WiredWX Hobby Weather ToolsLog in

 


Searching blocked by Google

2 posters

descriptionSearching blocked by Google - Page 5 EmptyRe: Searching blocked by Google

more_horiz
Farbar Service Scanner Version: 09-06-2012
Ran by Carolyn Blake (administrator) on 17-06-2012 at 13:20:28
Running from "C:\Documents and Settings\Carolyn Blake\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit


**** End of log ****

descriptionSearching blocked by Google - Page 5 EmptyRe: Searching blocked by Google

more_horiz
Please download aswMBR from here


  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below


Searching blocked by Google - Page 5 AswMBR_Scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives


  • Once the scan finishes click Save log to save the log to your Desktop
    Searching blocked by Google - Page 5 AswMBR_SaveLog

  • Copy and paste the contents of aswMBR.txt back here for review



AND


Please test your DNS Resolution by visiting here: http://www.dns-ok.us/

Tell me if that is green or not...

Also for this site: http://www.confickerworkinggroup.org/infection_test/cfeyechart.html

Tell me if you see all six images at the top...

descriptionSearching blocked by Google - Page 5 EmptyRe: Searching blocked by Google

more_horiz
DNS Resolution: GREEN
All 6 images visible


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-17 22:34:36
-----------------------------
22:34:36.859 OS Version: Windows 5.1.2600 Service Pack 3
22:34:36.859 Number of processors: 2 586 0x170A
22:34:36.859 ComputerName: PRISS UserName:
22:34:37.953 Initialize success
22:40:34.359 AVAST engine defs: 12061700
22:40:46.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:40:46.406 Disk 0 Vendor: ST9250315AS 0002SDM1 Size: 238475MB BusType: 3
22:40:46.421 Disk 0 MBR read successfully
22:40:46.421 Disk 0 MBR scan
22:40:46.453 Disk 0 Windows XP default MBR code
22:40:46.468 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 49999 MB offset 63
22:40:46.484 Disk 0 Partition - 00 0F Extended LBA 188465 MB offset 102398310
22:40:46.500 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 188465 MB offset 102398373
22:40:46.515 Disk 0 scanning sectors +488376000
22:40:46.625 Disk 0 scanning C:\WINDOWS\system32\drivers
22:40:58.937 Service scanning
22:41:12.078 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
22:41:15.687 Modules scanning
22:41:21.640 Disk 0 trace - called modules:
22:41:21.671 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys pciide.sys PCIIDEX.SYS
22:41:21.687 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad7fab8]
22:41:21.703 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000088[0x8ad529e8]
22:41:21.718 5 ACPI.sys[b9e54620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ad52d98]
22:41:22.265 AVAST engine scan C:\WINDOWS
22:41:33.546 AVAST engine scan C:\WINDOWS\system32
22:44:19.078 AVAST engine scan C:\WINDOWS\system32\drivers
22:44:35.703 AVAST engine scan C:\Documents and Settings\Carolyn Blake
23:11:32.781 AVAST engine scan C:\Documents and Settings\All Users
23:21:23.015 Scan finished successfully



descriptionSearching blocked by Google - Page 5 EmptyRe: Searching blocked by Google

more_horiz
GMER

Note about this tool:
  • This program may freeze. Do not reboot the computer, unless it has been frozen for over 30 minutes.
  • This program may cause a blue screen of death. If it does, do not scan, and then reply to let me know.
  • No matter what is in the log, please post all the information/contents of the log.
  • These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT"


Please download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

descriptionSearching blocked by Google - Page 5 EmptyRe: Searching blocked by Google

more_horiz
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-18 21:18:50
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9250315AS rev.0002SDM1
Running: gmer.exe; Driver: C:\DOCUME~1\CAROLY~1\LOCALS~1\Temp\kxtdapog.sys


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwCreateKey [0xB9ECFA50]
SSDT sptd.sys ZwEnumerateKey [0xB9F03FFE]
SSDT sptd.sys ZwEnumerateValueKey [0xB9F0438C]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0xA65C5004]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0xA65C50D4]
SSDT sptd.sys ZwOpenKey [0xB9ECFA30]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA65C4D76]
SSDT sptd.sys ZwQueryKey [0xB9F04464]
SSDT sptd.sys ZwQueryValueKey [0xB9F042E4]
SSDT sptd.sys ZwSetValueKey [0xB9F044F6]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA65C4E1E]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA65C4EBA]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA65C4F56]

INT 0x63 ? 8AE10CC8
INT 0x63 ? 8AE10CC8
INT 0x63 ? 8AE10CC8
INT 0x63 ? 8AE10CC8
INT 0x63 ? 8ABFBCC8
INT 0x63 ? 8ABFBCC8
INT 0x63 ? 8AE10CC8
INT 0x94 ? 8ABFBCC8
INT 0xA4 ? 8ABFBCC8
INT 0xB4 ? 8ABFBCC8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2DAC 80504648 2 Bytes [76, 4D] {JBE 0x4f}
.text sptd.sys B9E95000 4 Bytes [A6, BB, 6E, 80]
.text sptd.sys B9E95005 27 Bytes [69, 6E, 80, 30, 68, 6E, 80, ...]
.text sptd.sys B9E95024 4 Bytes [74, 7F, E8, B9]
.text sptd.sys B9E9502C 88 Bytes [B4, 1A, 5E, 80, 76, 86, 5E, ...]
.text sptd.sys B9E95085 156 Bytes [57, 53, 80, 44, A2, 4F, 80, ...]
.text ...
.sptd2 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd2" section [0xB9F8CD38]
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload B8CC18AC 5 Bytes JMP 8ABFB1D8
.text a1qr7h9i.SYS B8A95306 50 Bytes [00, 00, 00, 48, 03, 00, F0, ...]
.text a1qr7h9i.SYS B8A95339 23 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a1qr7h9i.SYS B8A95351 87 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a1qr7h9i.SYS B8A953A9 10 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text a1qr7h9i.SYS B8A953B4 12 Bytes [40, 00, 00, C8, 50, 41, 47, ...] {INC EAX; ADD [EAX], AL; ENTER 0x4150, 0x47; INC EBP; ADD [EAX], AL; ADD [EAX], AL}
.text ...
init C:\WINDOWS\system32\drivers\monfilt.sys entry point in "init" section [0xA84D8280]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [B9E96574] sptd.sys
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [B9E960C0] sptd.sys
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [B9E96FE0] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9E960C0] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9E96362] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9E962A4] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9E971BC] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9E96FE0] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EAB312] sptd.sys
IAT \SystemRoot\System32\Drivers\a1qr7h9i.SYS[HAL.dll!KeGetCurrentIrql] 5E0001F4
IAT \SystemRoot\System32\Drivers\a1qr7h9i.SYS[HAL.dll!KfAcquireSpinLock] C2C95B5F
IAT \SystemRoot\System32\Drivers\a1qr7h9i.SYS[HAL.dll!KfReleaseSpinLock] 5F380008
IAT \SystemRoot\System32\Drivers\a1qr7h9i.SYS[HAL.dll!KfRaiseIrql] 56227411
IAT \SystemRoot\System32\Drivers\a1qr7h9i.SYS[HAL.dll!KfLowerIrql] A9763A68
IAT \SystemRoot\System32\Drivers\a1qr7h9i.SYS[USBD.SYS!USBD_CreateConfigurationRequestEx] F7C31352

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8AE0F1F8

AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \FileSystem\Ntfs \Ntfs AsDsm.sys (Data Security Manager Driver/ASUSTek Computer Inc)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBPDO-0 8ABFA1F8
Device \Driver\usbehci \Device\USBPDO-1 8ABD81F8
Device \Driver\usbuhci \Device\USBPDO-2 8ABFA1F8
Device \Driver\usbuhci \Device\USBPDO-3 8ABFA1F8
Device \Driver\usbuhci \Device\USBPDO-4 8ABFA1F8

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBPDO-5 8ABFA1F8
Device \Driver\usbehci \Device\USBPDO-6 8ABD81F8
Device \Driver\usbuhci \Device\USBPDO-7 8ABFA1F8
Device \Driver\Cdrom \Device\CdRom0 8AB303A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9DE9B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [B9DE9B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9DE9B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B9DE9B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B9DE9B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [B9DE9B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 8AB303A0
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A5031F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{E9444515-56BF-446C-8E1D-97E9ED9B937B} 8A5031F8
Device \Driver\NetBT \Device\NetbiosSmb 8A5031F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{9C8FE2C6-5E15-43BE-B1A7-20162ABF33FA} 8A5031F8

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\PCI_PNP8472 \Device\0000005d sptd.sys
Device \Driver\PCI_PNP8472 \Device\0000005d sptd.sys

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBFDO-0 8ABFA1F8
Device \Driver\usbuhci \Device\USBFDO-1 8ABFA1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 896AF1F8
Device \Driver\usbuhci \Device\USBFDO-2 8ABFA1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 896AF1F8
Device \Driver\usbehci \Device\USBFDO-3 8ABD81F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{6C1DE315-5661-4764-8FB9-ED7F722BD42A} 8A5031F8
Device \Driver\usbuhci \Device\USBFDO-4 8ABFA1F8
Device \Driver\usbuhci \Device\USBFDO-5 8ABFA1F8
Device \Driver\usbuhci \Device\USBFDO-6 8ABFA1F8
Device \Driver\usbehci \Device\USBFDO-7 8ABD81F8
Device \Driver\a1qr7h9i \Device\Scsi\a1qr7h9i1Port4Path0Target0Lun0 8AAFD1F8
Device \Driver\a1qr7h9i \Device\Scsi\a1qr7h9i1 8AAFD1F8
Device \FileSystem\Cdfs \Cdfs 8A5311F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB9 0x78 0x43 0xDE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0E 0xF9 0xCB 0x1B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x63 0x2A 0xFD 0x58 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB9 0x78 0x43 0xDE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0E 0xF9 0xCB 0x1B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x63 0x2A 0xFD 0x58 ...

---- Files - GMER 1.0.15 ----

File C:\ADSM_PData_0150 0 bytes
File C:\ADSM_PData_0150\DB 0 bytes
File C:\ADSM_PData_0150\DB\SI.db 624 bytes
File C:\ADSM_PData_0150\DB\UL.db 16 bytes
File C:\ADSM_PData_0150\DB\VL.db 16 bytes
File C:\ADSM_PData_0150\DB\WAL.db 2048 bytes
File C:\ADSM_PData_0150\DragWait.exe 315392 bytes executable
File C:\ADSM_PData_0150\_avt 512 bytes

---- EOF - GMER 1.0.15 ----

descriptionSearching blocked by Google - Page 5 EmptyRe: Searching blocked by Google

more_horiz
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    a1qr7h9i.SYS


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

descriptionSearching blocked by Google - Page 5 EmptyRe: Searching blocked by Google

more_horiz
SystemLook 30.07.11 by jpshortstuff
Log created at 20:14 on 19/06/2012 by Carolyn Blake
Administrator - Elevation successful

========== filefind ==========

Searching for "a1qr7h9i.SYS"
No files found.

-= EOF =-

descriptionSearching blocked by Google - Page 5 EmptyRe: Searching blocked by Google

more_horiz
We need to use GMER to delete a service and remove the file:

  • Open the gmer folder and double click gmer.exe to run the program
  • On starting GMER will run a short scan, allow it to complete this, then click No if it asks you to run a full scan.

  • Click on the > > > tab to open the menus

Searching blocked by Google - Page 5 GMER1
  • Click on the Services tab

Searching blocked by Google - Page 5 GMER_Services_Tab
  • Scroll down until you find the following Service (Note: This may be highlighted in red)

    a1qr7h9i.SYS

  • Click on the Service Name to Highlight it, then right click and choose Delete...
    Searching blocked by Google - Page 5 GMER_Delete_Service
  • Click OK at the first confirmation dialog to remove the service
  • Click OK to the second confirmation dialog to remove the file
  • Click OK to exit the program

Let me know of any problems you encountered.

descriptionSearching blocked by Google - Page 5 EmptyRe: Searching blocked by Google

more_horiz
I searched carefully thru the "Name" fields and the Filename fields and could not find the file we need. I tried running GMER twice to be sure. I'm curious because the last program SystemLook... I ran a search for that file and it was not found.

descriptionSearching blocked by Google - Page 5 EmptyRe: Searching blocked by Google

more_horiz
We'll need to use DeFogger to disable CD emulation drivers...

To disable CD Emulation programs using DeFogger please perform these steps:
  • Please download DeFogger to your desktop.
  • Once downloaded, double-click on the DeFogger icon to start the tool.
  • The application window will now appear. You should now click on the Disable button to disable your CD Emulation drivers
  • When it prompts you whether or not you want to continue, please click on the Yes button to continue
  • When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  • If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.



Then, please re-run GMER and post a new log.

descriptionSearching blocked by Google - Page 5 EmptyRe: Searching blocked by Google

more_horiz
I followed these instruction, and after the GMER scan had been running about 2 hours, not yet complete, I got the BSOD. The error message was IRQ_NOT_Less_Or_Equal. I restarted but windows would never start up past the initial screen. Finally I was able to boot it in Safe Mode with Networking but could not get on the net to message you. So I did an F8 start and chose Last Known Configuration and it started. The Defogger program is still on my desktop, but I am very reluctant to run the scan. I did get my first Bing "fail" and it said something like the search is making too many calls. It cleard up in a moment. I am wondering if this copy of windows is so corrupt I should abandon it and reinstall?

descriptionSearching blocked by Google - Page 5 EmptyRe: Searching blocked by Google

more_horiz
If you think it's corrupt, let's run a couple of scans to prove that...

Do this first, please:
  1. Please download MGADiag and save it to your desktop.
  2. Double click the Searching blocked by Google - Page 5 Dmjdiag icon on your desktop.
  3. Push Searching blocked by Google - Page 5 Dmjcontinue
  4. Push Searching blocked by Google - Page 5 Dmjcopy
  5. Go to Start -> Run and type in "Notepad"
  6. Go to Edit -> Paste in notepad.
  7. x out all of the numbers and letters in the line beginning with "Windows Product Key:"
  8. Copy and paste that log here.

descriptionSearching blocked by Google - Page 5 EmptyRe: Searching blocked by Google

more_horiz
Are you still with us? Please update us on your situation.

descriptionSearching blocked by Google - Page 5 EmptyRe: Searching blocked by Google

more_horiz
Hi DM Jay,
I was going to post in a day or two. I finally did a complete Windows fresh install...wiped the C drive. I had other problems with my USB ports shutting off and auto play and plug and play not working. As always a fresh install is a painful procedure and I still do not have Windows set up completely. But, I have been using Google search for the last 5 days since the new install and so far I have not encountered any problems. A program I was using that I have not reinstalled was SEO Quake, which gathers a lot of stats on SERP's and sites. I am wondering now if Google doesn't like SEO Quake. I will do some research on their forum and if I find anything significant I will let you know. thank you so so much for all the time you gave me.

Last edited by rx7chick on 30th June 2012, 8:27 pm; edited 1 time in total (Reason for editing : accidentally sent before complete)

descriptionSearching blocked by Google - Page 5 EmptyRe: Searching blocked by Google

more_horiz
Not a problem here. Let me know of any more issues, otherwise I will close this topic. You'd be free to open any new topics in the future.

descriptionSearching blocked by Google - Page 5 EmptyRe: Searching blocked by Google

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum