Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Removal Help!


  • This topic is locked This topic is locked
2 replies to this topic

#1 airportsaresuper

airportsaresuper

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 13 May 2008 - 07:51 PM

I have tried running vundofix, smitRem, smitFraudFix, virtuMunduBeGone.

Everytime that I run Ad-Aware my system crashes and I recieve a physical memory dump blue screen of death.

I've managed to stop all of the pop-ups, however, my background image is still not showing up. I assume that this is still related to the spyware which I had/have on my computer. All that shows up is the little square with the circle, triangle and square in it that normally is displayed when an image won't load on the internet. I believe I had a version of winfixer AND spyAxe on my computer. So far so good on the pop-ups though. I think I've managed to kill that all together. But who knows...

Any Ideas??? Your help would be greatly appreciated!

Thanks,
Nick




Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ADTRAN\NetVanta VPN Client\IreIKE.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\idr3hlpr.exe
C:\Program Files\ADTRAN\NetVanta VPN Client\IPSecMon.exe
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Dad\cftmon.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe
C:\Program Files\Mozilla Firefox\firefox.exe

O2 - BHO: (no name) - {5c789dd1-8bb4-4a2e-9015-d92b20d4959a} - C:\WINDOWS\system32\qoMggdaX.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Owner\cftmon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Owner\cftmon.exe
O4 - HKUS\.DEFAULT\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'Default user')
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NFS Client (InterDrive NT) Helper (InterDrive) - FTP Software, Inc. - C:\WINDOWS\System32\idr3hlpr.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\ADTRAN\NetVanta VPN Client\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - C:\Program Files\ADTRAN\NetVanta VPN Client\IreIKE.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe

--
End of file - 2566 bytes

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:58 AM

Posted 13 May 2008 - 08:47 PM

Hello airportsaresuper,

Welcome to Bleeping Computer :thumbsup:

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log(Including the header, please).

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:58 AM

Posted 23 May 2008 - 07:57 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users