Welcome to GeekPolice!
HomeSearching blocked by Google
Page 3 of 8
Page 3 of 8 • 
1, 2, 3, 4, 5, 6, 7, 8 
- Dr Jay
Head Admin
-
Power of Youth! 
OS : Windows 10 Home & Pro, Android, Linux
Arch. : x64 (64-bit)
Anti-Malware : Bitdefender Total Security
Posts : 15192
Rubies : 289625
Likes : 170 
Dr Jay on 9th May 2012, 4:29 pm
As far as we know here, your computer is indeed clean, bu let's do a couple of other checks:
Please download aswMBR from here
Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
Please download aswMBR from here
- Save aswMBR.exe to your Desktop
- Double click aswMBR.exe to run it
- Click the Scan button to start the scan as illustrated below
Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
- Once the scan finishes click Save log to save the log to your Desktop
- Copy and paste the contents of aswMBR.txt back here for review
- rx7chick
Novice
-
OS : Windows XP
Posts : 43
Rubies : 2847
Likes : 0 -
rx7chick on 9th May 2012, 5:18 pm
awembr log file. It sat on the last line related to documents and settings for a very long time with no activity, and finally I clicked on save log. I assume it was finished but it never did say it was complete
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-09 19:56:15
-----------------------------
19:56:15.562 OS Version: Windows 5.1.2600 Service Pack 3
19:56:15.562 Number of processors: 2 586 0x170A
19:56:15.562 ComputerName: PRISS UserName:
19:56:16.031 Initialize success
20:08:07.125 AVAST engine defs: 12050900
20:08:18.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:08:18.187 Disk 0 Vendor: ST9250315AS 0002SDM1 Size: 238475MB BusType: 3
20:08:18.203 Disk 0 MBR read successfully
20:08:18.218 Disk 0 MBR scan
20:08:18.265 Disk 0 Windows XP default MBR code
20:08:18.265 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 49999 MB offset 63
20:08:18.281 Disk 0 Partition - 00 0F Extended LBA 188465 MB offset 102398310
20:08:18.296 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 188465 MB offset 102398373
20:08:18.312 Disk 0 scanning sectors +488376000
20:08:18.421 Disk 0 scanning C:\WINDOWS\system32\drivers
20:08:31.031 Service scanning
20:08:32.609 Service ASUSProcObsrv E:\I386\AsProcOb.sys **LOCKED** 21
20:08:44.421 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
20:08:48.046 Modules scanning
20:08:56.281 Disk 0 trace - called modules:
20:08:56.312 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys pciide.sys PCIIDEX.SYS
20:08:56.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad25ab8]
20:08:56.343 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000087[0x8ad59f18]
20:08:56.359 5 ACPI.sys[b9e54620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ad81d98]
20:08:56.781 AVAST engine scan C:\WINDOWS
20:09:07.281 AVAST engine scan C:\WINDOWS\system32
20:11:58.750 AVAST engine scan C:\WINDOWS\system32\drivers
20:12:15.703 AVAST engine scan C:\Documents and Settings\Carolyn Blake
20:13:20.328 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Carolyn Blake\Desktop\MBR.dat"
20:13:20.343 The log file has been saved successfully to "C:\Documents and Settings\Carolyn Blake\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-09 19:56:15
-----------------------------
19:56:15.562 OS Version: Windows 5.1.2600 Service Pack 3
19:56:15.562 Number of processors: 2 586 0x170A
19:56:15.562 ComputerName: PRISS UserName:
19:56:16.031 Initialize success
20:08:07.125 AVAST engine defs: 12050900
20:08:18.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:08:18.187 Disk 0 Vendor: ST9250315AS 0002SDM1 Size: 238475MB BusType: 3
20:08:18.203 Disk 0 MBR read successfully
20:08:18.218 Disk 0 MBR scan
20:08:18.265 Disk 0 Windows XP default MBR code
20:08:18.265 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 49999 MB offset 63
20:08:18.281 Disk 0 Partition - 00 0F Extended LBA 188465 MB offset 102398310
20:08:18.296 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 188465 MB offset 102398373
20:08:18.312 Disk 0 scanning sectors +488376000
20:08:18.421 Disk 0 scanning C:\WINDOWS\system32\drivers
20:08:31.031 Service scanning
20:08:32.609 Service ASUSProcObsrv E:\I386\AsProcOb.sys **LOCKED** 21
20:08:44.421 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
20:08:48.046 Modules scanning
20:08:56.281 Disk 0 trace - called modules:
20:08:56.312 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys pciide.sys PCIIDEX.SYS
20:08:56.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad25ab8]
20:08:56.343 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000087[0x8ad59f18]
20:08:56.359 5 ACPI.sys[b9e54620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ad81d98]
20:08:56.781 AVAST engine scan C:\WINDOWS
20:09:07.281 AVAST engine scan C:\WINDOWS\system32
20:11:58.750 AVAST engine scan C:\WINDOWS\system32\drivers
20:12:15.703 AVAST engine scan C:\Documents and Settings\Carolyn Blake
20:13:20.328 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Carolyn Blake\Desktop\MBR.dat"
20:13:20.343 The log file has been saved successfully to "C:\Documents and Settings\Carolyn Blake\Desktop\aswMBR.txt"
- rx7chickNovice
-
OS : Windows XP
Posts : 43
Rubies : 2847
Likes : 0 -
rx7chick on 9th May 2012, 5:59 pm
Please disregard the previous asw scan, it was incomplete
Correct ASW scan log:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-09 20:19:35
-----------------------------
20:19:35.265 OS Version: Windows 5.1.2600 Service Pack 3
20:19:35.265 Number of processors: 2 586 0x170A
20:19:35.265 ComputerName: PRISS UserName:
20:19:35.937 Initialize success
20:19:41.515 AVAST engine defs: 12050900
20:20:00.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:20:00.296 Disk 0 Vendor: ST9250315AS 0002SDM1 Size: 238475MB BusType: 3
20:20:00.312 Disk 0 MBR read successfully
20:20:00.328 Disk 0 MBR scan
20:20:00.359 Disk 0 Windows XP default MBR code
20:20:00.375 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 49999 MB offset 63
20:20:00.375 Disk 0 Partition - 00 0F Extended LBA 188465 MB offset 102398310
20:20:00.406 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 188465 MB offset 102398373
20:20:00.421 Disk 0 scanning sectors +488376000
20:20:00.531 Disk 0 scanning C:\WINDOWS\system32\drivers
20:20:16.953 Service scanning
20:20:18.500 Service ASUSProcObsrv E:\I386\AsProcOb.sys **LOCKED** 21
20:20:30.187 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
20:20:33.750 Modules scanning
20:20:50.265 Disk 0 trace - called modules:
20:20:50.312 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys pciide.sys PCIIDEX.SYS
20:20:50.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad25ab8]
20:20:50.343 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000087[0x8ad59f18]
20:20:50.359 5 ACPI.sys[b9e54620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ad81d98]
20:20:50.812 AVAST engine scan C:\WINDOWS
20:21:03.484 AVAST engine scan C:\WINDOWS\system32
20:24:44.187 AVAST engine scan C:\WINDOWS\system32\drivers
20:25:08.171 AVAST engine scan C:\Documents and Settings\Carolyn Blake
20:49:00.265 AVAST engine scan C:\Documents and Settings\All Users
20:55:33.000 Scan finished successfully
20:57:01.453 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Carolyn Blake\Desktop\MBR.dat"
20:57:01.468 The log file has been saved successfully to "C:\Documents and Settings\Carolyn Blake\Desktop\aswMBR.txt"
Correct ASW scan log:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-09 20:19:35
-----------------------------
20:19:35.265 OS Version: Windows 5.1.2600 Service Pack 3
20:19:35.265 Number of processors: 2 586 0x170A
20:19:35.265 ComputerName: PRISS UserName:
20:19:35.937 Initialize success
20:19:41.515 AVAST engine defs: 12050900
20:20:00.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:20:00.296 Disk 0 Vendor: ST9250315AS 0002SDM1 Size: 238475MB BusType: 3
20:20:00.312 Disk 0 MBR read successfully
20:20:00.328 Disk 0 MBR scan
20:20:00.359 Disk 0 Windows XP default MBR code
20:20:00.375 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 49999 MB offset 63
20:20:00.375 Disk 0 Partition - 00 0F Extended LBA 188465 MB offset 102398310
20:20:00.406 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 188465 MB offset 102398373
20:20:00.421 Disk 0 scanning sectors +488376000
20:20:00.531 Disk 0 scanning C:\WINDOWS\system32\drivers
20:20:16.953 Service scanning
20:20:18.500 Service ASUSProcObsrv E:\I386\AsProcOb.sys **LOCKED** 21
20:20:30.187 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
20:20:33.750 Modules scanning
20:20:50.265 Disk 0 trace - called modules:
20:20:50.312 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys pciide.sys PCIIDEX.SYS
20:20:50.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad25ab8]
20:20:50.343 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000087[0x8ad59f18]
20:20:50.359 5 ACPI.sys[b9e54620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ad81d98]
20:20:50.812 AVAST engine scan C:\WINDOWS
20:21:03.484 AVAST engine scan C:\WINDOWS\system32
20:24:44.187 AVAST engine scan C:\WINDOWS\system32\drivers
20:25:08.171 AVAST engine scan C:\Documents and Settings\Carolyn Blake
20:49:00.265 AVAST engine scan C:\Documents and Settings\All Users
20:55:33.000 Scan finished successfully
20:57:01.453 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Carolyn Blake\Desktop\MBR.dat"
20:57:01.468 The log file has been saved successfully to "C:\Documents and Settings\Carolyn Blake\Desktop\aswMBR.txt"
- Dr JayHead Admin
-
Power of Youth!
OS : Windows 10 Home & Pro, Android, Linux
Arch. : x64 (64-bit)
Anti-Malware : Bitdefender Total Security
Posts : 15192
Rubies : 289625
Likes : 170 -
Dr Jay on 9th May 2012, 8:35 pm
Your IP address is likely banned.
Call your ISP to get a new IP address assigned. This is best to be able to access Google again.
Call your ISP to get a new IP address assigned. This is best to be able to access Google again.
- rx7chickNovice
-
OS : Windows XP
Posts : 43
Rubies : 2847
Likes : 0 -
rx7chick on 10th May 2012, 10:10 am
Thank you Jay for all your help. I am in Turkey and things are difficult here for getting things like that accomplished. I am leaving in 3 weeks so my problem may be solved then. I have only had this IP address for 3 weeks, having picked up this new service then. I wonder if there could be someone on my network who is doing something to cause this. I deeply appreciate your help and how you stuck with me through this. If I have the same problem when I move to Romania, I will be back to address it again.
- Dr JayHead Admin
-
Power of Youth!
OS : Windows 10 Home & Pro, Android, Linux
Arch. : x64 (64-bit)
Anti-Malware : Bitdefender Total Security
Posts : 15192
Rubies : 289625
Likes : 170 -
Dr Jay on 10th May 2012, 10:51 am
It might have actually been malware. ComboFix reported deletions of two of the latest infections, reported in :
EXPLAINED:
Google takes these actions prevent DDoS, which is Distributed Denial of Service. When it detects potential suspicious behavior from an IP address, the IP address is put on a temporary or permanent ban list.
Problem is, the malware you had, had the ability to control your computer and send anonymous requests to unknown/known servers, such as Google.
Only way to solve this issue the hard way is to remove the malware first, and then wait it out.
The easy way is to change your IP address after the malware is removed.
Just curious...run this scan real quick:
Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Carolyn Blake\g2mdlhlpx.exe IDENTIFIED as Trojan:fake-GoToMeeting Application
c:\documents and settings\Carolyn Blake\new.txt
c:\windows\~INSX362.EXE Commonly a Trojan paired with redirect malware
c:\windows\system32\drivers\etc\hosts.ics Static HOSTS file (modified by malware)
c:\windows\system32\roboot.exe Possibly related to Trojan.ZeroAccess
EXPLAINED:
Google takes these actions prevent DDoS, which is Distributed Denial of Service. When it detects potential suspicious behavior from an IP address, the IP address is put on a temporary or permanent ban list.
Problem is, the malware you had, had the ability to control your computer and send anonymous requests to unknown/known servers, such as Google.
Only way to solve this issue the hard way is to remove the malware first, and then wait it out.
The easy way is to change your IP address after the malware is removed.
Just curious...run this scan real quick:
- Download Win32kDiag from any of the following locations and save it to your Desktop.
- Download Win32kDiag (Win32kDiag.exe) - #1
- Download Win32kDiag (Win32kDiag.exe) - #2
- Download Win32kDiag (Win32kDiag.exe) - #3
- rx7chickNovice
-
OS : Windows XP
Posts : 43
Rubies : 2847
Likes : 0 -
rx7chick on 10th May 2012, 1:43 pm
Running from: C:\Documents and Settings\Carolyn Blake\Desktop\Win32kDiag.exe
Log file at : C:\Documents and Settings\Carolyn Blake\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Finished!
Log file at : C:\Documents and Settings\Carolyn Blake\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Finished!
- rx7chickNovice
-
OS : Windows XP
Posts : 43
Rubies : 2847
Likes : 0 -
rx7chick on 10th May 2012, 3:52 pm
I just now filled out a form to join an online class...first time and only time, and I got this message (not from Google- I accessed the link from my email, and in Firefox)
Security Image Verification
We have received repeated subscriptions from your computer. To prevent automated signups we verify that it is a person signing up, and not an automated script.
Type the characters below, exactly as shown, into the box provided without spaces. The letters are case sensitive.
We monitor our system very closely to prevent the use of harmful programs to submit large numbers of signups, which may cause problems for other users, and generate undue Spam complaints.
Security Image Verification
We have received repeated subscriptions from your computer. To prevent automated signups we verify that it is a person signing up, and not an automated script.
Type the characters below, exactly as shown, into the box provided without spaces. The letters are case sensitive.
We monitor our system very closely to prevent the use of harmful programs to submit large numbers of signups, which may cause problems for other users, and generate undue Spam complaints.
- Dr JayHead Admin
-
Power of Youth!
OS : Windows 10 Home & Pro, Android, Linux
Arch. : x64 (64-bit)
Anti-Malware : Bitdefender Total Security
Posts : 15192
Rubies : 289625
Likes : 170 -
Dr Jay on 10th May 2012, 6:48 pm
Please open Notepad and enter in the following:
Save as dns.bat to your Desktop.
Choose Save as type... All Files.
Click Save.
Then, exit Notepad.
Double-click on dns.bat, and it will finish quickly and launch a log.
Please post that in your next reply.
Then, click File > Save as...@echo off
echo DNS renewal >log.txt
echo %date% >>log.txt
ipconfig /flushdns >>log.txt
pause
ipconfig /release >>log.txt
pause
ipconfig /renew >>log.txt
pause
ipconfig /all >>log.txt
pause
start log.txt
exit
Save as dns.bat to your Desktop.
Choose Save as type... All Files.
Click Save.
Then, exit Notepad.
Double-click on dns.bat, and it will finish quickly and launch a log.
Please post that in your next reply.
Page 3 of 8 • 1, 2, 3, 4, 5, 6, 7, 8
Similar topics
Create an account or log in to leave a reply
You need to be a member in order to leave a reply.
Page 3 of 8
Permissions in this forum:
You cannot reply to topics in this forum
