Jump to content

Can't run any antimalware apps

jt77474

By jt77474
in Resolved Malware Removal Logs

 Share

Recommended Posts

jt77474

jt77474

Posted
Posted

I have picked up something nasty this morning.

It created a load of exes in my users/app data/temp folder like a.exe, b.exe, msa.exe and some other weird things. I managed to disable some of the exes in the temp folder, but I still can't run ANY anti malware apps. They load up, but when I click scan they crash after 3 seconds.

I am running windows 7 RC 7100.

Hijackthis runs for a few seconds, then crashes, so no logs possible.

I'm concerned every key stroke is being logged and uploaded through a virus. Please advise on next steps. Thank you

Link to post
Share on other sites
jt77474

jt77474

Posted
  • Author
Posted

OK. No luck so far.

The process creeping me out is msa.exe

I used an old version of hijackthis, which was allowed. After cleaning suspect entries though I still can't use any modern spyware tools, they get shutdown after a few seconds by the virus. Renaming them does not help, I've tried.

I have already removed a few nasties, but still the problem persists so I'm at a loss. I really want to run mbam but can't. Any help appreciated.

Surprised there are so many reports of viruses shutting down anti-virus apps. How is this possible? Why hasn't microsoft fixed it?

Logfile of HijackThis v1.97.7

Scan saved at 17:16:13, on 01/10/2009

Platform: Unknown Windows (WinNT 6.01.3004)

MSIE: Internet Explorer v8.00 (8.00.7100.0000)

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\msa.exe

C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\Program Files\Xmarks\IE Extension\xmarkssync.exe

C:\Program Files\Core Temp.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Windows\system32\taskmgr.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Windows\system32\wuauclt.exe

C:\Users\JT\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\JT\AppData\Local\Google\Chrome\Application\chrome.exe

C:\PROGRA~1\WINZIP\winzip32.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\JT\AppData\Local\Temp\wzae57\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://owa.nottingham.ac.uk/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=snsproxy.nottingham.ac.uk:8080;http=snsproxy.nottingham.ac.uk:8080;https=sns

proxy.nottingham.ac.uk:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = owa.nottingham.ac.uk

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O4 - HKLM\..\Run: [btTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

O4 - HKLM\..\Run: [startupDelayer] "C:\Program Files\Startup Delayer\Startup Launcher GUI.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe

O4 - HKCU\..\Run: [Xmarks] C:\Program Files\Xmarks\IE Extension\xmarkssync.exe -q

O4 - HKCU\..\Run: [Core Temp] "C:\Program Files\Core Temp.exe"

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\ColorVisionStartup\ColorVisionStartup.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm

O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm

O9 - Extra 'Tools' menuitem: &Gears Settings (HKLM)

O9 - Extra button: Send to OneNote (HKLM)

O9 - Extra 'Tools' menuitem: S&end to OneNote (HKLM)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.snapmad.com/aurigma/ImageUploader4.cab

Link to post
Share on other sites
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.