SahAgent-???

What is SahAgent? It runs when I start up,but I do not what it does and cannot
open it from it's .exe or .log. I think it's causing problems. I searched the MS KB
with no help.--Any here??

Joe R.

 

Next time...try Google .

It's spyware.
Use adaware to get rid of it.

 

Pipped?!
It's been 3 whole minutes PeteC!

 

SagAgent

I installed Adware as suggested- Ran it and had 97 show up. I got rid of them all and then when I tried to get back here it wouldn't load and got a time out message?????????????/
Joe
Then I reloaded all 97 and all was well

 

Chances are...it messed with your winsock. Just a guess.

Instead...go to add/remove programs...find 'ShopAtHomeSelect Agent' and remove it.

Reboot.

Open adaware again...make sure you check for updates. Then run it and let it remove what it finds.

Edit****
Should that happend again.... you can use this fix for your winsock.

 

SahAgent??

After Add/Remove SahAgent it's still in the Reg. Can I do a find there and delete all the SahAgent entries, there are quite a few I have a vandetta against the
**** thing
JoeR.
I uninstalled adware after my past experience and hesitate to run it again.

 

Check the drive for any remnant files of SAH and delete. Then run RegSeeker. Remove entries found pertaining to it. I recommend you put Ad-aware back in. It wasn't the program that messed up your internet connection. It was removing the Spyware/malware entries tied to it, which isn't uncommon. The Winsock Fix posted by Daisy will repair that, AND the spyware will be gone, which is what you want. Ad-aware is a good program, and is safe. It's the junk it removes that harms your system.

 

Regseeker is a great program and will clear that up for you
(mention in add remove program's of sgagent)

There is a tool created by freeatlast to deal with this thing , simply because its Uninstaller is destructive.
SAHagent-ShopAtHome: (using one of the available options-)
sagagent uninstall

I'm not Possitive but if you had had Adaware setup as recommended here this problem might not have occurred,
=======
The following explains how to set Ad-aware's settings to perform a "Full Scan. "
And some settings that should be made

In Ad-aware click the Gear to go to the Settings area.
The following items should be on a green check, not on a red X.
Under the Scanning button:
Scan within archives

Under Memory & Registry, Check EVERYTHING

In Check Drives & Folders, make sure all of your hard drives are selected

Under the Tweak button...
Some of these may not be an available option, depending on your version of Ad-aware and your version of Windows. Do not be concerned if you cannot select a certain item.

In Scanning Engine:
Unload recognized processes during scanning

In Cleaning Engine:
XP/2000: Allow unloading explorer to unload shell extensions prior to deletion
Let Windows remove files in use at next reboot
UNCHECK: Automatically try to unregister objects prior to deletion

Click Proceed to save these settings.
Now press "check for updates Now" Always check before scanning.
Click start [x] choose use default scanning options
click next and let it fix anything it finds

 

SahAgent

Finally, I think al is well

Tried all the suggestions and had trouble
on way or another.

Finally, I reinstalled Adware, followed
Lonny's instructions and all ran well---
until I tried to download my mail-it timed out as before--tried to get here and again timed out. Rebooted and I'm here

Thanks to ALL for your help. Joe R

 

Since you have cleaned up with Adaware(you realy should with SpyBot to)

Lets get you a checkup by posting a hijackthis log.
becouse there will be others to take care of im thinking.

Post a log from HijackThis so our forum members can see
what's going on.The current version is 1.97.7 [created by merijn bellekom]

Get it here http://radiosplace.com/
choose save, NOT OPEN
Save it to a PERMANANT folder,(for example C:\hijackthis) double-click HijackThis.exe,
and hit "Scan ". When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that, save the log, load it in Notepad, and copy its contents here.
Close notepad and hijackthis.
Most of what it lists will be harmless, even essential,DON'T fix anything yet please. Also If you've used it before please dont have anything excluded

 

SahAgent

Edited post, next time paste the log exactly as is ,don't tinker with it,, makes it easyer to read

Lonny: It's early in the AM, hope I'm
awake enough to get this to you.
http://www.cexx.org/lspfix.htmLogfile of HijackThis v1.97.7
Scan saved at 5:45:23 AM, on 3/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\ProLogX5 Accelerator\propelac.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\MemoKit\memokit2.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Installation Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://prolog.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default=http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = http=localhost:8080
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref( "browser.startup.homepage ",
"http://my.netscape.com/index2.psp "); (C:\Documents and
Settings\Joe\Application Data\Mozilla\Profiles\default\pd5dchcv.slt\prefs.js)
N3 - Netscape 7: user_pref( "browser.search.defaultengine ",
"engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%
5CSBWeb_02.src "); (C:\Documents and Settings\Joe\Application
Data\Mozilla\Profiles\default\pd5dchcv.slt\prefs.js)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544
FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\System32\nzdd.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common
Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program
Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program
Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common
Files\Symantec Shared\ccRegVfy.exe "
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Propel Accelerator] C:\Program Files\ProLogX5
Accelerator\propelac.exe
O4 - HKCU\..\Run: [EPSON Stylus COLOR 580]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\
3\E_AICN03.EXE /A "C:\WINDOWS\System32\E_SA.tmp "
O4 - HKCU\..\Run: [CommCtr] C:\PROGRA~1\NET2PH~1\CommCtr.exe -auto
O4 - HKCU\..\Run: [Mozilla Quick Launch]
"C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE" -turbo
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BackWeb-8876480.exe

O4 - Startup: MemoKit.lnk = C:\Program Files\MemoKit\mk.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program
Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program
Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: RealDownload.lnk = C:\Program
Files\Real\RealDownload\Realdownload.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control
Panel present
O8 - Extra context menu item: Refresh Pa&ge with Full Quality -
C:\Program Files\ProLogX5 Accelerator\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality -
C:\Program Files\ProLogX5 Accelerator\pac-image.html
O8 - Extra context menu item: Yahoo! Dictionary -
file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program
Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll

O16 - DPF: cpcScanner -http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) -
https://www.lifescan.com/otdms/isetup.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297B} -
http://web.net2phone.com/products/commcenter/download/bin/IXCommCenter.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37825.3716203704
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab[/

O17 - HKLM\System\CCS\Services\Tcpip\..\{841CA08C-F141-4A97-BFD4-93A7DE404582}: NameServer = 207.44.96.129 204.186.0.202

Hope this is what you wanted.

Jor R

 

With internet explorer closed fix this with hiajckthis

R3 - Default URLSearchHook is missing
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control
Panel present
^^^Fix Unless set by an administrator or with spybots options
O16 - DPF:{9DBAFCCF-592F-FFFF-FFFF-00608CEC297B} -
http://web.net2phone.com/products/c...XCommCenter.cab

Restart internet explorer
go in to you control panel addremove programs and uninstall bargain buddy if there


Thats all I see beside some optionals, backweb your Kodak updater isnt thought of very well, I think Logitech uses it also, so if and when you install spybot you might want to choose to exclude backwebLite



this is what I would fix anything with red.clientapps in it.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default=http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*

and since the file is missing either install it again or fix it
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll (file missing)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll (file missing)

Regards
Lonny

 

Lonny:

Sorry What did I do wrong? Thought I did as you asked.

How do I fix "R3" and "06" and "106 "
with Hijackthis?

Thanks for the help and Education

Joe R

 

No bid deal, I have n idea how you or it did that all the proccesses for example were mixed up, etc ec

anyway start hijackthis
Place a check next to these items
Close all browser windows and shut down all other programs(even folders) that show in the taskbar. Then Hit fix selected.


R1 all these that mention red.clientapps
R3 - Default URLSearchHook is missing

and since the file is missing either install (Yahoo! Companion) again or fix it
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll (file missing)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll (file missing)

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control
Panel present
^^^Fix Unless set by an administrator or with spybots options

O16 - DPF:{9DBAFCCF-592F-FFFF-FFFF-00608CEC297B} -
http://web.net2phone.com/products/c...XCommCenter.cab

Then its best to restart the PC


Regards