1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Please check my log. Thank you

Discussion in 'Virus & Other Malware Removal' started by kellyarmstrong, Jan 12, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,637
    Please download Farbar Service Scanner and transfer it to the desktop of the computer with the issue.
    • Make sure only the following option is checked:
      • Internet Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run (which should be on the desktop.)
    • Please copy and paste the log to your reply.
     
  2. kellyarmstrong

    kellyarmstrong Thread Starter

    Joined:
    May 15, 2012
    Messages:
    148
    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-27 11:39:41
    Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST916082 rev.3.AL 149.05GB
    Running: 5dbgr9d2.exe; Driver: C:\Users\Owner\AppData\Local\Temp\kgloapow.sys

    ---- Kernel code sections - GMER 2.0 ----
    ? C:\Users\Owner\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
    ---- User code sections - GMER 2.0 ----
    .text C:\Program Files\Internet Explorer\iexplore.exe[2464] USER32.dll!EnableWindow 7572CD8B 5 Bytes JMP 71659EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2464] USER32.dll!DialogBoxParamW 757510B0 5 Bytes JMP 715B1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2464] USER32.dll!DialogBoxIndirectParamW 75752EF5 5 Bytes JMP 717A8FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2464] USER32.dll!DialogBoxParamA 75768152 5 Bytes JMP 717A8F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2464] USER32.dll!DialogBoxIndirectParamA 7576847D 5 Bytes JMP 717A901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2464] USER32.dll!MessageBoxIndirectA 7577D4D9 5 Bytes JMP 717A8ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2464] USER32.dll!MessageBoxIndirectW 7577D5D3 5 Bytes JMP 717A8E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2464] USER32.dll!MessageBoxExA 7577D639 5 Bytes JMP 717A8DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2464] USER32.dll!MessageBoxExW 7577D65D 5 Bytes JMP 717A8D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] kernel32.dll!CreateThread 76F2CB0E 5 Bytes JMP 716175DB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!CreateDialogParamW 757272A2 5 Bytes JMP 717A9320 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!GetAsyncKeyState 7572863C 5 Bytes JMP 715FDED5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!SetWindowsHookExW 757287AD 5 Bytes JMP 716525AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!CallNextHookEx 75728E3B 5 Bytes JMP 71677FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!UnhookWindowsHookEx 757298DB 5 Bytes JMP 7169ED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!EnableWindow 7572CD8B 5 Bytes JMP 71659EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!DefWindowProcA 7572DB88 7 Bytes JMP 71619805 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!CreateWindowExA 7572DC2A 5 Bytes JMP 7162363B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!CreateWindowExW 75731305 5 Bytes JMP 716803CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!GetKeyState 75738CB1 5 Bytes JMP 715FDDAB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!DefWindowProcW 757403B4 7 Bytes JMP 71678042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!IsDialogMessageW 75740745 5 Bytes JMP 717A9A7A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!CreateDialogParamA 757417AA 5 Bytes JMP 717A92E8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!IsDialogMessage 75741847 5 Bytes JMP 717A9A52 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!CreateDialogIndirectParamA 757426F1 5 Bytes JMP 717A9358 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!CreateDialogIndirectParamW 75749A62 5 Bytes JMP 717A9390 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!SetKeyboardState 75750987 5 Bytes JMP 717AA341 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!DialogBoxParamW 757510B0 5 Bytes JMP 715B1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!DialogBoxIndirectParamW 75752EF5 5 Bytes JMP 717A8FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!SendInput 75752F75 5 Bytes JMP 717AA2E9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!EndDialog 7575326E 5 Bytes JMP 717A9D26 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!SetCursorPos 75766FB2 5 Bytes JMP 717AA3C2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!DialogBoxParamA 75768152 5 Bytes JMP 717A8F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!DialogBoxIndirectParamA 7576847D 5 Bytes JMP 717A901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!MessageBoxIndirectA 7577D4D9 5 Bytes JMP 717A8ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!MessageBoxIndirectW 7577D5D3 5 Bytes JMP 717A8E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!MessageBoxExA 7577D639 5 Bytes JMP 717A8DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!MessageBoxExW 7577D65D 5 Bytes JMP 717A8D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] USER32.dll!keybd_event 7577D972 5 Bytes JMP 717AA2A6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] SHELL32.dll!SHRestricted + D95 758589A8 4 Bytes [CF, 01, 1C, 6B] {IRET ; ADD [EBX+EBP*2], EBX}
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] SHELL32.dll!SHRestricted + D9D 758589B0 8 Bytes [E0, 61, 1B, 6B, 79, F7, 1B, ...]
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] ole32.dll!OleLoadFromStream 755F1E80 1 Byte [E9]
    .text C:\Program Files\Internet Explorer\iexplore.exe[3768] ole32.dll!OleLoadFromStream 755F1E80 5 Bytes JMP 717A9784 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] kernel32.dll!CreateThread 76F2CB0E 5 Bytes JMP 716175DB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!CreateDialogParamW 757272A2 5 Bytes JMP 717A9320 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!GetAsyncKeyState 7572863C 5 Bytes JMP 715FDED5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!SetWindowsHookExW 757287AD 5 Bytes JMP 716525AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!CallNextHookEx 75728E3B 5 Bytes JMP 71677FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!UnhookWindowsHookEx 757298DB 5 Bytes JMP 7169ED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!EnableWindow 7572CD8B 5 Bytes JMP 71659EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!DefWindowProcA 7572DB88 7 Bytes JMP 71619805 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!CreateWindowExA 7572DC2A 5 Bytes JMP 7162363B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!CreateWindowExW 75731305 5 Bytes JMP 716803CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!GetKeyState 75738CB1 5 Bytes JMP 715FDDAB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!DefWindowProcW 757403B4 7 Bytes JMP 71678042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!IsDialogMessageW 75740745 5 Bytes JMP 717A9A7A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!CreateDialogParamA 757417AA 5 Bytes JMP 717A92E8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!IsDialogMessage 75741847 5 Bytes JMP 717A9A52 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!CreateDialogIndirectParamA 757426F1 5 Bytes JMP 717A9358 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!CreateDialogIndirectParamW 75749A62 5 Bytes JMP 717A9390 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!SetKeyboardState 75750987 5 Bytes JMP 717AA341 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!DialogBoxParamW 757510B0 5 Bytes JMP 715B1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!DialogBoxIndirectParamW 75752EF5 5 Bytes JMP 717A8FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!SendInput 75752F75 5 Bytes JMP 717AA2E9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!EndDialog 7575326E 5 Bytes JMP 717A9D26 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!SetCursorPos 75766FB2 5 Bytes JMP 717AA3C2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!DialogBoxParamA 75768152 5 Bytes JMP 717A8F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!DialogBoxIndirectParamA 7576847D 5 Bytes JMP 717A901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!MessageBoxIndirectA 7577D4D9 5 Bytes JMP 717A8ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!MessageBoxIndirectW 7577D5D3 5 Bytes JMP 717A8E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!MessageBoxExA 7577D639 5 Bytes JMP 717A8DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!MessageBoxExW 7577D65D 5 Bytes JMP 717A8D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] USER32.dll!keybd_event 7577D972 5 Bytes JMP 717AA2A6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] SHELL32.dll!SHRestricted + D95 758589A8 4 Bytes [CF, 01, 1C, 6B] {IRET ; ADD [EBX+EBP*2], EBX}
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] SHELL32.dll!SHRestricted + D9D 758589B0 8 Bytes [E0, 61, 1B, 6B, 79, F7, 1B, ...]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] ole32.dll!OleLoadFromStream 755F1E80 1 Byte [E9]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5016] ole32.dll!OleLoadFromStream 755F1E80 5 Bytes JMP 717A9784 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    ---- Registry - GMER 2.0 ----
    Reg HKLM\SYSTEM\CurrentControlSet\Services\MpKsl19168825
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{930C1DBB-D8ED-422C-89E5-34410EE4FCD2}\MpKsl19168825.sys
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] MpKsl19168825
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] \Device\HarddiskVolume2\Program Files\Microsoft Security Client\MsMpEng.exe
    ---- EOF - GMER 2.0 ----
     
  3. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,637
    Please download OTL to your Desktop.
    • Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under Custom Scans/Fixes type in Netsvcs
    • Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long.
    • When the scan completes, it will open two Notepad windows called OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy and paste the contents of both of these files here in your next reply.
     
  4. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1084829

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice