Jump to content

McAfee won't run/update, Firefox popups/crashing


Recommended Posts

A big THANK YOU in advance for all the help and consideration. Here are my MBAM and HJT logs:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:48:47 PM, on 8/26/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

G:\WINDOWS\System32\smss.exe

G:\WINDOWS\system32\winlogon.exe

G:\WINDOWS\system32\services.exe

G:\WINDOWS\system32\lsass.exe

G:\WINDOWS\system32\svchost.exe

G:\WINDOWS\System32\svchost.exe

G:\WINDOWS\system32\spoolsv.exe

G:\WINDOWS\Explorer.EXE

G:\Program Files\McAfee.com\Agent\mcagent.exe

G:\WINDOWS\SOUNDMAN.EXE

G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

G:\WINDOWS\system32\ctfmon.exe

G:\Program Files\iTunes\iTunesHelper.exe

G:\WINDOWS\system32\RUNDLL32.EXE

G:\Program Files\McAfee\MBK\McAfeeDataBackup.exe

G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

G:\Program Files\CASIO\Photo Loader\Plauto.exe

G:\Program Files\Locate\Locate32.exe

G:\Program Files\MagicDisc\MagicDisc.exe

G:\Program Files\Secunia\PSI\psi.exe

G:\Program Files\SpywareGuard\sgmain.exe

G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

G:\Program Files\Bonjour\mDNSResponder.exe

G:\Program Files\McAfee\MBK\MBackMonitor.exe

G:\Program Files\McAfee\SiteAdvisor\McSACore.exe

G:\Program Files\SpywareGuard\sgbhp.exe

G:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

g:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

g:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

G:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

G:\Program Files\McAfee\MPF\MPFSrv.exe

G:\WINDOWS\system32\nvsvc32.exe

G:\WINDOWS\system32\svchost.exe

G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

G:\Program Files\Viewpoint\Common\ViewpointService.exe

G:\Program Files\iPod\bin\iPodService.exe

G:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

g:\PROGRA~1\mcafee\msc\mcuimgr.exe

G:\Program Files\Mozilla Firefox\firefox.exe

G:\WINDOWS\system32\wuauclt.exe

G:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - G:\Program Files\AIM Toolbar\aimtb.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - G:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - G:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - G:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - G:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll

O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - G:\Program Files\AIM Toolbar\aimtb.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - g:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - G:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - G:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll

O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - G:\Program Files\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - g:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - G:\Program Files\AIM Toolbar\aimtb.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - G:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - G:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll

O4 - HKLM\..\Run: [mcagent_exe] G:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [GrooveMonitor] "G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [McAfee Backup] G:\Program Files\McAfee\MBK\McAfeeDataBackup.exe

O4 - HKLM\..\Run: [MBkLogOnHook] G:\Program Files\McAfee\MBK\LogOnHook.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Locate32 Autorun.lnk = ?

O4 - Startup: MagicDisc.lnk = G:\Program Files\MagicDisc\MagicDisc.exe

O4 - Startup: Secunia PSI.lnk = G:\Program Files\Secunia\PSI\psi.exe

O4 - Startup: SpywareGuard.lnk = G:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: Photo Loader supervisory.lnk = G:\Program Files\CASIO\Photo Loader\Plauto.exe

O8 - Extra context menu item: &AIM Toolbar Search - G:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - G:\Program Files\AIM Toolbar\aimtb.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - G:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - G:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - g:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - G:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: Apple Mobile Device - Apple Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - G:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Software Updater (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MBackMonitor - McAfee - G:\Program Files\McAfee\MBK\MBackMonitor.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - G:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - G:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - g:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - G:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - g:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - G:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - G:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - G:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - G:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - G:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - G:\Program Files\Viewpoint\Common\ViewpointService.exe

O24 - Desktop Component 0: (no name) - https://epmail.elpaso.com/OWA/8.1.359.2/the...base/dc-wrd.gif

--

End of file - 10281 bytes

Malwarebytes' Anti-Malware 1.40

Database version: 2695

Windows 5.1.2600 Service Pack 3

8/25/2009 4:03:16 PM

mbam-log-2009-08-25 (16-03-16).txt

Scan type: Full Scan (C:\|G:\|H:\|)

Objects scanned: 178502

Time elapsed: 1 hour(s), 0 minute(s), 25 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hello Trravis,

You were informed that your OS was a pirated version by francis327.

http://www.malwareremoval.com/forum/viewto...=463554#p463554

approximately six hours later you started this thread.

I very much doubt that you had time to contact Microsoft and get a new activation code.

Please can you explain why you are still seeking assistance when you have been informed of your best course of action.

Link to post
Share on other sites

  • Root Admin

Well I'm sorry but since you have evidence of cracked or pirated software you're using on the system I have no choice but to close this thread now.

HiJack This! Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.