1 2 Previous Next 10 Replies Latest reply: Mar 10, 2009 12:55 PM by Ex_Brit RSS

    LogOnHook.exe-this is the problem

      Good morning,

      When I log into my computer this error msg continuously comes up:

      LogOnHook.exe: The application failed to initialize properly (OXC0000135). Click OK to terminate the application.

      Below is the result of the scan from your website:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 11:26:22 AM, on 3/5/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16791)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\inetsrv\inetinfo.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
      c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
      c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
      C:\Program Files\McAfee\MPF\MPFSrv.exe
      C:\WINDOWS\System32\snmp.exe
      C:\WINDOWS\system32\mqsvc.exe
      C:\WINDOWS\system32\mqtgsvc.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
      c:\PROGRA~1\mcafee.com\agent\mcagent.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/ search/search.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
      O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
      O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
      O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [Verizon Custom Uninstall Tracking] C:\DOCUME~1\Donna\LOCALS~1\Temp\InstallHelper.exe /uninstalltrackingvendor=Verizon
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
      O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\DOCUME~1\Donna\LOCALS~1\TEMPOR~1\Content.IE5\NE7Q4ZE1\MC6_1_~1.SH! C:\DOCUME~1\Donna\LOCALS~1\TEMPOR~1\Content.IE5\CWGAJX2Q\66563%~1.SH! C:\DOCUME~1\Donna\LOCALS~1\TEMPOR~1\Content.IE5\CWGAJX2Q\A_1_~1.SH! C:\DOCUME~1\Donna\LOCALS~1\TEMPOR~1\Content.IE5\7FNZRWSB\A_1_~1.SH! c:\DOCUME~1\donna\LOCALS~1\temp\HSPERF~1.SH! C:\DOCUME~1\Donna\LOCALS~1\TEMPOR~1\Content.IE5\CWGAJX2Q\P!ELKI~1.SH! C:\DOCUME~1\Donna\LOCALS~1\TEMPOR~1\Content.IE5\DGZF2LCD\ADS_3_~1.SH! C:\DOCUME~1\Donna\LOCALS~1\TEMPOR~1\Content.IE5\DGZF2LCD\GADSEN~1.SH! C:\DOCUME~1\Donna\LOCALS~1\TEMPOR~1\Content.IE5\CWGAJX2Q\BLBRAI~2.SH! C:\DOCUME~1\Donna\LOCALS~1\TEMPOR~1\Content.IE5\7FNZRWSB\BLBRAI~1.SH! C:\DOCUME~1\Donna\LOCALS~1\TEMPOR~1\Content.IE5\7FNZRWSB\AUTOIN~1.SH! C:\DOCUME~1\Donna\LOCALS~1\TEMPOR~1\Content.IE5\7FNZRWSB\THE-NA~1.SH! C:\DOCUME~1\Donna\LOCALS~1\TEMPOR~1\Content.IE5\DGZF2LCD\APPLIC~1.SH! C:\DOCUME~1\Donna\LOCALS~1\TEMPOR~1\Content.IE5\CWGAJX2Q\ADS_8_~1.SH! C
      O4 - HKCU\..\RunOnce: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\DOCUME~1\Donna\LOCALS~1\TEMPOR~1\Content.IE5\P737DXCE\BLANKH~1.SH! C:\DOCUME~1\Donna\LOCALS~1\TEMPOR~1\Content.IE5\RA8JR901\CTUONL~1.SH! C:\DOCUME~1\Donna\LOCALS~1\TEMPOR~1\Content.IE5\TZJHJDB4\MXRETU~2.SH! C:\DOCUME~1\Donna\LOCALS~1\TEMPOR~1\Content.IE5\8XIBKDUZ\DEFAUL~1.SH! C:\DOCUME~1\Donna\LOCALS~1\TEMPOR~1\Content.IE5\E34V9MJQ\DUB6E9~1.SH! C:\DOCUME~1\Donna\LOCALS~1\TEMPOR~1\Content.IE5\P737DXCE\BROWSE~2.SH! C:\DOCUME~1\Donna\LOCALS~1\TEMPOR~1\Content.IE5\P737DXCE\LINKS_~1.SH! C:\DOCUME~1\Donna\LOCALS~1\TEMPOR~1\Content.IE5\BUWJB58L\MXRETU~1.SH! C:\DOCUME~1\Donna\LOCALS~1\TEMPOR~1\Content.IE5\8XIBKDUZ\__ORD_~1.SH! C:\DOCUME~1\Donna\LOCALS~1\TEMPOR~1\Content.IE5\6TPERMLO\FRAMES~1.SH! C:\DOCUME~1\Donna\LOCALS~1\TEMPOR~1\Content.IE5\NTYEKISF\POPULA~1.SH! C:\DOCUME~1\Donna\LOCALS~1\TEMPOR~1\Content.IE5\NTYEKISF\__ORD_~1.SH! C:\DOCUME~1\Donna\LOCALS~1\TEMPOR~1\Content.IE5\HCHWAVVI\BETTER~1.SH! C:\DOCUME~1\Donna\LOCALS~1\TEMPOR~1\Co
      O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm842YYUS
      O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
      O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
      O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
      O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
      O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
      O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
      O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

      --
      End of file - 8436 bytes


      PLEASE HELP!

      I am an accountant and I also attend an online college and I do not want this to infect other computers that I have to deal with. Also I deal with highly sensative materials.

      Thank you,
      bergendj
        • 1. RE: LogOnHook.exe-this is the problem
          Ex_Brit
          We aren't qualified to analyse Hijackthis logs here I'm sorry.

          Please post them on one of the forums that specialise in HJT logs. Here's a selection:

          AUMHA FORUM

          BLEEPING COMPUTER FORUM

          GEEKS TO GO FORUM

          MAJOR GEEKS FORUM

          MALWAREBYTES FORUM

          MALWARE REMOVAL FORUM

          SPYWAREHAMMER FORUM

          SPYWARE INFO FORUM

          WHAT THE TECH FORUM

          Be sure to read all the sticky announcements/instructions at the top of each malware forum!

          Meanwhile I'll move this to the Virus Discussions Forum.
          • 2. RE: LogOnHook.exe-this is the problem
            This application is from YOUR Security product. This was posted because I THOUGHT it was a virus or trojan or whatever. It is an APPLICATION. Would you please look at it closer that the spot check. I have COMCAST in the Camden, New Jersy area.

            Yo, I really need help.

            Thank you,
            bergendj
            • 3. RE: LogOnHook.exe-this is the problem
              Ex_Brit
              Hijackthis is not a McAfee application and only certain forums are qualified to read these logs, certainly not this one. I'm sorry but if you want someone to check a HJT log you must follow the correct procedure otherwise this will take forever to sort out.

              If you want McAfee to analyse anything then you must send the actual infected objects to McAfee Threat Center.

              Send a file to Avert for analysis:
              http://vil.nai.com/vil/submit-sample.aspx
              or
              https://www.webimmune.net/default.asp
              or
              Email file to: [EMAIL="virus_research@avertlabs.com"]virus_research@avertlabs.com
              When submitting samples via E-mail all samples must be packaged in a .ZIP file. When creating this .ZIP file, it is important to understand that the .ZIP can be no more than 3 megabytes in size and can contain no more than 30 files. Additionally, any .ZIP file created must be password-protected using the password "infected" (minus the ""). Failure to follow these guidelines will cause your submission to be rejected.
              • 4. RE: LogOnHook.exe-this is the problem
                O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe

                This is the only line I wanted you to look at and tell me how to run the application or take it out, or delete it or something. I was not trying to be smart. HitJackThis was used to locate the problem. When they analyzed it, it was discovered that the application belonged to McAfee.

                Upon startup this is the Error Message:

                LogOnHook.exe - Application Error
                The application failed to initialize properly (OXC0000135). Click OK to terminate the application.

                Please would you help me.

                Thank you,
                bergendj
                • 5. RE: LogOnHook.exe-this is the problem
                  Ex_Brit
                  Well I'm glad you found that as I said, we don't read Hijackthis logs!

                  That belongs to McAfee Databackup and hasn't been reported since 2007 so that begs the question how old is your McAfee product?

                  I need more information:

                  Please include the following information:
                  What is your operating system, service pack and are you up to date with Microsoft update?
                  What McAfee products do you have? If your taskbar icon is like this: - right-click it and go to each application "About" and post the details.
                  If it is like this: - double-click to open SecurityCenter and then click "View Details" or "About" at the lower right of the new window. Post the details from each module.
                  • 6. RE: LogOnHook.exe-this is the problem
                    Ex_Brit
                    I would add that you could try removing this product only. Assuming that you have McAfee Security Center listed in your Control Panel/Add or Remove Programs click it and select only Data Backup for removal.

                    Alternatively look for "McAfee Data Backup" as a separate item.

                    You could try reinstalling it from your account using the Customize option but any backups already made will most likely not be accessible afterwards.
                    • 7. RE: LogOnHook.exe-this is the problem
                      Touche`, point taken!

                      It is a white M with red background.

                      SecurityCenter
                      8.1
                      8.1.175
                      108
                      en-us
                      last update 2/17/09

                      VirusScan
                      12.1
                      12.1.111
                      108
                      en-us
                      last update 3/9/09
                      DAT ver 5548.0000
                      DAT creation 3/9/09
                      Engine ver 5300.2777

                      Personal FireWall
                      9.1
                      9.1.108
                      108
                      en-us
                      lasr update 2/17/09

                      Privacy Service
                      10.1
                      10.1.142
                      en-us
                      last update 2/18/09

                      Data Backup
                      1.2
                      1.2.103
                      en-us
                      last update 2/18/09
                      • 8. RE: LogOnHook.exe-this is the problem
                        Ex_Brit
                        Thanks, so not too old. The question is, do you actually use Data Backup? I find that there are much better products available for that purpose so I personally don't even bother installing it.

                        If you don't use it then just uninstall it and that particular error should hopefully disappear.
                        • 9. RE: LogOnHook.exe-this is the problem
                          Where do I go and how do I uninstall. I do not need it.
                          1 2 Previous Next