.159.20.52 huge-****-big-****.com
    O1 - Hosts: 66.159.20.52 hyperfree.com
    O1 - Hosts: 66.159.20.52 inaughty.com
    O1 - Hosts: 66.159.20.52 lady-love.com
    O1 - Hosts: 66.159.20.52 bustyx.com
    O1 - Hosts: 66.159.20.52 chubbyland.com
    O1 - Hosts: 66.159.20.52 ethniccash.com
    O1 - Hosts: 66.159.20.52 www.exscapeporn.com
    O1 - Hosts: 66.159.20.52 www.fantasiegirl.com
    O1 - Hosts: 66.159.20.52 www.free-freeporn.com
    O1 - Hosts: 66.159.20.52 www.freepornofreeporn.com
    O1 - Hosts: 66.159.20.52 www.glamourmodelsgonebad.com
    O1 - Hosts: 66.159.20.52 link.siccash.com
    O1 - Hosts: 66.159.20.52 logging.to
    O1 - Hosts: 66.159.20.52 longsexvideos.com
    O1 - Hosts: 66.159.20.52 lust-hero.com
    O1 - Hosts: 66.159.20.52 maplebabe.com
    O1 - Hosts: 66.159.20.52 maturitymovies.com
    O1 - Hosts: 66.159.20.52 ogygallery.com
    O1 - Hosts: 66.159.20.52 picsurfer.com
    O1 - Hosts: 66.159.20.52 qualitysexvideo.com
    O1 - Hosts: 66.159.20.52 snusksidan.com
    O1 - Hosts: 66.159.20.52 spunkysheets.com
    O1 - Hosts: 66.159.20.52 teencoreclub.com
    O1 - Hosts: 66.159.20.52 www.sweetcams.net
    O1 - Hosts: 66.159.20.52 www.teensample.com
    O1 - Hosts: 66.159.20.52 www.teens-free-pics.com
    O1 - Hosts: 66.159.20.52 www.terra.es
    O1 - Hosts: 66.159.20.52 www.tgp-mpegs.com
    O1 - Hosts: 66.159.20.52 teen-images.com
    O1 - Hosts: 66.159.20.52 tgp.gammacash.com
    O1 - Hosts: 66.159.20.52 tgpfriendly2.com
    O1 - Hosts: 66.159.20.52 trannyday.com
    O1 - Hosts: 66.159.20.52 video.netvideogirls.com
    O1 - Hosts: 66.159.20.52 vidsweb.com
    O1 - Hosts: 66.159.20.52 voyeurarena.com
    O1 - Hosts: 66.159.20.52 wildcouple.net
    O1 - Hosts: 66.159.20.52 www.warriorrun.com
    O1 - Hosts: 66.159.20.52 xfusioncash.com
    O1 - Hosts: 66.159.20.52 xxxcomfort.com
    O1 - Hosts: 66.159.20.52 yabyab.com
    O1 - Hosts: 66.159.20.52 biggestdickinporn.samplehosting.com
    O1 - Hosts: 66.159.20.52 blackbootycam.samplehosting.com
    O1 - Hosts: 66.159.20.52 samplehosting.com
    O1 - Hosts: 66.159.20.52 galleries.18blowjobs.com
    O1 - Hosts: 66.159.20.52 galleries.bigtitsroundasses.com
    O1 - Hosts: 66.159.20.52 galleries.bikinivoyeur.com
    O1 - Hosts: 66.159.20.52 galleries.blacksonblondes.com
    O1 - Hosts: 66.159.20.52 galleries.easydrunkgirls.com
    O1 - Hosts: 66.159.20.52 galleries.markscash.com
    O1 - Hosts: 66.159.20.52 galleries.milfwhore.com
    O1 - Hosts: 66.159.20.52 galleries.springbreakspycam.com
    O1 - Hosts: 66.159.20.52 galleries.sweetmoney.com
    O1 - Hosts: 66.159.18.75 astalavista.com
    O1 - Hosts: 66.159.18.75 www.astalavista.com
    O1 - Hosts: 66.159.20.52 www4.zpornstars.com
    O1 - Hosts: 66.159.20.52 xxxvideohost.com
    O1 - Hosts: 66.159.20.52 zpornstars.com
    O1 - Hosts: 66.159.20.52 adult-cinema.org
    O1 - Hosts: 66.159.20.52 adultlinks1.com
    O1 - Hosts: 66.159.20.52 adultmegamovies.com
    O1 - Hosts: 66.159.20.52 adultsexmovie.netadultsexmovie.net
    O1 - Hosts: 66.159.20.52 adultwall.com
    O1 - Hosts: 66.159.20.52 afro-sex.com
    O1 - Hosts: 66.159.20.52 amateurlips.com
    O1 - Hosts: 66.159.20.52 anyamateur.com
    O1 - Hosts: 66.159.20.52 badassxxx.com
    O1 - Hosts: 66.159.20.52 filth-hostz.com
    O1 - Hosts: 66.159.20.52 fistbang.net
    O1 - Hosts: 66.159.20.52 freexxxvideoclip.com
    O1 - Hosts: 66.159.20.52 fvotd.com
    O1 - Hosts: 66.159.20.52 ghostgalleries.com
    O1 - Hosts: 66.159.20.52 hjemmesex.dk
    O1 - Hosts: 66.159.20.52 www1.ndhosting.com
    O1 - Hosts: 66.159.20.52 www3.ndhosting.com
    O1 - Hosts: 66.159.20.52 www2.ndhosting.com
    O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\SysAI\AproposPlugin.dll
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {46AA3173-E169-01BC-8650-675579AE2842} - C:\WINDOWS\system32\mlzx.dll
    O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
    O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
    O4 - HKLM\..\Run: [S3Hotkey] s3hotkey.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
    O4 - HKLM\..\Run: [IMk9DL] C:\documents and settings\stephanie therrian\local settings\temp\IMk9DL.exe
    O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\system32\dp-him.exe
    O4 - HKLM\..\Run: [filpwjpr] C:\WINDOWS\epon.exe
    O4 - HKLM\..\Run: [AdRoarUpdate] C:\WINDOWS\ARUpdate.exe
    O4 - HKLM\..\Run: [OSSProxy] C:\WINDOWS\SYSTEM32\ossproxy.exe -boot
    O4 - HKLM\..\Run: [gpurzoh] C:\WINDOWS\ueoml.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [amlibs] C:\WINDOWS\system32\amlibs.exe
    O4 - HKLM\..\Run: [jnftm] C:\WINDOWS\dsxh.exe
    O4 - HKLM\..\Run: [rdxl] C:\WINDOWS\sravwr.exe
    O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
    O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
    O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\system32\SahAgent.exe
    O4 - HKLM\..\Run: [r73O3pX] cipext32.exe
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [snmpsnap] C:\WINDOWS\system32\snmpsnap.exe
    O4 - HKCU\..\Run: [WNSC] C:\WINDOWS\system32\wnsintsu.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [awsERfbpj] clsssvc.exe
    O4 - HKCU\..\Run: [a²] "C:\Program Files\a2\a2guard.exe"
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
    O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by WebHancer
    O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
    O12 - Plugin for .2: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
    O16 - DPF: ConferenceRoom Java Client - http://irc.d2jsp.org:8000/java/cr.cab
    O16 - DPF: Video Poker - http://download.games.yahoo.com/games/clients/y/vpt0_x.cab
    O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
    O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot2_x.cab
    O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
    O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt4_x.cab
    O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt1_x.cab
    O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/games/clients/y/ot0_x.cab
    O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
    O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/WreckIt.cab
    O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - http://stream1000.babenet.com/cabs/videox.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
    O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.CAB
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
    O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.roings.com/cabs/downplug.cab
    O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB



    Thanks for any help!
     
  4. Sinister

    Sinister Registered Member

    Joined:
    Jul 13, 2004
    Posts:
    4
    I also used a squared and found C:\WINDOWS\mm20.ocx
    The a2 scanner labels it as MALWARE.
     
Thread Status:
Not open for further replies.