1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

windows security center popping up. browser not loading/crashing.

Discussion in 'Virus & Other Malware Removal' started by Uh0h, Apr 19, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. Uh0h

    Uh0h Thread Starter

    Joined:
    Apr 19, 2010
    Messages:
    49
    im getting windows security center popping up and running scans which i beleive are fake. this happens just about whenever i click something. im also not able to go into the security center and change anything/turn it off...also, a different firewall is saying the windows security center is trying to connect to a website that clearly doesnt have anything to do with microsoft.

    also, firefox crashes upon loading (coinciding with the security center popping up. another browser opens but will not load any pages.

    i am able to go into task manager and end the ave.exe process, and that kills the security center. though only to load up again upon clicking something.

    here is the hjt log. (it may be an older HJT program, but i was not able to connect to the net on the infected computer, and that was the only HJT version i had on there.)

    something certainly doesnt look right in here, but im not nearly experienced to know what, OR what to do about it. the help would be great. THANK YOU.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:17:24 PM, on 4/20/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\WDBtnMgr.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\dvd43\dvd43_tray.exe
    C:\Program Files\TiVo\Desktop\TiVoNotify.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\PROGRA~1\MICROS~4\Wcescomm.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
    C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\WINDOWS\System32\wdfmgr.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 91.212.127.226 osguardpro.microsoft.com
    O1 - Hosts: 91.212.127.226 os-guardpro.com
    O1 - Hosts: 91.212.127.226 www.os-guardpro.com
    O2 - BHO: (no name) - {587c59df-8f60-42f4-aaa5-cc9917f7913e} - voranizi.dll (file missing)
    O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll
    O2 - BHO: BHO - {F5F14E7A-F59D-45a0-BDC5-A9F5454F0BCF} - C:\WINDOWS\system32\iehelper.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
    O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
    O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [system tool] C:\Program Files\mpsxdk\eyyrsysguard.exe
    O4 - HKLM\..\Run: [parepedomi] Rundll32.exe "mayopupo.dll",s
    O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe
    O4 - HKLM\..\Run: [jowoludop] Rundll32.exe "c:\windows\system32\yeruwuma.dll",a
    O4 - HKCU\..\Run: [Send To Phone (myPhoneFiles.com)] C:\PROGRA~1\SIGI-M~1.COM\mpfexet
    O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
    O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
    O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\Wcescomm.exe"
    O4 - HKCU\..\Run: [updateMgr] C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\ADOBEU~1.EXE AcRdB7_0_9
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [system tool] C:\Program Files\mpsxdk\eyyrsysguard.exe
    O4 - S-1-5-18 Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE (User 'SYSTEM')
    O4 - S-1-5-18 Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE (User 'SYSTEM')
    O4 - S-1-5-18 Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE (User 'Default user')
    O4 - .DEFAULT Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE (User 'Default user')
    O4 - .DEFAULT Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User 'Default user')
    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {578FC4E3-151E-456c-AF8E-B63061EFE228}} - (no file)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1230936484703
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1230936463812
    O20 - AppInit_DLLs: baliwefu.dll c:\windows\system32\yeruwuma.dll
    O21 - SSODL: zufodovuv - {1c5b2131-9df1-4f37-bf14-43ce7057ed35} - c:\windows\system32\yeruwuma.dll
    O22 - SharedTaskScheduler: kupuhivus - {1c5b2131-9df1-4f37-bf14-43ce7057ed35} - c:\windows\system32\yeruwuma.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
    O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: SystemSuite Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
    O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    --
    End of file - 10102 bytes
     
  2. Uh0h

    Uh0h Thread Starter

    Joined:
    Apr 19, 2010
    Messages:
    49
    its been about 2 days, i thought i would bump it...thanks in advance if i can get any help!
     
  3. Uh0h

    Uh0h Thread Starter

    Joined:
    Apr 19, 2010
    Messages:
    49
    lets nudge it again.
     
  4. Uh0h

    Uh0h Thread Starter

    Joined:
    Apr 19, 2010
    Messages:
    49
    and again if i may
     
  5. jmw3

    jmw3 Malware Specialist

    Joined:
    Jul 23, 2007
    Messages:
    1,460
    Hello & Welcome to TechSupportGuy

    Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

    In the meantime please note the following:
    • Any recommendations made are for your computer problems only and should NOT be used on any other computer.
    • Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
      1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
      2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
    • If you get stuck or are unsure of something please ask for a further explanation, do not guess.
    • It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.
    Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
    If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.

    Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

    Because of this, I advise you to backup any personal files and folders before you start.

    Thanks

    DDS
    Download DDS.scr by sUBs from one of the following links & save it to your desktop.
    Link 1
    Link 2
    • Double-Click on dds.scr and a command window will appear. This is normal
    • Shortly after two logs will appear, DDS.txt & Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply
    Gmer
    Download GMER Rootkit Scanner from here & save it to your desktop.
    • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

      [​IMG]
      Click the image to enlarge it
    • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)
    • Then click the Scan button & wait for it to finish
    • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
    • Save it where you can easily find it, such as your desktop, and post it in reply
    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

    Do not run any programs while Gmer is running.

    NOTE: If you cannot run GMER as indicated above, save a scan from the initial startup scan.
    • Before scanning, make sure all other running programs are closed & no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan
    • Double click the gmer.exe file
    • The program will begin to run & perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No
    • After the "initial scan" is complete, click on the Save button, save the log file to your desktop & post it in your reply


    To post in next reply:
    Contents of DDS log
    Contents of Attach.txt
    Contents of Gmer log
     
  6. Uh0h

    Uh0h Thread Starter

    Joined:
    Apr 19, 2010
    Messages:
    49
    ahhh yes! thank you.

    so i have done what you asked, though i will say, before i was able to do that, in the days prior, i had a restart, and that seemed to make things worse...there were more processes that were unfamiliar, and a different type of supposed antivirus pop up...

    also,
    i ran the dds fine, but when i did the gmer scan, something happened in the middle of it, and the screen went black, and i had to restart....i ran it again and it crashed. ran it a third time, and it has now worked.... i have attached the logs.
     

    Attached Files:

  7. Uh0h

    Uh0h Thread Starter

    Joined:
    Apr 19, 2010
    Messages:
    49
    wow, i dont know much, but that baliwefu.dll doesnt look fun.
     
  8. jmw3

    jmw3 Malware Specialist

    Joined:
    Jul 23, 2007
    Messages:
    1,460
    Hi

    A lot of work to do here.
    P2P Warning!
    IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

    LimeWire 5.1.4

    Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.
    P2P file sharing used to be fairly safe. That is no longer true. I'd like you to read the Perils of P2P File Sharing where we explain why it's not a good idea to have them.
    References for the risk of these programs can be found in these links: http://www.microsoft.com/windows/ie/community/columns/protection.mspx
    http://www.techweb.com/wire/160500554
    http://www.internetworldstats.com/articles/art053.htm
    See Clean/Infected P2P Programs here

    I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

    No Anti-virus
    Looking over your log, it seems you don't have any evidence of anti-virus software.
    Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories.
    We'll clean up a little first, then install an Anti-virus program.

    Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

    It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

    TFC (Temp File Cleaner)
    Download TFC (Temp File Cleaner) by Old Timer Here & save it to your desktop.
    • Save any unsaved work. TFC Cleaner will close all open application windows
    • Double-click TFC.exe to run the program, your desktop will temporarily disappear
    • If prompted, click Yes to reboot
    Note: Save your work.. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take any longer than a couple of minutes & may only take a few seconds. Only if needed will you be prompted to reboot.

    ComboFix
    Download ComboFix from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links):
    Link 1
    Link 2

    **IMPORTANT !!! Save ComboFix.exe to your Desktop**

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
      A guide to do this can be found here
    • Double click on ComboFix.exe & follow the prompts
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
    [​IMG]
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    [​IMG]

    • Click on Yes, to continue scanning for malware.
    • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
    A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
    ComboFix SHOULD NOT be used unless requested by a forum helper


    To post in next reply:
    ComboFix log
    Update on how the computer is running
     
  9. Uh0h

    Uh0h Thread Starter

    Joined:
    Apr 19, 2010
    Messages:
    49
    as of right now, i cant even access the internet from that computer...so im following instruction and transferring the downloads via my phone.... ill be back within 10 minutes with the combofix log after running the tfc.
     
  10. jmw3

    jmw3 Malware Specialist

    Joined:
    Jul 23, 2007
    Messages:
    1,460
    OK... no problem
     
  11. Uh0h

    Uh0h Thread Starter

    Joined:
    Apr 19, 2010
    Messages:
    49
    oh no.........sorry if the following does not make sense, i was typing it as it was happening...

    i had to restart after tfc, and upon start up it says

    mayopupo.dll
    module could not be found

    (or something along those lines)

    also, combofix restarted after running, and it took a long time to start up....it also gave me the black screen and said harware monitor found an error...i clicked f1 to continue, and it started...slowly....once my desktop started to appear it also said

    something about visual c++ runtime error...caused something to terminate in an unusual way...i said ok and it was fine.

    it also had a rundll error loading sorusodi.dll
    as well as the mayopup.dll


    i dont know if any of this matters.


    also, after combofix restart, all of my quick launch icons were gone, and none of my programs that load upon start up loaded. also, browsers wouldnt even open. though i will find them in the processes, they will not appear on my screen. also, things were minimizing just above the bar at teh bottom, rather than IN it......SO, i had to restart again....and it kept getting stuck at the saving yoru settings screen...so i was forced to push the reset button....NOW after start up, i have no bar at the bottom whatsoever...i am still able to click on icons and what not...and now i also cannot get my pc to recognize my phone as connecting, so now i cant get the combofix log to you!
     
  12. Uh0h

    Uh0h Thread Starter

    Joined:
    Apr 19, 2010
    Messages:
    49
    i cant get it to work (connecting my phone so i can get a log to you)...i will try and get a usb stick and see if that works, though i imagine i may encounter the same problem....if worst comes to worse, hopefully i will at least be able to use a re-writeable cd to transfer info.
     
  13. jmw3

    jmw3 Malware Specialist

    Joined:
    Jul 23, 2007
    Messages:
    1,460
    Hi

    This was a severely infected machine. Most of those

    This was going to be my next suggestion. Can you also reboot one more time & see what happens.

    These are malware files that have been removed & causing those errors
     
  14. Uh0h

    Uh0h Thread Starter

    Joined:
    Apr 19, 2010
    Messages:
    49
    rebooted again, and it took a very long time...upon shut down, it was slow also, and i had to end task for two programs manually before it let me restart, it also stalled at the "saving your settings" point by the way....so i had to reset using the button...

    upon reboot it sadi the visual c++ runtime library
    runtime error and its referencing roxio program

    also there is a message box from tivo desktop saying external error EEFACE

    ps those, as im sure you were able to figure out, are programs that load upon start up....

    and again, i do not have a bar at the bottom, though am still able to move about the computer...

    it still isnt recognizing my phone, nor a usb stick...though interesting, when i plug the usb stick in, there is a bubble at the bottom of the screen in the area it would be if i could see my bar....its as if the bar is out of range or something...though ive tried changing display settings and that didnt seem to do aything.....this may have to wait until tomorrow (central time US) when i can locate a rewriteable cd.....unless you have further suggestions
     
  15. jmw3

    jmw3 Malware Specialist

    Joined:
    Jul 23, 2007
    Messages:
    1,460
    What about Safe Mode? Can you boot to Safe Mode? You may be able to get the log from there
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/917945

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice