I need help obviously. I found msa.exe in my laptop. I stopped the process and deleted the file. I cleaned out every temp file, all cookies, everything I could possible imagine including the registry. I still can not get any of my scans to work. AVG, Spybot, Adware, HJT, Malwarebyte, Spyware Terminator, nothing will run. I even tried to run the WIN k32 Diag and it is getting hung up without completing. I know this happened on 9-27 some popup from IE came up and I use Firefox. I deleted all those files. I just do not know where to go from here. My husband and I are both students trying to get our school work done and this is being really bothersome since it is slowing the computer way down and I can not download anything to the desktop not even a .ppt file.

Hello

Welcome to Safer Networking.

Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.



Please download RootRepeal one of these locations and save it to your desktop
Here (http://ad13.geekstogo.com/RootRepeal.exe)
Here (http://download.bleepingcomputer.com/rootrepeal/RootRepeal.exe)
Here (http://rootrepeal.psikotick.com/RootRepeal.exe)

Open http://billy-oneal.com/forums/rootRepeal/rootRepealDesktopIcon.png on your desktop.
Click the http://billy-oneal.com/forums/rootRepeal/reportTab.png tab.
Click the http://billy-oneal.com/forums/rootRepeal/btnScan.png button.
Check just these boxes:
http://forums.whatthetech.com/uploads/monthly_08_2009/post-75503-1250480183.gif
Push Ok
Check the box for your main system drive (Usually C:, and press Ok.
Allow RootRepeal to run a scan of your system. This may take some time.
Once the scan completes, push the http://billy-oneal.com/forums/rootRepeal/saveReport.png button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your post.

I can not download anything to my desktop.

Hi,

Download RootRepeal to a known clean computer and burn it to a CD (not a usb drive ) then transfer it to the infected one , run it and post the log please.

Hello,
Downloaded Root Repeal on cd from clean computer but it did not go well when I tried to run the report.

first error message from root repeal:
FOPS - DeviceIoControl Error! Error Console = 0xc0000024 Extended Info (0x0000014)

closed out that error message and tried to run report as instructed

second error message from root repeal:
Error dumping SSDT (0xc0000024)!

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/10/12 23:23
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP0
==================================================

SSDT
-------------------
SYSENTER/INT2E Hooked [0x81c45f50]!

==EOF==

Hi,

Do you have Vista or XP ? You said something about cleaning out the registry, lets hope you did not damage it.

You can burn these to a CD also. Then place Inherit on your desktop along with this other scanner, what you need to do is drag and drop the programs into Inherit for them to run.

Download Inherit (http://download.bleepingcomputer.com/sUBs/MiniFixes/Inherit.exe) and save it to your desk top
Drag each of the exe files that you are unable to run into Inherit.exe (must be the exe - not the shortcut)
Then wait for it to say "OK"

Try Rootrepeal again and if no luck than try this one.

http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif
Download GMER Rootkit Scanner from here (http://www.gmer.net/gmer.zip) or here (http://www.majorgeeks.com/download.php?det=5198).

Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

http://i266.photobucket.com/albums/ii277/sUBs_/th_Gmer_initScan.gif (http://i266.photobucket.com/albums/ii277/sUBs_/Gmer_initScan.gif)
Click the image to enlarge it

In the right panel, you will see several boxes that have been checked. Uncheck the following ...
Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.

Save it where you can easily find it, such as your desktop, and post it in your next reply.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Hello,
I tried to get something working but Root Repeal would not work. GMER would not run because of permissions and I could not get GMER into Inherit. So I installed a complete backup I had of my computer from last winter. It worked and everything is working perfectly now. Spybot, Adware, AVG & Windows Defender ran last night (which I could not run before) and did NOT find anything. By the way, I have Vista which I deplore. Would you like me to send any scans cause GMER works now but Root Repeal still does not work???

Thank you so much for your assistance!

Hi,

Great, glad your up and running again. Why don't you run GMER and post the log, and also run this program

Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Due to inactivity, this thread will now be closed.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new HijackThis log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.