windows security center popping up. browser not loading/crashing.

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Uh0h

Thread Starter
Joined
Apr 19, 2010
Messages
49
im getting windows security center popping up and running scans which i beleive are fake. this happens just about whenever i click something. im also not able to go into the security center and change anything/turn it off...also, a different firewall is saying the windows security center is trying to connect to a website that clearly doesnt have anything to do with microsoft.

also, firefox crashes upon loading (coinciding with the security center popping up. another browser opens but will not load any pages.

i am able to go into task manager and end the ave.exe process, and that kills the security center. though only to load up again upon clicking something.

here is the hjt log. (it may be an older HJT program, but i was not able to connect to the net on the infected computer, and that was the only HJT version i had on there.)

something certainly doesnt look right in here, but im not nearly experienced to know what, OR what to do about it. the help would be great. THANK YOU.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:17:24 PM, on 4/20/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\MICROS~4\Wcescomm.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 osguardpro.microsoft.com
O1 - Hosts: 91.212.127.226 os-guardpro.com
O1 - Hosts: 91.212.127.226 www.os-guardpro.com
O2 - BHO: (no name) - {587c59df-8f60-42f4-aaa5-cc9917f7913e} - voranizi.dll (file missing)
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll
O2 - BHO: BHO - {F5F14E7A-F59D-45a0-BDC5-A9F5454F0BCF} - C:\WINDOWS\system32\iehelper.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [system tool] C:\Program Files\mpsxdk\eyyrsysguard.exe
O4 - HKLM\..\Run: [parepedomi] Rundll32.exe "mayopupo.dll",s
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [jowoludop] Rundll32.exe "c:\windows\system32\yeruwuma.dll",a
O4 - HKCU\..\Run: [Send To Phone (myPhoneFiles.com)] C:\PROGRA~1\SIGI-M~1.COM\mpfexet
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\Wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\ADOBEU~1.EXE AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [system tool] C:\Program Files\mpsxdk\eyyrsysguard.exe
O4 - S-1-5-18 Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE (User 'Default user')
O4 - .DEFAULT Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE (User 'Default user')
O4 - .DEFAULT Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User 'Default user')
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {578FC4E3-151E-456c-AF8E-B63061EFE228}} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1230936484703
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1230936463812
O20 - AppInit_DLLs: baliwefu.dll c:\windows\system32\yeruwuma.dll
O21 - SSODL: zufodovuv - {1c5b2131-9df1-4f37-bf14-43ce7057ed35} - c:\windows\system32\yeruwuma.dll
O22 - SharedTaskScheduler: kupuhivus - {1c5b2131-9df1-4f37-bf14-43ce7057ed35} - c:\windows\system32\yeruwuma.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SystemSuite Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 10102 bytes
 

Uh0h

Thread Starter
Joined
Apr 19, 2010
Messages
49
its been about 2 days, i thought i would bump it...thanks in advance if i can get any help!
 

jmw3

Malware Specialist
Joined
Jul 23, 2007
Messages
1,460
Hello & Welcome to TechSupportGuy

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

In the meantime please note the following:
  • Any recommendations made are for your computer problems only and should NOT be used on any other computer.
  • Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
    1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
    2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
  • If you get stuck or are unsure of something please ask for a further explanation, do not guess.
  • It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.
Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Thanks

DDS
Download DDS.scr by sUBs from one of the following links & save it to your desktop.
Link 1
Link 2
  • Double-Click on dds.scr and a command window will appear. This is normal
  • Shortly after two logs will appear, DDS.txt & Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply
Gmer
Download GMER Rootkit Scanner from here & save it to your desktop.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO


    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Do not run any programs while Gmer is running.

NOTE: If you cannot run GMER as indicated above, save a scan from the initial startup scan.
  • Before scanning, make sure all other running programs are closed & no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan
  • Double click the gmer.exe file
  • The program will begin to run & perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No
  • After the "initial scan" is complete, click on the Save button, save the log file to your desktop & post it in your reply

To post in next reply:
Contents of DDS log
Contents of Attach.txt
Contents of Gmer log
 

Uh0h

Thread Starter
Joined
Apr 19, 2010
Messages
49
ahhh yes! thank you.

so i have done what you asked, though i will say, before i was able to do that, in the days prior, i had a restart, and that seemed to make things worse...there were more processes that were unfamiliar, and a different type of supposed antivirus pop up...

also,
i ran the dds fine, but when i did the gmer scan, something happened in the middle of it, and the screen went black, and i had to restart....i ran it again and it crashed. ran it a third time, and it has now worked.... i have attached the logs.
 

Attachments

Uh0h

Thread Starter
Joined
Apr 19, 2010
Messages
49
wow, i dont know much, but that baliwefu.dll doesnt look fun.
 

jmw3

Malware Specialist
Joined
Jul 23, 2007
Messages
1,460
Hi

A lot of work to do here.
P2P Warning!
IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

LimeWire 5.1.4

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.
P2P file sharing used to be fairly safe. That is no longer true. I'd like you to read the Perils of P2P File Sharing where we explain why it's not a good idea to have them.
References for the risk of these programs can be found in these links: http://www.microsoft.com/windows/ie/community/columns/protection.mspx
http://www.techweb.com/wire/160500554
http://www.internetworldstats.com/articles/art053.htm
See Clean/Infected P2P Programs here

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

No Anti-virus
Looking over your log, it seems you don't have any evidence of anti-virus software.
Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories.
We'll clean up a little first, then install an Anti-virus program.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

TFC (Temp File Cleaner)
Download TFC (Temp File Cleaner) by Old Timer Here & save it to your desktop.
  • Save any unsaved work. TFC Cleaner will close all open application windows
  • Double-click TFC.exe to run the program, your desktop will temporarily disappear
  • If prompted, click Yes to reboot
Note: Save your work.. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take any longer than a couple of minutes & may only take a few seconds. Only if needed will you be prompted to reboot.

ComboFix
Download ComboFix from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links):
Link 1
Link 2

**IMPORTANT !!! Save ComboFix.exe to your Desktop**

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    A guide to do this can be found here
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


To post in next reply:
ComboFix log
Update on how the computer is running
 

Uh0h

Thread Starter
Joined
Apr 19, 2010
Messages
49
as of right now, i cant even access the internet from that computer...so im following instruction and transferring the downloads via my phone.... ill be back within 10 minutes with the combofix log after running the tfc.
 

Uh0h

Thread Starter
Joined
Apr 19, 2010
Messages
49
oh no.........sorry if the following does not make sense, i was typing it as it was happening...

i had to restart after tfc, and upon start up it says

mayopupo.dll
module could not be found

(or something along those lines)

also, combofix restarted after running, and it took a long time to start up....it also gave me the black screen and said harware monitor found an error...i clicked f1 to continue, and it started...slowly....once my desktop started to appear it also said

something about visual c++ runtime error...caused something to terminate in an unusual way...i said ok and it was fine.

it also had a rundll error loading sorusodi.dll
as well as the mayopup.dll


i dont know if any of this matters.


also, after combofix restart, all of my quick launch icons were gone, and none of my programs that load upon start up loaded. also, browsers wouldnt even open. though i will find them in the processes, they will not appear on my screen. also, things were minimizing just above the bar at teh bottom, rather than IN it......SO, i had to restart again....and it kept getting stuck at the saving yoru settings screen...so i was forced to push the reset button....NOW after start up, i have no bar at the bottom whatsoever...i am still able to click on icons and what not...and now i also cannot get my pc to recognize my phone as connecting, so now i cant get the combofix log to you!
 

Uh0h

Thread Starter
Joined
Apr 19, 2010
Messages
49
i cant get it to work (connecting my phone so i can get a log to you)...i will try and get a usb stick and see if that works, though i imagine i may encounter the same problem....if worst comes to worse, hopefully i will at least be able to use a re-writeable cd to transfer info.
 

jmw3

Malware Specialist
Joined
Jul 23, 2007
Messages
1,460
Hi

This was a severely infected machine. Most of those

.i will try and get a usb stick and see if that works, though i imagine i may encounter the same problem....if worst comes to worse, hopefully i will at least be able to use a re-writeable cd to transfer info.
This was going to be my next suggestion. Can you also reboot one more time & see what happens.

mayopupo.dll
module could not be found

it also had a rundll error loading sorusodi.dll
as well as the mayopup.dll
These are malware files that have been removed & causing those errors
 

Uh0h

Thread Starter
Joined
Apr 19, 2010
Messages
49
rebooted again, and it took a very long time...upon shut down, it was slow also, and i had to end task for two programs manually before it let me restart, it also stalled at the "saving your settings" point by the way....so i had to reset using the button...

upon reboot it sadi the visual c++ runtime library
runtime error and its referencing roxio program

also there is a message box from tivo desktop saying external error EEFACE

ps those, as im sure you were able to figure out, are programs that load upon start up....

and again, i do not have a bar at the bottom, though am still able to move about the computer...

it still isnt recognizing my phone, nor a usb stick...though interesting, when i plug the usb stick in, there is a bubble at the bottom of the screen in the area it would be if i could see my bar....its as if the bar is out of range or something...though ive tried changing display settings and that didnt seem to do aything.....this may have to wait until tomorrow (central time US) when i can locate a rewriteable cd.....unless you have further suggestions
 

jmw3

Malware Specialist
Joined
Jul 23, 2007
Messages
1,460
What about Safe Mode? Can you boot to Safe Mode? You may be able to get the log from there
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top