Home > General > Probablezeroaccess

Probablezeroaccess

Your cache administrator is webmaster. My computer had gotten extremely slow and I was getting messages from Malwarebytes that it blocked access to a potentially malicious website type: outgoing. Scanning directory: C:\WINDOWS\system32\drivers... <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff82f94ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff82fe3958, DeviceName: Unknown, DriverName: \Driver\PartMgr\ Please re-enable javascript to access full functionality.

scanning hidden files ... . Back to top #9 CatByte CatByte bleepin' tiger Malware Response Team 14,664 posts OFFLINE Gender:Not Telling Location:Canada Local time:09:39 PM Posted 22 November 2012 - 07:23 PM We just have Scan finished Creating System Restore point... Your help is much appreciated! http://www.bleepingcomputer.com/forums/t/475989/probablezeroaccess/

Partition starts at LBA: 149629410 Numsec = 6602715 Disk Size: 80000000000 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-156230000-156250000)... Contents of the 'Scheduled Tasks' folder . 2012-11-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 22:47] . 2012-11-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57] . 2011-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program Using the site is easy and fun.

Please try the request again. Generated Thu, 26 Jan 2017 02:39:40 GMT by s_hp87 (squid/3.5.23) c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [N/A] HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [N/A] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk probablezeroaccess Started by ixrayu , Nov 20 2012 08:09 PM This topic is locked 11 replies to this topic #1 ixrayu ixrayu Members 13 posts OFFLINE Local time:09:39 PM Posted

If we have ever helped you in the past, please consider helping us. A case like this could easily cost hundreds of thousands of dollars. Partition starts at LBA: 110623590 Numsec = 39005820 Partition 3 type is Other (0xdb) Partition is NOT ACTIVE. Performing system, memory and registry scan...

Generated Thu, 26 Jan 2017 02:39:40 GMT by s_hp87 (squid/3.5.23) ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://0.0.0.9/ Connection Scanning directory: C:\WINDOWS\system32\drivers... <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff82f94ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff82fe3958, DeviceName: Unknown, DriverName: \Driver\PartMgr\ Back to top #5 CatByte CatByte bleepin' tiger Malware Response Team 14,664 posts OFFLINE Gender:Not Telling Location:Canada Local time:09:39 PM Posted 21 November 2012 - 06:57 PM yes,I'll be giving Your cache administrator is webmaster.

  • Completion time: 2012-11-20 22:27:41 ComboFix-quarantined-files.txt 2012-11-21 03:27 ComboFix2.txt 2007-12-01 13:59 .
  • Your cache administrator is webmaster.
  • Please try the request again.
  • Done!
  • Partition starts at LBA: 80325 Numsec = 110543265 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE.

They may otherwise interfere with our tools. Scheduling clean up... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Removal scheduling Please try the request again. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Please try the request again. Inspecting partition table: MBR Signature: 55AA Disk Signature: D0F4738C Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - Are there any outstanding issues?

Back to top #4 ixrayu ixrayu Topic Starter Members 13 posts OFFLINE Local time:09:39 PM Posted 21 November 2012 - 01:36 PM first mbar-log (from last night) Malwarebytes Anti-Rootkit 1.1.0.1009 System shutdown needed. BLEEPINGCOMPUTER NEEDS YOUR HELP! Click here to Register a free account now!

Your cache administrator is webmaster. Generated Thu, 26 Jan 2017 02:39:40 GMT by s_hp87 (squid/3.5.23) ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://0.0.0.8/ Connection Sherry Attached Files attach.txt 24.05KB 1 downloads dds.txt 19.29KB 1 downloads Back to top BC AdBot (Login to Remove) BleepingComputer.com Register to remove ads #2 CatByte CatByte bleepin' tiger Malware

BleepingComputer is being sued by Enigma Software because of a negative post of SpyHunter.

The Combofix log had a message that stated the computer had the zeroaccess rootkit, the Malware rootkit program foudn things the first time and the second time had a clean scan. Generated Thu, 26 Jan 2017 02:39:40 GMT by s_hp87 (squid/3.5.23) ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://0.0.0.7/ Connection Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015 Back to top #8 ixrayu ixrayu Topic Starter Members 13 posts OFFLINE Local time:09:39 PM Posted 22 November 2012 - 07:17 Generated Thu, 26 Jan 2017 02:39:40 GMT by s_hp87 (squid/3.5.23) ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://0.0.0.4/ Connection

Please try the request again. uStart Page = hxxp://www.yahoo.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000 IE: Generated Thu, 26 Jan 2017 02:39:40 GMT by s_hp87 (squid/3.5.23) ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://0.0.0.5/ Connection He thinks I may have a rootkit.

The system returned: (22) Invalid argument The remote host or network may be down. The system returned: (22) Invalid argument The remote host or network may be down. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see Thank you again!

Seems to be faster than it was! I have a thread in the other forum, if you need to take a look at it.