Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
EGDACCESS_1058.dll error
- Thread starter sjevans
- Start date
erikhertzel
MIS
Looks like the ShopAtHomeSelect Adware.
To remove do the following:
How to Remove SAHAgent ?
SAHAgent is a Winsock2 Layered Service Provider. If you merely delete registry entries and files, you stand a good chance of losing your network and Internet connections.
Follow these removal instructions to remove SAHAgent from your computer:
Click Start > Settings > Add/Remove Programs > Control Panel, and select the entry 'ShopAtHomeSelect Agent' and click 'Remove' to remove the software.
Reboot your Windows.
Once you have uninstalled via Add/Remove programs, you can delete the damaged '{30402FF4-3E71-4A1C-9B4B-1CD3486A9FB2}' entry inside your 'Downloaded Program Files' folder, the 'SAHUninstall.exe' file in the 'Windows' folder and 'SahAgent.log' in the root of the C: drive to clean up.
If the entry for ShopAtHomeSelect remains in your Add/Remove Programs even though the software is uninstalled, you can remove it by opening the registry editor (Start > Run > regedit) and deleting the key:
'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uninstall \ ShopAtHomeSelect Agent'.
If the above procedures do not work for any reason, you may manually remove SAHAgent, but at great risk of losing your network and Internet connections:
Open the registry editor (click Start > Open > regedit ).
Navigate to the key : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
In the right pane delete the 'SAHAgent' entry.
Deregister the LSP part of ShopAtHomeSelect.
In the registry editor, find the key
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ WinSock2 \ Parameters \ Protocol_Catalog9. For each key in Catalog_Entries, open the 'PackedCatalogItem' value and check if it starts with 'lsp.dll'. If it does delete that entry. Renumber the remaining keys so that they count up from 000000000001 one at a time, and set the 'Num_Catalog_Entries' value in Protocol_Catalog9 to the highest key number you have.
Open a DOS command prompt window (from Start > Programs > Accessories) and enter these commands:
cd "%WinDir%\System"
regsvr32 /u "..\Downloaded Program Files\WEBinstaller.dll"
cd "..\Downloaded Program Files"
del WEBinstaller.dll
del SAH*.exe
del setup.inf
del xmlparse_.inf
del xmltok_.inf
del C:\sahagent.log
Note: %WindDir% is a variable, by default this is c:\windows on Windows 95/98/Me/XP or c:\winnt on windows 2000/NT.
Restart the computer.
Open the System folder (inside the Windows folder; called 'System' on Windows 95/98/Me or 'System32' under Windows NT/2000/XP), delete the following files:
'tracking.tmp', 'vg.dat', 'v.dat', 'lsp.dll', 'SahDownloader.exe', 'SahAgent.exe' and 'SAHhtml.exe'
Open Windows folder, delete the file SAHUninstall.exe.
Delete the following registry keys to clean up:
HKEY_LOCAL_MACHINE\SOFTWARE\VGroup
HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2\Layered Provider Sample (or the
entire Winsock2 key since it is a duplicate of the real key)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App
Management\ARPCache\ShopAtHomeSelect Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S
hopAtHomeSelect Agent
I would check for malware as well:
Webroot Spysweeper
Download it here:
Webroot Spysweeper 14 day Trial
Update the defs and do a sweep.
Also check this out:
Ewido download:
Update it and run a complete scan.
I would also check it with some other virus scanners just to make sure.
Best regards.
Erik
To remove do the following:
How to Remove SAHAgent ?
SAHAgent is a Winsock2 Layered Service Provider. If you merely delete registry entries and files, you stand a good chance of losing your network and Internet connections.
Follow these removal instructions to remove SAHAgent from your computer:
Click Start > Settings > Add/Remove Programs > Control Panel, and select the entry 'ShopAtHomeSelect Agent' and click 'Remove' to remove the software.
Reboot your Windows.
Once you have uninstalled via Add/Remove programs, you can delete the damaged '{30402FF4-3E71-4A1C-9B4B-1CD3486A9FB2}' entry inside your 'Downloaded Program Files' folder, the 'SAHUninstall.exe' file in the 'Windows' folder and 'SahAgent.log' in the root of the C: drive to clean up.
If the entry for ShopAtHomeSelect remains in your Add/Remove Programs even though the software is uninstalled, you can remove it by opening the registry editor (Start > Run > regedit) and deleting the key:
'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uninstall \ ShopAtHomeSelect Agent'.
If the above procedures do not work for any reason, you may manually remove SAHAgent, but at great risk of losing your network and Internet connections:
Open the registry editor (click Start > Open > regedit ).
Navigate to the key : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
In the right pane delete the 'SAHAgent' entry.
Deregister the LSP part of ShopAtHomeSelect.
In the registry editor, find the key
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ WinSock2 \ Parameters \ Protocol_Catalog9. For each key in Catalog_Entries, open the 'PackedCatalogItem' value and check if it starts with 'lsp.dll'. If it does delete that entry. Renumber the remaining keys so that they count up from 000000000001 one at a time, and set the 'Num_Catalog_Entries' value in Protocol_Catalog9 to the highest key number you have.
Open a DOS command prompt window (from Start > Programs > Accessories) and enter these commands:
cd "%WinDir%\System"
regsvr32 /u "..\Downloaded Program Files\WEBinstaller.dll"
cd "..\Downloaded Program Files"
del WEBinstaller.dll
del SAH*.exe
del setup.inf
del xmlparse_.inf
del xmltok_.inf
del C:\sahagent.log
Note: %WindDir% is a variable, by default this is c:\windows on Windows 95/98/Me/XP or c:\winnt on windows 2000/NT.
Restart the computer.
Open the System folder (inside the Windows folder; called 'System' on Windows 95/98/Me or 'System32' under Windows NT/2000/XP), delete the following files:
'tracking.tmp', 'vg.dat', 'v.dat', 'lsp.dll', 'SahDownloader.exe', 'SahAgent.exe' and 'SAHhtml.exe'
Open Windows folder, delete the file SAHUninstall.exe.
Delete the following registry keys to clean up:
HKEY_LOCAL_MACHINE\SOFTWARE\VGroup
HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2\Layered Provider Sample (or the
entire Winsock2 key since it is a duplicate of the real key)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App
Management\ARPCache\ShopAtHomeSelect Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S
hopAtHomeSelect Agent
I would check for malware as well:
Webroot Spysweeper
Download it here:
Webroot Spysweeper 14 day Trial
Update the defs and do a sweep.
Also check this out:
Ewido download:
Update it and run a complete scan.
I would also check it with some other virus scanners just to make sure.
Best regards.
Erik
First make a folder on desktop & call it BFU then
please download BFU from
and save it to the folder you have just made
Open the folder & double click BFU.exe to run it
Run the program and click the Web button as shown here:
Use this URL below and copy it into the address bar of the Download script
window:
Execute the script by clicking the Execute button.
Note that you should see a progress bar while the script is being executed.
If you have any questions about the use of BFU please read here:
Download hijack this from the link below.Please do this. Click here:
to download HijackThis. Click scan and save a logfile, then post it here so
we can take a look at it for you. Don't click fix on anything in hijack this
as most of the files are legitimate.
Member of ASAP Alliance of Security Analysis Professionals
under the name khazars
please download BFU from
and save it to the folder you have just made
Open the folder & double click BFU.exe to run it
Run the program and click the Web button as shown here:
Use this URL below and copy it into the address bar of the Download script
window:
Execute the script by clicking the Execute button.
Note that you should see a progress bar while the script is being executed.
If you have any questions about the use of BFU please read here:
Download hijack this from the link below.Please do this. Click here:
to download HijackThis. Click scan and save a logfile, then post it here so
we can take a look at it for you. Don't click fix on anything in hijack this
as most of the files are legitimate.
Member of ASAP Alliance of Security Analysis Professionals
under the name khazars
- Thread starter
- #4
- Status
Similar threads