Home > General > Probablezeroaccess

Probablezeroaccess

Generated Thu, 26 Jan 2017 02:39:40 GMT by s_hp87 (squid/3.5.23) ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://0.0.0.9/ Connection As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged Your cache administrator is webmaster. or read our Welcome Guide to learn how to use this site.

Scan finished ======================================= I'm going to put the mbar logs in the reply below this one. The system returned: (22) Invalid argument The remote host or network may be down. The system returned: (22) Invalid argument The remote host or network may be down. R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2/24/2008 8:53 PM 141312] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [11/17/2012 11:55 AM 399432] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/17/2012 11:55 AM 676936] R2 TegSrv;TegSrv;c:\program files\Tegrity\Recorder\TegSrv.exe [7/30/2012 5:06 AM http://www.bleepingcomputer.com/forums/t/475989/probablezeroaccess/

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-11-20 22:21 Windows 5.1.2600 Service Pack 3 NTFS . Scan finished Creating System Restore point... Using the site is easy and fun. The system returned: (22) Invalid argument The remote host or network may be down.

  • Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015 Back to top #8 ixrayu ixrayu Topic Starter Members 13 posts OFFLINE Local time:09:39 PM Posted 22 November 2012 - 07:17
  • C:\BA.tmp C:\BB.tmp C:\BD.tmp C:\BE.tmp c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\Gary and Sherry\Local Settings\Application Data\assembly\tmp c:\documents and settings\Gary and Sherry\Local Settings\Application Data\WideSearch c:\documents and settings\Gary and Sherry\WINDOWS c:\program files\filesubmit c:\windows\Downloaded
  • Done!
  • Scanning directory: C:\WINDOWS\system32\drivers... <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff82f94ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff82fe3958, DeviceName: Unknown, DriverName: \Driver\PartMgr\

scanning hidden autostart entries ... . Your cache administrator is webmaster. Partition starts at LBA: 80325 Numsec = 110543265 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Completion time: 2012-11-20 22:27:41 ComboFix-quarantined-files.txt 2012-11-21 03:27 ComboFix2.txt 2007-12-01 13:59 .

Generated Thu, 26 Jan 2017 02:39:40 GMT by s_hp87 (squid/3.5.23) ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://0.0.0.7/ Connection Do not mouse-click Combofix's window while it is running. System shutdown occured ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 File system BleepingComputer is being sued by Enigma Software because of a negative post of SpyHunter.

The system returned: (22) Invalid argument The remote host or network may be down. He thinks I may have a rootkit. Inspecting partition table: MBR Signature: 55AA Disk Signature: D0F4738C Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. If we have ever helped you in the past, please consider helping us.

Boopme was helping me in the do i have an infection topic and states I need to post over here. Partition starts at LBA: 110623590 Numsec = 39005820 Partition 3 type is Other (0xdb) Partition is NOT ACTIVE. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal Seems to be faster than it was!

My computer had gotten extremely slow and I was getting messages from Malwarebytes that it blocked access to a potentially malicious website type: outgoing. That may cause it to stall.2. Sherry Attached Files attach.txt 24.05KB 1 downloads dds.txt 19.29KB 1 downloads Back to top BC AdBot (Login to Remove) BleepingComputer.com Register to remove ads #2 CatByte CatByte bleepin' tiger Malware Your cache administrator is webmaster.

Done! Deleted ! Please try the request again. Generated Thu, 26 Jan 2017 02:39:40 GMT by s_hp87 (squid/3.5.23) ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://0.0.0.4/ Connection

Generated Thu, 26 Jan 2017 02:39:40 GMT by s_hp87 (squid/3.5.23) ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://0.0.0.8/ Connection Pre-Run: 19,369,185,280 bytes free Post-Run: 22,704,422,912 bytes free . Your cache administrator is webmaster.

Please re-enable javascript to access full functionality.

Partition starts at LBA: 110623590 Numsec = 39005820 Partition 3 type is Other (0xdb) Partition is NOT ACTIVE. Done! Please try the request again. Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) Notify-WgaLogon - (no file) SafeBoot-26568088.sys AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb . . . ************************************************************************** .

Partition starts at LBA: 149629410 Numsec = 6602715 Disk Size: 80000000000 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-156230000-156250000)... Performing system, memory and registry scan... Your cache administrator is webmaster. Deleted : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AV[...] Deleted : user_pref("browser.bdtoolbar.orig_keyword_url", "hxxp://www.crawler.com/search/dispatcher.aspx?tp=au[...] Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search"); Deleted : user_pref("browser.search.order.1", "Crawler Search"); Deleted : user_pref("extensions.BabylonToolbar.admin", false); Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015 Back to top #3 ixrayu ixrayu Topic Starter Members 13 posts OFFLINE Local time:09:39 PM Posted 21 November 2012 - 01:34 scanning hidden files ... . Please try the request again. The system returned: (22) Invalid argument The remote host or network may be down.

Back to top #9 CatByte CatByte bleepin' tiger Malware Response Team 14,664 posts OFFLINE Gender:Not Telling Location:Canada Local time:09:39 PM Posted 22 November 2012 - 07:23 PM We just have Please include the C:\ComboFix.txt in your next reply.Notes:1. Do not "re-run" Combofix. scanning hidden processes ... .

Partition starts at LBA: 80325 Numsec = 110543265 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE.