Windows Logonui.exe error message

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by unionbank, Jul 3, 2009.

  1. unionbank

    unionbank Private E-2

    Hi

    Every time i boot up the computer i get first this error message: "logonui.exe - Application Error:

    The instruction at '0x0037149c' referenced memory at '0x0113a170'. The memory could not be 'read'.".

    The error dialog box gives me the options 'OK' to terminate and 'Cancel to debug.

    I scanned with Ad-aware and i get these same virus files(.dll) everytime
    and keeps recurring no matter how matter times i remove it. and i dont know how to get rid of it..


    Also there is this wmiprvse.exe error that says something along the lines of

    " data execution prevention..." it basically says windows is closing this program .... and gives me the option of "close message" and hence i cant run any programs.

    please help thanks :)
     
    unionbank, Jul 3, 2009
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Some of these are most likely not malware problems and as such, I was going to move your thread to the Software Forum. However, you said you were also having DLLs being detected that are not being removed by Ad-Aware (not surprising that it did not remove them) so let's see if you really have malware problems.

    Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.
    • If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First. If TDSSserv is not found, just continue on with the READ & RUN ME.
    READ & RUN ME FIRST. Malware Removal Guide
    • If something does not run, write down the info to explain to us later but keep on going.
    • Do not assume that because one step does not work that they all will not.

    • After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
    Helpful Notes:

    1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
    2. If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
    3. If you cannot seem to login to an infected user account, try using a different user account (if you have one) in either normal or safe boot mode and running only SUPERAntiSpyware and Malwarebytes while logged into this other user account. Then reboot and see if you can log into the problem user account. If you can then run SUPERAntiSpyware, Malwarebytes, ComboFix and MGtools on the infected account as requested in the instructions.
    4. To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:
    Any additional post is a bump which will add more delay. Once you ​
     
    chaslang, Jul 5, 2009
    #2
  3. unionbank

    unionbank Private E-2

    Hi

    I've tried the read and run me malware removal guide

    Superantispyware detected this siemens32.dll ( Spyware.PWS-Rmn.BHO )

    but every time i reboot the computer the .dll file keeps reappearing with either siemens32.dll or skrb32.dll when i hover my cursor over the file it will say company: Gutman

    I've tried it in safe mode but detects nothing.

    Malwarebytes and combo, i have all tried, they seem to detect the virus but it is

    recurring no matter how many times i remove it

    I made a bad decision and reformatted c:drive but the virus is still here, which must of came from a backup or some sort

    Also the malware seems to keep redirecting the webpages i visit to places like myspace

    anyways here are the logs.
     

    Attached Files:

    unionbank, Jul 5, 2009
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You need to attach the requested log from ComboFix. Also you will need to shutdown your antivirus program and run MGtools.exe again since your log is too incomplete to help us. You antivirus program is most likely having false detection issues.

    In addition your MBAM log shows you did not update it and you took no action. You must make sure you update and also fix the problems before saving a log. I suggest that you run it again to make sure the items were actually fixed.

    You said you formatted drive C. Are you saying you did this after getting the logs? If so, none of your logs are of any use to us anymore and you will have to start over again and attach all new logs. As stated in the READ & RUN ME, you should only be doing what we ask you to do once you start this process.
     
    Last edited: Jul 7, 2009
    chaslang, Jul 7, 2009
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds