HJT Log_Internet Explorer Crash

wioneo · November 19, 2005

When I am playing Runescape, I receieve this error

randomly. The chance of getting this error increases when I kill things in the game. I have completely removed and re-installed both Internet explorer and Sun Java... I didn't know what else to do, so I Scanned with Hijack This while the game was running. Here is the log

Logfile of HijackThis v1.99.1



Scan saved at 10:05:42 PM, on 11/18/2005



Platform: Windows XP SP2 (WinNT 5.01.2600)



MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)







Running processes:



C:\WINDOWS\System32\smss[Caution: ExecutableFile]



C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]



C:\WINDOWS\system32\services[Caution: ExecutableFile]



C:\WINDOWS\system32\lsass[Caution: ExecutableFile]



C:\WINDOWS\system32\svchost[Caution: ExecutableFile]



C:\WINDOWS\System32\svchost[Caution: ExecutableFile]



C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]



C:\Program Files\Common Files\AOL\ACS\AOLAcsd[Caution: ExecutableFile]



C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon[Caution: ExecutableFile]



C:\Program Files\ewido\security suite\ewidoctrl[Caution: ExecutableFile]



C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM[Caution: ExecutableFile]



C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE[Caution: ExecutableFile]



C:\Program Files\Softex\OmniPass\Omniserv[Caution: ExecutableFile]



C:\WINDOWS\System32\svchost[Caution: ExecutableFile]



C:\WINDOWS\wanmpsvc[Caution: ExecutableFile]



C:\WINDOWS\system32\svchost[Caution: ExecutableFile]



C:\Program Files\Softex\OmniPass\OPXPApp[Caution: ExecutableFile]



C:\PROGRA~1\McAfee.com\PERSON~1\Mp[bleep]ent[Caution: ExecutableFile]



C:\WINDOWS\Explorer[Caution: ExecutableFile]



c:\program files\mcafee.com\agent\mcagent[Caution: ExecutableFile]



C:\PROGRA~1\mcafee.com\vso\mcvsshld[Caution: ExecutableFile]



C:\Program Files\Microsoft AntiSpyware\gcasServ[Caution: ExecutableFile]



c:\progra~1\mcafee.com\vso\mcvsescn[Caution: ExecutableFile]



C:\Program Files\Common Files\AOL\ACS\AOLDial[Caution: ExecutableFile]



C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray[Caution: ExecutableFile]



C:\Program Files\Java\jre1.5.0_05\bin\jusched[Caution: ExecutableFile]



C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]



C:\Program Files\Spybot - Search & Destroy\TeaTimer[Caution: ExecutableFile]



C:\WINDOWS\system32\rundll32[Caution: ExecutableFile]



C:\Program Files\HP\Digital Imaging\bin\hpqtra08[Caution: ExecutableFile]



C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002[Caution: ExecutableFile]



c:\PROGRA~1\mcafee.com\vso\mcvsrte[Caution: ExecutableFile]



C:\Program Files\Real\RealOne Player\RealPlay[Caution: ExecutableFile]



C:\Program Files\Common Files\AOL\1101581974\ee\AOLHostManager[Caution: ExecutableFile]



C:\Program Files\Common Files\AOL\1101581974\ee\AOLServiceHost[Caution: ExecutableFile]



c:\program files\common files\aol\1101581974\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler[Caution: ExecutableFile]



C:\Program Files\Common Files\AOL\1101581974\ee\AOLServiceHost[Caution: ExecutableFile]



C:\Program Files\apsi\wtta[Caution: ExecutableFile]



C:\Program Files\America Online 9.0g\waol[Caution: ExecutableFile]



C:\Program Files\America Online 9.0g\shellmon[Caution: ExecutableFile]



c:\PROGRA~1\mcafee.com\vso\mcshield[Caution: ExecutableFile]



C:\WINDOWS\System32\HPZipm12[Caution: ExecutableFile]



C:\Program Files\Microsoft AntiSpyware\gcasDtServ[Caution: ExecutableFile]



C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile]



C:\Documents and Settings\Owner\Desktop\Game_Maker\Demos\hijackthis\HijackThis[Caution: ExecutableFile]







R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank



R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank



R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 



R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank



R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local



R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 



R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll



O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll



O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll



O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll



O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll



O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll



O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll



O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll



O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate[Caution: ExecutableFile]



O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent[Caution: ExecutableFile]



O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr[Caution: ExecutableFile]" /checktask



O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld[Caution: ExecutableFile]"



O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ[Caution: ExecutableFile]"



O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial[Caution: ExecutableFile]



O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray[Caution: ExecutableFile]



O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime



O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched[Caution: ExecutableFile]



O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]"  -osboot



O4 - HKCU\..\Run: [NVIEW] rundll32[Caution: ExecutableFile] nview.dll,nViewLoadHook



O4 - HKCU\..\Run: [innhi] C:\WINDOWS\system32\??chost[Caution: ExecutableFile]



O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer[Caution: ExecutableFile]



O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0g\AOL[Caution: ExecutableFile]" -b



O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl[Caution: ExecutableFile]



O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08[Caution: ExecutableFile]



O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002[Caution: ExecutableFile]



O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate[Caution: ExecutableFile]



O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent[Caution: ExecutableFile]



O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll



O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll



O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll



O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL



O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim[Caution: ExecutableFile]



O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll



O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]



O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]



O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsouth.net/sdccommon/download/tgctlcm.cab



O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204



O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab



O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) - 



O18 - Protocol: start - (no CLSID) - (no file)



O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll



O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll



O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)



O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd[Caution: ExecutableFile]



O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon[Caution: ExecutableFile]



O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl[Caution: ExecutableFile]



O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]



O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield[Caution: ExecutableFile]



O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr[Caution: ExecutableFile]) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr[Caution: ExecutableFile]



O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte[Caution: ExecutableFile]



O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE[Caution: ExecutableFile]



O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv[Caution: ExecutableFile]



O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12[Caution: ExecutableFile]



O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd[Caution: ExecutableFile]" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)



O23 - Service: Security Agent (scagent) - Unknown owner - C:\WINDOWS\system32\scagent[Caution: ExecutableFile]" start (file missing)



O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc[Caution: ExecutableFile]

weezcake · November 19, 2005

It doesn't look like there's anything suspicious, but I do see maybe 3 anti-viruses running at the same time (ewido, mcafee, AOL?) One is sufficient..

DJpailo · November 19, 2005

you have a broswer hijacker I believe. Run ad-aware se and spybot search and destroy in safe mode. Then go back to normal mode, and post a fresh log.

coltm4carbine · November 19, 2005

*hint* if he did have a browser hijacker it would of been cws. *hint*

i won't go into too much detail incase it ends up like last time.

DJpailo · November 19, 2005

*hint* if he did have a browser hijacker it would of been cws. *hint*

i won't go into too much detail incase it ends up like last time.

his homepage is blank, search page blank, thats what made me to think it was browser hijacker. I dunno.

wioneo · November 19, 2005

My homepage is google, and my search page is blank. When I opened IE 2 minutes ago it showed google, so I don't know why it would appear blank.

Also, EWIDO is expired, I'll uninstall that. By AOL do you mean AOL Privacy Wall or AOL Spyware protection? I recently switched from dial-up, so there are is still a lot of AOL stuff.

coltm4carbine · November 19, 2005

and my search page is blank

if you have setted it like that then it's ok.

IF not then:

Download CWShredder ]here to its own folder.

Update CWShredder

* Open CWShredder and click I AGREE

* Click Check For Update

* Close CWShredder

Boot into Safe Mode:

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about. Reboot your computer into normal windows.

wioneo · November 19, 2005

I already had CWS shredder and ran it. Here is the new log.

Logfile of HijackThis v1.99.1



Scan saved at 1:36:24 PM, on 11/19/2005



Platform: Windows XP SP2 (WinNT 5.01.2600)



MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)







Running processes:



C:\WINDOWS\System32\smss[Caution: ExecutableFile]



C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]



C:\WINDOWS\system32\services[Caution: ExecutableFile]



C:\WINDOWS\system32\lsass[Caution: ExecutableFile]



C:\WINDOWS\system32\svchost[Caution: ExecutableFile]



C:\WINDOWS\System32\svchost[Caution: ExecutableFile]



C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]



C:\Program Files\Common Files\AOL\ACS\AOLAcsd[Caution: ExecutableFile]



C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon[Caution: ExecutableFile]



C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM[Caution: ExecutableFile]



C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE[Caution: ExecutableFile]



C:\Program Files\Softex\OmniPass\Omniserv[Caution: ExecutableFile]



C:\WINDOWS\System32\svchost[Caution: ExecutableFile]



C:\WINDOWS\wanmpsvc[Caution: ExecutableFile]



C:\WINDOWS\system32\svchost[Caution: ExecutableFile]



C:\Program Files\Softex\OmniPass\OPXPApp[Caution: ExecutableFile]



C:\PROGRA~1\McAfee.com\PERSON~1\Mp[bleep]ent[Caution: ExecutableFile]



C:\WINDOWS\Explorer[Caution: ExecutableFile]



C:\PROGRA~1\McAfee.com\Agent\McAgent[Caution: ExecutableFile]



C:\PROGRA~1\mcafee.com\vso\mcvsshld[Caution: ExecutableFile]



C:\Program Files\Microsoft AntiSpyware\gcasServ[Caution: ExecutableFile]



C:\Program Files\Common Files\AOL\ACS\AOLDial[Caution: ExecutableFile]



c:\progra~1\mcafee.com\vso\mcvsescn[Caution: ExecutableFile]



C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray[Caution: ExecutableFile]



C:\Program Files\Java\jre1.5.0_05\bin\jusched[Caution: ExecutableFile]



C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]



C:\WINDOWS\system32\??chost[Caution: ExecutableFile]



C:\Program Files\Spybot - Search & Destroy\TeaTimer[Caution: ExecutableFile]



C:\WINDOWS\system32\rundll32[Caution: ExecutableFile]



C:\Program Files\HP\Digital Imaging\bin\hpqtra08[Caution: ExecutableFile]



C:\Program Files\America Online 9.0g\waol[Caution: ExecutableFile]



C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002[Caution: ExecutableFile]



c:\PROGRA~1\mcafee.com\vso\mcvsrte[Caution: ExecutableFile]



c:\PROGRA~1\mcafee.com\vso\mcshield[Caution: ExecutableFile]



C:\Program Files\Common Files\AOL\1101581974\ee\AOLHostManager[Caution: ExecutableFile]



C:\Program Files\Common Files\AOL\1101581974\ee\AOLServiceHost[Caution: ExecutableFile]



C:\WINDOWS\System32\HPZipm12[Caution: ExecutableFile]



C:\DOCUME~1\Owner\LOCALS~1\Temp\!update[Caution: ExecutableFile]



C:\Program Files\apsi\wtta[Caution: ExecutableFile]



C:\Program Files\Microsoft AntiSpyware\gcasDtServ[Caution: ExecutableFile]



c:\program files\common files\aol\1101581974\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler[Caution: ExecutableFile]



C:\Program Files\America Online 9.0g\shellmon[Caution: ExecutableFile]



C:\Program Files\HP\hpcoretech\comp\hpdarc[Caution: ExecutableFile]



C:\Documents and Settings\Owner\Desktop\Game_Maker\Demos\hijackthis\HijackThis[Caution: ExecutableFile]







R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank



R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 



R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank



R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 



R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local



R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 



R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll



O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll



O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll



O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll



O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll



O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll



O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll



O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll



O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate[Caution: ExecutableFile]



O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent[Caution: ExecutableFile]



O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr[Caution: ExecutableFile]" /checktask



O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld[Caution: ExecutableFile]"



O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ[Caution: ExecutableFile]"



O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial[Caution: ExecutableFile]



O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray[Caution: ExecutableFile]



O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime



O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched[Caution: ExecutableFile]



O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]"  -osboot



O4 - HKCU\..\Run: [NVIEW] rundll32[Caution: ExecutableFile] nview.dll,nViewLoadHook



O4 - HKCU\..\Run: [innhi] C:\WINDOWS\system32\??chost[Caution: ExecutableFile]



O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer[Caution: ExecutableFile]



O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0g\AOL[Caution: ExecutableFile]" -b



O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl[Caution: ExecutableFile]



O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08[Caution: ExecutableFile]



O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002[Caution: ExecutableFile]



O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate[Caution: ExecutableFile]



O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent[Caution: ExecutableFile]



O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll



O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll



O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll



O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL



O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim[Caution: ExecutableFile]



O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll



O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]



O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]



O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsouth.net/sdccommon/download/tgctlcm.cab



O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204



O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab



O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) - 



O18 - Protocol: start - (no CLSID) - (no file)



O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll



O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll



O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)



O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd[Caution: ExecutableFile]



O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon[Caution: ExecutableFile]



O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl[Caution: ExecutableFile]



O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]



O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield[Caution: ExecutableFile]



O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr[Caution: ExecutableFile]) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr[Caution: ExecutableFile]



O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte[Caution: ExecutableFile]



O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE[Caution: ExecutableFile]



O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv[Caution: ExecutableFile]



O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12[Caution: ExecutableFile]



O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd[Caution: ExecutableFile]" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)



O23 - Service: Security Agent (scagent) - Unknown owner - C:\WINDOWS\system32\scagent[Caution: ExecutableFile]" start (file missing)



O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc[Caution: ExecutableFile]

EDIT: I wasn't running runescape when I scanned for this.

coltm4carbine · November 19, 2005

Create a folder on the C: drive called C:\HJT.

You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it hjt

Move HJT into this new folder please,

This is important so please do this prior to anything else please

then run ur antivirus.

then clean out temp.

go offline then reboot and fix these if present:

O4 - HKCU\..\Run: [innhi] C:\WINDOWS\system32\??chost[Caution: ExecutableFile]

O23 - Service: Security Agent (scagent) - Unknown owner - C:\WINDOWS\system32\scagent[Caution: ExecutableFile] " start (file missing)

reboot into safemode and find and delete these files:

C:\WINDOWS\system32\??chost[Caution: ExecutableFile]

C:\WINDOWS\system32\scagent[Caution: ExecutableFile]

reboot into normal mode and post a new log.

wioneo · November 19, 2005

By "your antivirus" do you mean ad-aware se?

DJpailo · November 19, 2005

By "your antivirus" do you mean ad-aware se?

Mcafee

wioneo · November 19, 2005

First a question, If you bought McAfee, and then you downloaded the AOL version, would that downgrade it?

coltm4carbine · November 19, 2005

don't use the aol one. i can see 2 viruses/ trojans.

run mcafee (in safemode) and it should get rid of them.

after that post a new HJT log in normal mode.

dj wanna take over? i will need to sleep in a few hours.

wioneo · November 19, 2005

Those last two processess were not displayed. Here is the log;

Logfile of HijackThis v1.99.1



Scan saved at 4:31:40 PM, on 11/19/2005



Platform: Windows XP SP2 (WinNT 5.01.2600)



MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)







Running processes:



C:\WINDOWS\System32\smss[Caution: ExecutableFile]



C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]



C:\WINDOWS\system32\services[Caution: ExecutableFile]



C:\WINDOWS\system32\lsass[Caution: ExecutableFile]



C:\WINDOWS\system32\svchost[Caution: ExecutableFile]



C:\WINDOWS\System32\svchost[Caution: ExecutableFile]



C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]



C:\Program Files\Common Files\AOL\ACS\AOLAcsd[Caution: ExecutableFile]



C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon[Caution: ExecutableFile]



C:\Program Files\ewido\security suite\ewidoctrl[Caution: ExecutableFile]



C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM[Caution: ExecutableFile]



C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE[Caution: ExecutableFile]



C:\Program Files\Softex\OmniPass\Omniserv[Caution: ExecutableFile]



C:\WINDOWS\System32\svchost[Caution: ExecutableFile]



C:\WINDOWS\wanmpsvc[Caution: ExecutableFile]



C:\WINDOWS\system32\svchost[Caution: ExecutableFile]



C:\Program Files\Softex\OmniPass\OPXPApp[Caution: ExecutableFile]



C:\PROGRA~1\McAfee.com\PERSON~1\Mp[bleep]ent[Caution: ExecutableFile]



C:\WINDOWS\Explorer[Caution: ExecutableFile]



C:\PROGRA~1\McAfee.com\Agent\McAgent[Caution: ExecutableFile]



C:\PROGRA~1\mcafee.com\vso\mcvsshld[Caution: ExecutableFile]



C:\Program Files\Microsoft AntiSpyware\gcasServ[Caution: ExecutableFile]



C:\Program Files\Common Files\AOL\ACS\AOLDial[Caution: ExecutableFile]



C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray[Caution: ExecutableFile]



c:\progra~1\mcafee.com\vso\mcvsescn[Caution: ExecutableFile]



C:\Program Files\Java\jre1.5.0_05\bin\jusched[Caution: ExecutableFile]



C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]



C:\Program Files\Spybot - Search & Destroy\TeaTimer[Caution: ExecutableFile]



C:\Program Files\HP\Digital Imaging\bin\hpqtra08[Caution: ExecutableFile]



C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002[Caution: ExecutableFile]



C:\WINDOWS\system32\rundll32[Caution: ExecutableFile]



c:\PROGRA~1\mcafee.com\vso\mcvsrte[Caution: ExecutableFile]



c:\PROGRA~1\mcafee.com\vso\mcshield[Caution: ExecutableFile]



C:\Program Files\Microsoft AntiSpyware\gcasDtServ[Caution: ExecutableFile]



C:\Program Files\Common Files\AOL\1101581974\ee\AOLHostManager[Caution: ExecutableFile]



C:\Program Files\Common Files\AOL\1101581974\ee\AOLServiceHost[Caution: ExecutableFile]



C:\WINDOWS\System32\HPZipm12[Caution: ExecutableFile]



c:\program files\common files\aol\1101581974\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler[Caution: ExecutableFile]



C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile]



C:\HJT\HijackThis[Caution: ExecutableFile]







R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank



R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 



R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank



R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 



R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local



R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 



R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll



O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll



O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll



O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll



O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll



O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll



O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll



O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate[Caution: ExecutableFile]



O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent[Caution: ExecutableFile]



O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr[Caution: ExecutableFile]" /checktask



O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld[Caution: ExecutableFile]"



O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ[Caution: ExecutableFile]"



O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial[Caution: ExecutableFile]



O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray[Caution: ExecutableFile]



O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime



O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched[Caution: ExecutableFile]



O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]"  -osboot



O4 - HKCU\..\Run: [NVIEW] rundll32[Caution: ExecutableFile] nview.dll,nViewLoadHook



O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer[Caution: ExecutableFile]



O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl[Caution: ExecutableFile]



O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08[Caution: ExecutableFile]



O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002[Caution: ExecutableFile]



O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate[Caution: ExecutableFile]



O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent[Caution: ExecutableFile]



O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll



O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll



O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll



O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL



O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim[Caution: ExecutableFile]



O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll



O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]



O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]



O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsouth.net/sdccommon/download/tgctlcm.cab



O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204



O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab



O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) - 



O18 - Protocol: start - (no CLSID) - (no file)



O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll



O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll



O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)



O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd[Caution: ExecutableFile]



O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon[Caution: ExecutableFile]



O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl[Caution: ExecutableFile]



O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]



O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield[Caution: ExecutableFile]



O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr[Caution: ExecutableFile]) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr[Caution: ExecutableFile]



O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte[Caution: ExecutableFile]



O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE[Caution: ExecutableFile]



O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv[Caution: ExecutableFile]



O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12[Caution: ExecutableFile]



O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd[Caution: ExecutableFile]" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)



O23 - Service: Security Agent (scagent) - Unknown owner - C:\WINDOWS\system32\scagent[Caution: ExecutableFile]" start (file missing)



O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc[Caution: ExecutableFile]

coltm4carbine · November 19, 2005

ok

go offline, close all open browsers and run HJT.

fix this:

O23 - Service: Security Agent (scagent) - Unknown owner - C:\WINDOWS\system32\scagent[Caution: ExecutableFile] " start (file missing)

reboot into safemode.

find this and delete the folder.

C:\WINDOWS\system32\scagent[Caution: ExecutableFile]

now rescan with HJT and post the log.

wioneo · November 19, 2005

That file still wasn't there. New log...

Logfile of HijackThis v1.99.1



Scan saved at 5:27:43 PM, on 11/19/2005



Platform: Windows XP SP2 (WinNT 5.01.2600)



MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)







Running processes:



C:\WINDOWS\System32\smss[Caution: ExecutableFile]



C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]



C:\WINDOWS\system32\services[Caution: ExecutableFile]



C:\WINDOWS\system32\lsass[Caution: ExecutableFile]



C:\WINDOWS\system32\svchost[Caution: ExecutableFile]



C:\WINDOWS\System32\svchost[Caution: ExecutableFile]



C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]



C:\Program Files\Common Files\AOL\ACS\AOLAcsd[Caution: ExecutableFile]



C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon[Caution: ExecutableFile]



C:\Program Files\ewido\security suite\ewidoctrl[Caution: ExecutableFile]



C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM[Caution: ExecutableFile]



C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE[Caution: ExecutableFile]



C:\Program Files\Softex\OmniPass\Omniserv[Caution: ExecutableFile]



C:\WINDOWS\System32\svchost[Caution: ExecutableFile]



C:\WINDOWS\wanmpsvc[Caution: ExecutableFile]



C:\WINDOWS\system32\svchost[Caution: ExecutableFile]



C:\Program Files\Softex\OmniPass\OPXPApp[Caution: ExecutableFile]



C:\PROGRA~1\McAfee.com\PERSON~1\Mp[bleep]ent[Caution: ExecutableFile]



C:\WINDOWS\Explorer[Caution: ExecutableFile]



C:\PROGRA~1\McAfee.com\Agent\McAgent[Caution: ExecutableFile]



C:\PROGRA~1\mcafee.com\vso\mcvsshld[Caution: ExecutableFile]



C:\Program Files\Microsoft AntiSpyware\gcasServ[Caution: ExecutableFile]



C:\Program Files\Common Files\AOL\ACS\AOLDial[Caution: ExecutableFile]



C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray[Caution: ExecutableFile]



c:\progra~1\mcafee.com\vso\mcvsescn[Caution: ExecutableFile]



C:\Program Files\Java\jre1.5.0_05\bin\jusched[Caution: ExecutableFile]



C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]



C:\Program Files\Spybot - Search & Destroy\TeaTimer[Caution: ExecutableFile]



C:\Program Files\HP\Digital Imaging\bin\hpqtra08[Caution: ExecutableFile]



C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002[Caution: ExecutableFile]



C:\WINDOWS\system32\rundll32[Caution: ExecutableFile]



c:\PROGRA~1\mcafee.com\vso\mcvsrte[Caution: ExecutableFile]



c:\PROGRA~1\mcafee.com\vso\mcshield[Caution: ExecutableFile]



C:\Program Files\Microsoft AntiSpyware\gcasDtServ[Caution: ExecutableFile]



C:\Program Files\Common Files\AOL\1101581974\ee\AOLHostManager[Caution: ExecutableFile]



C:\Program Files\Common Files\AOL\1101581974\ee\AOLServiceHost[Caution: ExecutableFile]



C:\WINDOWS\System32\HPZipm12[Caution: ExecutableFile]



c:\program files\common files\aol\1101581974\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler[Caution: ExecutableFile]



C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile]



C:\HJT\HijackThis[Caution: ExecutableFile]







R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank



R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 



R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank



R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 



R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local



R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 



R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll



O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll



O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll



O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll



O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll



O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll



O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll



O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate[Caution: ExecutableFile]



O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent[Caution: ExecutableFile]



O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr[Caution: ExecutableFile]" /checktask



O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld[Caution: ExecutableFile]"



O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ[Caution: ExecutableFile]"



O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial[Caution: ExecutableFile]



O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray[Caution: ExecutableFile]



O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime



O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched[Caution: ExecutableFile]



O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]"  -osboot



O4 - HKCU\..\Run: [NVIEW] rundll32[Caution: ExecutableFile] nview.dll,nViewLoadHook



O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer[Caution: ExecutableFile]



O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl[Caution: ExecutableFile]



O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08[Caution: ExecutableFile]



O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002[Caution: ExecutableFile]



O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate[Caution: ExecutableFile]



O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent[Caution: ExecutableFile]



O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll



O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll



O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll



O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL



O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim[Caution: ExecutableFile]



O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll



O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]



O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]



O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsouth.net/sdccommon/download/tgctlcm.cab



O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204



O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab



O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) - 



O18 - Protocol: start - (no CLSID) - (no file)



O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll



O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll



O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)



O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd[Caution: ExecutableFile]



O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon[Caution: ExecutableFile]



O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl[Caution: ExecutableFile]



O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]



O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield[Caution: ExecutableFile]



O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr[Caution: ExecutableFile]) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr[Caution: ExecutableFile]



O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte[Caution: ExecutableFile]



O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE[Caution: ExecutableFile]



O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv[Caution: ExecutableFile]



O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12[Caution: ExecutableFile]



O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd[Caution: ExecutableFile]" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)



O23 - Service: Security Agent (scagent) - Unknown owner - C:\WINDOWS\system32\scagent[Caution: ExecutableFile]" start (file missing)



O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc[Caution: ExecutableFile]

coltm4carbine · November 19, 2005

ok lets try again.

You may wish to print out a copy of these instructions to follow while you complete this procedure.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items (if found), then click fix checked.

O23 - Service: Security Agent (scagent) - Unknown owner - C:\WINDOWS\system32\scagent.e3e (CAUTION - executable file) " start (file missing)

Reboot your PC.

Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).

Be sure you're able to view hidden files, and remove the following files in bold (if found):

C:\WINDOWS\system32\scagent.e3e

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working.

wioneo · November 20, 2005

I fixed scagent[Caution: ExecutableFile], but the file did not appear in the system32 folder. Wouldn't fixing it already delete the executable? Anyway here is the log;

Logfile of HijackThis v1.99.1



Scan saved at 3:14:53 AM, on 11/20/2005



Platform: Windows XP SP2 (WinNT 5.01.2600)



MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)







Running processes:



C:\WINDOWS\System32\smss[Caution: ExecutableFile]



C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]



C:\WINDOWS\system32\services[Caution: ExecutableFile]



C:\WINDOWS\system32\lsass[Caution: ExecutableFile]



C:\WINDOWS\system32\svchost[Caution: ExecutableFile]



C:\WINDOWS\System32\svchost[Caution: ExecutableFile]



C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]



C:\Program Files\Common Files\AOL\ACS\AOLAcsd[Caution: ExecutableFile]



C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon[Caution: ExecutableFile]



C:\Program Files\ewido\security suite\ewidoctrl[Caution: ExecutableFile]



C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM[Caution: ExecutableFile]



C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE[Caution: ExecutableFile]



C:\Program Files\Softex\OmniPass\Omniserv[Caution: ExecutableFile]



C:\WINDOWS\System32\svchost[Caution: ExecutableFile]



C:\WINDOWS\wanmpsvc[Caution: ExecutableFile]



C:\WINDOWS\system32\svchost[Caution: ExecutableFile]



C:\Program Files\Softex\OmniPass\OPXPApp[Caution: ExecutableFile]



C:\WINDOWS\Explorer[Caution: ExecutableFile]



C:\PROGRA~1\McAfee.com\PERSON~1\Mp[bleep]ent[Caution: ExecutableFile]



C:\PROGRA~1\McAfee.com\Agent\McAgent[Caution: ExecutableFile]



C:\PROGRA~1\mcafee.com\vso\mcvsshld[Caution: ExecutableFile]



C:\Program Files\Microsoft AntiSpyware\gcasServ[Caution: ExecutableFile]



C:\Program Files\Common Files\AOL\ACS\AOLDial[Caution: ExecutableFile]



C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray[Caution: ExecutableFile]



C:\Program Files\Java\jre1.5.0_05\bin\jusched[Caution: ExecutableFile]



C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]



c:\progra~1\mcafee.com\vso\mcvsescn[Caution: ExecutableFile]



C:\Program Files\Spybot - Search & Destroy\TeaTimer[Caution: ExecutableFile]



C:\Program Files\HP\Digital Imaging\bin\hpqtra08[Caution: ExecutableFile]



C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002[Caution: ExecutableFile]



C:\WINDOWS\system32\rundll32[Caution: ExecutableFile]



C:\Program Files\Microsoft AntiSpyware\gcasDtServ[Caution: ExecutableFile]



c:\PROGRA~1\mcafee.com\vso\mcvsrte[Caution: ExecutableFile]



c:\PROGRA~1\mcafee.com\vso\mcshield[Caution: ExecutableFile]



C:\WINDOWS\System32\HPZipm12[Caution: ExecutableFile]



C:\Program Files\Common Files\AOL\1101581974\ee\AOLHostManager[Caution: ExecutableFile]



C:\WINDOWS\system32\wuauclt[Caution: ExecutableFile]



C:\Program Files\Common Files\AOL\1101581974\ee\AOLServiceHost[Caution: ExecutableFile]



c:\program files\common files\aol\1101581974\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler[Caution: ExecutableFile]



C:\HJT\HijackThis[Caution: ExecutableFile]







R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank



R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 



R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank



R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 



R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local



R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 



R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll



O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll



O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll



O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll



O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll



O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll



O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll



O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate[Caution: ExecutableFile]



O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent[Caution: ExecutableFile]



O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr[Caution: ExecutableFile]" /checktask



O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld[Caution: ExecutableFile]"



O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ[Caution: ExecutableFile]"



O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial[Caution: ExecutableFile]



O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray[Caution: ExecutableFile]



O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime



O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched[Caution: ExecutableFile]



O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]"  -osboot



O4 - HKCU\..\Run: [NVIEW] rundll32[Caution: ExecutableFile] nview.dll,nViewLoadHook



O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer[Caution: ExecutableFile]



O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl[Caution: ExecutableFile]



O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08[Caution: ExecutableFile]



O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002[Caution: ExecutableFile]



O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate[Caution: ExecutableFile]



O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent[Caution: ExecutableFile]



O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll



O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll



O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll



O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL



O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim[Caution: ExecutableFile]



O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll



O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]



O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]



O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsouth.net/sdccommon/download/tgctlcm.cab



O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204



O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab



O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) - 



O18 - Protocol: start - (no CLSID) - (no file)



O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll



O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll



O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)



O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd[Caution: ExecutableFile]



O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon[Caution: ExecutableFile]



O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl[Caution: ExecutableFile]



O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]



O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield[Caution: ExecutableFile]



O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr[Caution: ExecutableFile]) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr[Caution: ExecutableFile]



O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte[Caution: ExecutableFile]



O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE[Caution: ExecutableFile]



O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv[Caution: ExecutableFile]



O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12[Caution: ExecutableFile]



O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd[Caution: ExecutableFile]" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)



O23 - Service: Security Agent (scagent) - Unknown owner - C:\WINDOWS\system32\scagent[Caution: ExecutableFile]" start (file missing)



O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc[Caution: ExecutableFile]

I am about to check to see if the error still occurs. My computer has been shutting down and starting up much faster, though.

EDIT: The error is still there :(

Timo · November 20, 2005

Can you make a little screeny of the error?

wioneo · November 20, 2005

There is a picture on the first page.

coltm4carbine · November 20, 2005

grrr... the o23 won't go away.

try this:

Click Start>Run and type in: services.msc

Click OK

In the Services window find: Security Agent

Select/highlight and right click the entry, and choose: Properties

On the General tab, under Service Status click the Stop button

Beside: Startup Type, in the drop menu, select: Disabled

Click Apply, then OK

find and delete this:

C:\WINDOWS\system32\scagent[Caution: ExecutableFile] <-- (the scagent)

Open HJT and click config > misc tools > ÃÆÃÂ¢ÃÂ¢Ã¢â¬Å¡ÃÂ¬Ãâ¦Ã¢â¬Ådelete an NT serviceÃÆÃÂ¢ÃÂ¢Ã¢â¬Å¡ÃÂ¬ÃâÃ

wioneo · November 21, 2005

First off, my brother has been on the computer for four hours, and I don't know what else might be wrong...

Click Start>Run and type in: services.msc

Click OK

DONE

In the Services window find: Security Agent

Select/highlight and right click the entry, and choose: Properties

DONE

On the General tab, under Service Status click the Stop button

NOT DONE..It was already stopped.

Beside: Startup Type, in the drop menu, select: Disabled

Click Apply, then OK

DONE

find and delete this:

C:\WINDOWS\system32\scagent.e3e (CAUTION - executable file) <-- (the scagent)

NOT DONE...It still wasn't there

Open HJT and click config > misc tools > ÃÆÃÂ¢ÃÂ¢Ã¢â¬Å¡ÃÂ¬Ãâ¦Ã¢â¬Ådelete an NT serviceÃÆÃÂ¢ÃÂ¢Ã¢â¬Å¡ÃÂ¬ÃâÃ

wioneo · November 21, 2005

I have been playing for over an hour continuously now. However, I am using low detail. Does this mean that my system is too weak? I don't think that it is because I had played RS for over a year before this problem started.

Sharper · November 21, 2005

I can't see anything bad in your HiJackThis Log. Are you still getting any annoyances? Errors or anything?

wioneo · November 21, 2005

I have been playing for over an hour continuously now. However, I am using low detail. Does this mean that my system is too weak? I don't think that it is because I had played RS for over a year before this problem started.

HJT Log_Internet Explorer Crash

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Important Information