Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

zeroaccess.rootkit


  • Please log in to reply
11 replies to this topic

#1 adivirgi

adivirgi

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 07 September 2011 - 06:55 PM

i have a virus on my computer that wont let me open the scanner and if i get it open by the alternate start up it stops it and closes it out. what do i do? ive tried everything. im about to just throw this laptop out the window.

BC AdBot (Login to Remove)

 


#2 ranget

ranget

  • Members
  • 250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:51 PM

Posted 07 September 2011 - 07:31 PM

How do you know it's zero access

anyway try running MalwareByte
Donwload Location

how to use MalwareByte

Edited by ranget, 07 September 2011 - 07:32 PM.

A big thanks to Dider Stevens

sorry for not being around

 


#3 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:51 PM

Posted 07 September 2011 - 09:22 PM

i have a virus on my computer that wont let me open the scanner

What scanner?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#4 adivirgi

adivirgi
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 07 September 2011 - 09:36 PM

i ran spynomore and thats what is coming up. i tried to manually delete it but theres a hidden file that i dont know how to find. i cant get superanti spyware to work, or malwarebytes' or even spybot search and destroy. i tried to download spyware doctor but the installation kept failing so it wont work. AVG keeps saying no components active so the scan wont run at all.

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:51 PM

Posted 07 September 2011 - 09:39 PM

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box into the main textfield:
    :filefind
    consrv.dll
    winsrv.dll
    :reg
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 adivirgi

adivirgi
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 07 September 2011 - 09:43 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 22:41 on 07/09/2011 by Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "consrv.dll"
No files found.

Searching for "winsrv.dll"
C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17514_none_b886008dfa974eb6\winsrv.dll --a---- 169472 bytes [18:04 21/06/2011] [12:21 20/11/2010] A9F564F254E9DDDE120A7135767EC24B
C:\Windows\System32\winsrv.dll --a---- 169984 bytes [14:53 11/08/2011] [04:37 16/07/2011] 008F51AE989C3DF1CBAF8B39DC423CCC
C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.16385_none_b654ecc5fda8cb1c\winsrv.dll --a---- 169472 bytes [23:25 13/07/2009] [01:16 14/07/2009] 827E4F75901CA3F990B1487D3301841E
C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.16816_none_b6a1a601fd6f129f\winsrv.dll --a---- 169984 bytes [18:53 19/07/2011] [06:35 14/05/2011] 955CDF38E16B659DD7E1DF48C75E962C
C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.16823_none_b693d537fd79e28b\winsrv.dll --a---- 169984 bytes [18:53 19/07/2011] [05:59 02/06/2011] 5D64830655890B64D717392CFE4CEDA7
C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.16850_none_b6706495fd94ea59\winsrv.dll --a---- 169984 bytes [14:53 11/08/2011] [04:37 16/07/2011] 008F51AE989C3DF1CBAF8B39DC423CCC
C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.20978_none_b6ec63d916bb8cbd\winsrv.dll --a---- 169984 bytes [18:53 19/07/2011] [06:04 03/06/2011] 69DE8C799BA07A0EF6B834F76B4C0711
C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.20995_none_b6d3c32316ce789a\winsrv.dll --a---- 169984 bytes [14:54 11/08/2011] [04:31 24/06/2011] BA5584A89EEB75FC2942CFD7C90766F7
C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17617_none_b8890351fa9497e2\winsrv.dll --a---- 169984 bytes [18:53 19/07/2011] [06:30 14/05/2011] BA64A75A87C78D60D2A5919F5FB6A90A
C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17625_none_b87c32d1fa9e8125\winsrv.dll --a---- 169984 bytes [18:53 19/07/2011] [06:01 03/06/2011] EFCAEF8437ED81CE4AEF7465011D090C
C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17641_none_b86291d1fab253ab\winsrv.dll --a---- 169984 bytes [14:53 11/08/2011] [04:27 24/06/2011] 183B4188D5D91B271613EC3EFD1B3CEF
C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.21728_none_b908d07b13b96cf4\winsrv.dll --a---- 169984 bytes [18:53 19/07/2011] [07:43 14/05/2011] C47DE705BE85D4E6D7FC24E8F86B3612
C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.21738_none_b8fe008f13c188e5\winsrv.dll --a---- 169984 bytes [18:53 19/07/2011] [07:19 03/06/2011] 83873E04B9C4192C7CC06C2BBAD6B85D
C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.21756_none_b8e6602313d38e19\winsrv.dll --a---- 169984 bytes [14:54 11/08/2011] [06:05 24/06/2011] AB00D1D5B8C4D59D641A626240E90589

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"Debug"=""
@="mnmsrvc"
"Kmode"="\SystemRoot\System32\win32k.sys"
"Optional"="Posix"
"Posix"="%SystemRoot%\system32\psxss.exe"
"Required"="Debug Windows"
"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\CSRSS]
"CsrSrvSharedSectionBase"= 0x007f6f0000 (2137980928)


-= EOF =-

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:51 PM

Posted 07 September 2011 - 09:45 PM

It doesn't look like ZeroAccess rootkit.

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#8 adivirgi

adivirgi
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 07 September 2011 - 10:09 PM

http://i108.photobucket.com/albums/n31/xoxrageandloveox/s.png <---SpyNoMore Scan

http://i108.photobucket.com/albums/n31/xoxrageandloveox/problemwithmini.png <---Message that came up during mini

http://i108.photobucket.com/albums/n31/xoxrageandloveox/gmerproblem.png <---- I can't open GMER (this message also comes up for Malwarebytes' , Superanti Spyware, And Spybot Search and Destroy.)

MiniToolBox by Farbar
Ran by Owner (administrator) on 07-09-2011 at 23:08:20
Windows 7 Professional (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.no_proxies_on", "*.local"
"network.proxy.type", 0
========================= Hosts content: =================================



========================= IP Configuration: ================================The following helper DLL cannot be loaded: WSHELPER.DLL.


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Owner-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection
Physical Address. . . . . . . . . : 00-18-DE-07-05-89
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7d85:65fa:10b0:6581%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, September 07, 2011 10:59:58 PM
Lease Expires . . . . . . . . . . : Wednesday, September 14, 2011 10:59:59 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 234887390
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-49-92-04-00-A0-D1-52-A6-86
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{689C297E-CA2E-4CA2-8AA5-DC3155F6AA38}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:181f:f0bc:b80a:26bd(Preferred)
Link-local IPv6 Address . . . . . : fe80::181f:f0bc:b80a:26bd%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Pinging google.com [74.125.115.104] with 32 bytes of data:
Reply from 74.125.115.104: bytes=32 time=27ms TTL=53
Reply from 74.125.115.104: bytes=32 time=27ms TTL=53

Ping statistics for 74.125.115.104:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 27ms, Maximum = 27ms, Average = 27ms

Pinging yahoo.com [69.147.125.65] with 32 bytes of data:
Reply from 69.147.125.65: bytes=32 time=16ms TTL=54
Reply from 69.147.125.65: bytes=32 time=16ms TTL=54

Ping statistics for 69.147.125.65:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 16ms, Maximum = 16ms, Average = 16ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=10ms TTL=128
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 10ms, Average = 6ms
===========================================================================
Interface List
13...00 18 de 07 05 89 ......Intel® PRO/Wireless 3945ABG Network Connection
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.101 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.101 281
192.168.0.101 255.255.255.255 On-link 192.168.0.101 281
192.168.0.255 255.255.255.255 On-link 192.168.0.101 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.101 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.101 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:4137:9e76:181f:f0bc:b80a:26bd/128
On-link
13 281 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::181f:f0bc:b80a:26bd/128
On-link
13 281 fe80::7d85:65fa:10b0:6581/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
13 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/07/2011 08:07:53 PM) (Source: Application Error) (User: )
Description: Faulting application name: mscorsvw.exe, version: 4.0.30319.1, time stamp: 0x4ba1da21
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x10012815
Faulting process id: 0xdc4
Faulting application start time: 0xmscorsvw.exe0
Faulting application path: mscorsvw.exe1
Faulting module path: mscorsvw.exe2
Report Id: mscorsvw.exe3

Error: (09/07/2011 08:06:09 PM) (Source: Application Error) (User: )
Description: Faulting application name: iPodService.exe, version: 10.2.1.1, time stamp: 0x4d755cd0
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0043879e
Faulting process id: 0xed0
Faulting application start time: 0xiPodService.exe0
Faulting application path: iPodService.exe1
Faulting module path: iPodService.exe2
Report Id: iPodService.exe3

Error: (09/07/2011 08:05:51 PM) (Source: Application Error) (User: )
Description: Faulting application name: WLIDSVC.EXE, version: 7.250.4225.0, time stamp: 0x4c991cfd
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00492e60
Faulting process id: 0x4f4
Faulting application start time: 0xWLIDSVC.EXE0
Faulting application path: WLIDSVC.EXE1
Faulting module path: WLIDSVC.EXE2
Report Id: WLIDSVC.EXE3

Error: (09/07/2011 08:05:35 PM) (Source: Application Error) (User: )
Description: Faulting application name: mDNSResponder.exe, version: 2.0.4.0, time stamp: 0x4cae1be1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x004325c8
Faulting process id: 0x668
Faulting application start time: 0xmDNSResponder.exe0
Faulting application path: mDNSResponder.exe1
Faulting module path: mDNSResponder.exe2
Report Id: mDNSResponder.exe3

Error: (09/07/2011 08:05:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: AppleMobileDeviceService.exe, version: 17.66.0.47, time stamp: 0x4d4d9ef9
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00403d54
Faulting process id: 0x4e8
Faulting application start time: 0xAppleMobileDeviceService.exe0
Faulting application path: AppleMobileDeviceService.exe1
Faulting module path: AppleMobileDeviceService.exe2
Report Id: AppleMobileDeviceService.exe3

Error: (09/07/2011 08:05:03 PM) (Source: Application Error) (User: )
Description: Faulting application name: SASCORE.EXE, version: 1.0.0.1066, time stamp: 0x4e441778
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x004096da
Faulting process id: 0x638
Faulting application start time: 0xSASCORE.EXE0
Faulting application path: SASCORE.EXE1
Faulting module path: SASCORE.EXE2
Report Id: SASCORE.EXE3

Error: (09/07/2011 07:25:25 PM) (Source: Application Error) (User: )
Description: Faulting application name: iPodService.exe, version: 10.2.1.1, time stamp: 0x4d755cd0
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0043879e
Faulting process id: 0xd78
Faulting application start time: 0xiPodService.exe0
Faulting application path: iPodService.exe1
Faulting module path: iPodService.exe2
Report Id: iPodService.exe3

Error: (09/07/2011 07:10:54 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (09/07/2011 07:10:48 PM) (Source: Application Error) (User: )
Description: Faulting application name: mscorsvw.exe, version: 4.0.30319.1, time stamp: 0x4ba1da21
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x10012815
Faulting process id: 0xe44
Faulting application start time: 0xmscorsvw.exe0
Faulting application path: mscorsvw.exe1
Faulting module path: mscorsvw.exe2
Report Id: mscorsvw.exe3

Error: (09/07/2011 07:08:21 PM) (Source: Application Error) (User: )
Description: Faulting application name: iPodService.exe, version: 10.2.1.1, time stamp: 0x4d755cd0
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0043879e
Faulting process id: 0xdc4
Faulting application start time: 0xiPodService.exe0
Faulting application path: iPodService.exe1
Faulting module path: iPodService.exe2
Report Id: iPodService.exe3


System errors:
=============
Error: (09/07/2011 11:08:32 PM) (Source: Service Control Manager) (User: )
Description: The PC Tools Security Service service failed to start due to the following error:
%%5

Error: (09/07/2011 11:08:27 PM) (Source: Service Control Manager) (User: )
Description: The PC Tools Security Service service failed to start due to the following error:
%%5

Error: (09/07/2011 11:08:22 PM) (Source: Service Control Manager) (User: )
Description: The PC Tools Security Service service failed to start due to the following error:
%%5

Error: (09/07/2011 11:08:17 PM) (Source: Service Control Manager) (User: )
Description: The PC Tools Security Service service failed to start due to the following error:
%%5

Error: (09/07/2011 11:08:12 PM) (Source: Service Control Manager) (User: )
Description: The PC Tools Security Service service failed to start due to the following error:
%%5

Error: (09/07/2011 11:08:07 PM) (Source: Service Control Manager) (User: )
Description: The PC Tools Security Service service failed to start due to the following error:
%%5

Error: (09/07/2011 11:08:02 PM) (Source: Service Control Manager) (User: )
Description: The PC Tools Security Service service failed to start due to the following error:
%%5

Error: (09/07/2011 11:07:57 PM) (Source: Service Control Manager) (User: )
Description: The PC Tools Security Service service failed to start due to the following error:
%%5

Error: (09/07/2011 11:07:52 PM) (Source: Service Control Manager) (User: )
Description: The PC Tools Security Service service failed to start due to the following error:
%%5

Error: (09/07/2011 11:07:47 PM) (Source: Service Control Manager) (User: )
Description: The PC Tools Security Service service failed to start due to the following error:
%%5


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

7-Zip 4.65
Adobe Flash Player 10 ActiveX (Version: 10.1.82.76)
Adobe Flash Player 10 Plugin (Version: 10.3.181.34)
Adobe Reader 9.4.3 (Version: 9.4.3)
Adobe Shockwave Player 11.5 (Version: 11.5.8.612)
Apple Application Support (Version: 1.5.0)
Apple Mobile Device Support (Version: 3.4.0.25)
Apple Software Update (Version: 2.1.2.120)
AVG 2011 (Version: 10.0.1392)
AVG 2011 (Version: 10.0.1520)
Bonjour (Version: 2.0.4.0)
Browser Defender 3.0 (Version: 3.0.0.313)
D3DX10 (Version: 15.4.2368.0902)
Google Earth Plug-in (Version: 6.0.3.2197)
Google Update Helper (Version: 1.3.21.67)
Info Center 1.0.0.6 (Version: 1.0.0.6)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1930)
iTunes (Version: 10.2.1.1)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 22 (Version: 6.0.220)
Junk Mail filter update (Version: 15.4.3502.0922)
K-Lite Mega Codec Pack 6.4.0 (Version: 6.4.0)
Malwarebytes' Anti-Malware version 1.51.1.1800 (Version: 1.51.1.1800)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MobileMe Control Panel (Version: 3.1.5.0)
Mozilla Firefox (3.6.22) (Version: 3.6.22 (en-US))
MSVCRT (Version: 15.4.2862.0708)
PC Tools Registry Tool (Version: 1.0.0.14)
QuickTime (Version: 7.69.80.9)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE 10.3 (Version: 10.3)
Roxio Creator DE 10.3 (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio Update Manager (Version: 6.0.0)
Spybot - Search & Destroy (Version: 1.6.2)
SpyNoMore 2.98 (Version: 2.98)
Spyware Doctor 8.0 (Version: 8.0)
SUPERAntiSpyware (Version: 5.0.1118)
Synaptics Pointing Device Driver (Version: 11.2.4.0)
The Sims™ Pet Stories
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)

========================= Memory info: ===================================

Percentage of memory in use: 89%
Total physical RAM: 1014.05 MB
Available physical RAM: 104.68 MB
Total Pagefile: 2038.05 MB
Available Pagefile: 656.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.09 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:111.69 GB) (Free:85.19 GB) NTFS

========================= Users: ========================================

User accounts for \\OWNER-PC

Administrator Guest Owner


**** End of log ****



Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG 2011
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 22
Adobe Flash Player 10.3.181.34
Adobe Reader 9.4.3
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:51 PM

Posted 07 September 2011 - 10:32 PM

Download and run exeHelper.

  • Please download exeHelper from Raktor to your desktop.
  • Double-click on exeHelper.com to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • A log file named log.txt will be created in the directory where you ran exeHelper.com
  • Attach the log.txt file to your next message.

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Try GMER again.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 adivirgi

adivirgi
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 07 September 2011 - 10:41 PM

exeHelper by Raktor
Build 20100414
Run at 23:39:27 on 09/07/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

and im still getting that message for GMER.

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:51 PM

Posted 07 September 2011 - 11:34 PM

With the information you have provided I believe you will need help from the malware removal team.
Please make sure that you read the information about getting started first.
Then start a new thread HERE and include or required logs.
Including a link to this thread will be helpful.

Good luck and be patient. Help is on the way!

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,852 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:51 AM

Posted 08 September 2011 - 01:09 PM

Hello,

I've deleted your new topic because it didn't even contain a description of your computer issues. I see that you missed some of Broni's instructions above, so to restate in a different way:

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them and include a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users