Home > General > Probablezeroaccess

Probablezeroaccess

BLEEPINGCOMPUTER NEEDS YOUR HELP! Done! Sherry Attached Files attach.txt 24.05KB 1 downloads dds.txt 19.29KB 1 downloads Back to top BC AdBot (Login to Remove) BleepingComputer.com Register to remove ads #2 CatByte CatByte bleepin' tiger Malware The Combofix log had a message that stated the computer had the zeroaccess rootkit, the Malware rootkit program foudn things the first time and the second time had a clean scan.

The system returned: (22) Invalid argument The remote host or network may be down. Generated Thu, 26 Jan 2017 02:39:40 GMT by s_hp87 (squid/3.5.23) ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://0.0.0.9/ Connection scanning hidden processes ... . Scanning directory: C:\WINDOWS\system32\drivers... <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff82f94ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff82fe3958, DeviceName: Unknown, DriverName: \Driver\PartMgr\ this contact form

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2/24/2008 8:53 PM 141312] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [11/17/2012 11:55 AM 399432] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/17/2012 11:55 AM 676936] R2 TegSrv;TegSrv;c:\program files\Tegrity\Recorder\TegSrv.exe [7/30/2012 5:06 AM Done! Partition starts at LBA: 110623590 Numsec = 39005820 Partition 3 type is Other (0xdb) Partition is NOT ACTIVE. Generated Thu, 26 Jan 2017 02:39:40 GMT by s_hp87 (squid/3.5.23) ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://0.0.0.8/ Connection

scanning hidden files ... . The system returned: (22) Invalid argument The remote host or network may be down. or read our Welcome Guide to learn how to use this site. The system returned: (22) Invalid argument The remote host or network may be down.

Partition starts at LBA: 149629410 Numsec = 6602715 Disk Size: 80000000000 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-156230000-156250000)... Your cache administrator is webmaster. c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [N/A] HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [N/A] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk If you accept cookies from this site, you will only be shown this dialog once!You can press escape or click on the X to close this box.

Generated Thu, 26 Jan 2017 02:39:40 GMT by s_hp87 (squid/3.5.23) ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://0.0.0.10/ Connection Partition starts at LBA: 63 Numsec = 80262 Partition 1 type is Primary (0x7) Partition is ACTIVE. Your cache administrator is webmaster. Partition starts at LBA: 80325 Numsec = 110543265 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE.

  1. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal
  2. Back to top #7 CatByte CatByte bleepin' tiger Malware Response Team 14,664 posts OFFLINE Gender:Not Telling Location:Canada Local time:09:39 PM Posted 22 November 2012 - 06:48 PM How is the
  3. Your cache administrator is webmaster.
  4. Your cache administrator is webmaster.
  5. Generated Thu, 26 Jan 2017 02:39:40 GMT by s_hp87 (squid/3.5.23) ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://0.0.0.5/ Connection
  6. Scheduling clean up... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Removal scheduling
  7. Several functions may not work.

Please include the C:\ComboFix.txt in your next reply.Notes:1. Scan finished ======================================= I'm going to put the mbar logs in the reply below this one. The system returned: (22) Invalid argument The remote host or network may be down. Your cache administrator is webmaster.

Your cache administrator is webmaster. Partition starts at LBA: 149629410 Numsec = 6602715 Disk Size: 80000000000 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-156230000-156250000)... A case like this could easily cost hundreds of thousands of dollars. Back to top #5 CatByte CatByte bleepin' tiger Malware Response Team 14,664 posts OFFLINE Gender:Not Telling Location:Canada Local time:09:39 PM Posted 21 November 2012 - 06:57 PM yes,I'll be giving

Combofix: ComboFix 12-11-20.02 - Gary and Sherry 11/20/2012 22:01:50.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.135 [GMT -5:00] Running from: c:\documents and settings\Gary and Sherry\My Documents\Downloads\ComboFix.exe FW: AVG Firewall *Disabled* The system returned: (22) Invalid argument The remote host or network may be down. That may cause it to stall.2. Deleted : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AV[...] Deleted : user_pref("browser.bdtoolbar.orig_keyword_url", "hxxp://www.crawler.com/search/dispatcher.aspx?tp=au[...] Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search"); Deleted : user_pref("browser.search.order.1", "Crawler Search"); Deleted : user_pref("extensions.BabylonToolbar.admin", false); Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");

Contents of the 'Scheduled Tasks' folder . 2012-11-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 22:47] . 2012-11-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57] . 2011-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program Boopme was helping me in the do i have an infection topic and states I need to post over here. Please try the request again.

Completion time: 2012-11-20 22:27:41 ComboFix-quarantined-files.txt 2012-11-21 03:27 ComboFix2.txt 2007-12-01 13:59 .

Seems to be faster than it was! Jump to content Sign In Create Account Search Advanced Search section: This topic Forums Members Help Files Calendar View New Content Forum Rules BleepingComputer.com Forums Members Tutorials Startup List Please try the request again. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see

System shutdown needed. Pre-Run: 19,369,185,280 bytes free Post-Run: 22,704,422,912 bytes free . Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. Back to top #9 CatByte CatByte bleepin' tiger Malware Response Team 14,664 posts OFFLINE Gender:Not Telling Location:Canada Local time:09:39 PM Posted 22 November 2012 - 07:23 PM We just have

Please try the request again. catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-11-20 22:21 Windows 5.1.2600 Service Pack 3 NTFS . Using the site is easy and fun. Performing system, memory and registry scan...

uStart Page = hxxp://www.yahoo.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000 IE: Inspecting partition table: MBR Signature: 55AA Disk Signature: D0F4738C Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. The system returned: (22) Invalid argument The remote host or network may be down.