Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

404 Error nginx


  • This topic is locked This topic is locked
3 replies to this topic

#1 jrichmond1975

jrichmond1975

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 18 November 2011 - 02:11 PM

I've tried to fix this by scanning my computer and I can't get this thing off my computer. I read you folks can help.

Thanks,

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-18 13:07:23
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST316031 rev.HP35
Running: gmer.exe; Driver: C:\DOCUME~1\JENNIF~1.RIC\LOCALS~1\Temp\kftdqpow.sys


---- System - GMER 1.0.15 ----

SSDT 893D6DC0 ZwCreateKey
SSDT 893D7F60 ZwCreateMutant
SSDT 893D62C0 ZwCreateProcess
SSDT 893D6580 ZwCreateProcessEx
SSDT 893D7C20 ZwCreateThread
SSDT 893D7340 ZwDeleteKey
SSDT 893D7600 ZwDeleteValueKey
SSDT 893D7DC0 ZwLoadDriver
SSDT 893D6840 ZwOpenProcess
SSDT 893D8100 ZwSetSystemInformation
SSDT 893D7080 ZwSetValueKey
SSDT 893D6B00 ZwTerminateProcess
SSDT 893D7A80 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text iaStor.sys B9E6F988 1 Byte [CC] {INT 3 }
? C:\DOCUME~1\JENNIF~1.RIC\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[900] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F10001
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 026673D0 C:\Documents and Settings\jennifer.richmond\Local Settings\Application Data\Coupons.com\tbCoup.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 02667730 C:\Documents and Settings\jennifer.richmond\Local Settings\Application Data\Coupons.com\tbCoup.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD10D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25464E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5397 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 02667640 C:\Documents and Settings\jennifer.richmond\Local Settings\Application Data\Coupons.com\tbCoup.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] USER32.dll!CreateDialogParamA 7E43C7DB 5 Bytes JMP 02667550 C:\Documents and Settings\jennifer.richmond\Local Settings\Application Data\Coupons.com\tbCoup.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 026678B0 C:\Documents and Settings\jennifer.richmond\Local Settings\Application Data\Coupons.com\tbCoup.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E519A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E51FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E53FA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 026666B0 C:\Documents and Settings\jennifer.richmond\Local Settings\Application Data\Coupons.com\tbCoup.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E525E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 02667990 C:\Documents and Settings\jennifer.richmond\Local Settings\Application Data\Coupons.com\tbCoup.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 02666810 C:\Documents and Settings\jennifer.richmond\Local Settings\Application Data\Coupons.com\tbCoup.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E56FF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] WS2_32.dll!WSALookupServiceNextW 71AB3181 6 Bytes JMP 71A60F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] WS2_32.dll!WSALookupServiceEnd 71AB350E 6 Bytes JMP 71A30F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] WS2_32.dll!WSALookupServiceBeginW 71AB35EF 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] WS2_32.dll!send 71AB4C27 6 Bytes JMP 71A00F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes JMP 71970F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] WS2_32.dll!recv 71AB676F 6 Bytes JMP 719D0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] WS2_32.dll!WSASend 71AB68FA 6 Bytes JMP 719A0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 6 Bytes JMP 71940F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F10001
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 03C973D0 C:\Documents and Settings\jennifer.richmond\Local Settings\Application Data\Coupons.com\tbCoup.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 03C97730 C:\Documents and Settings\jennifer.richmond\Local Settings\Application Data\Coupons.com\tbCoup.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD10D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25464E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5397 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 03C97640 C:\Documents and Settings\jennifer.richmond\Local Settings\Application Data\Coupons.com\tbCoup.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!CreateDialogParamA 7E43C7DB 5 Bytes JMP 03C97550 C:\Documents and Settings\jennifer.richmond\Local Settings\Application Data\Coupons.com\tbCoup.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 03C978B0 C:\Documents and Settings\jennifer.richmond\Local Settings\Application Data\Coupons.com\tbCoup.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E519A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E51FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E53FA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 03C966B0 C:\Documents and Settings\jennifer.richmond\Local Settings\Application Data\Coupons.com\tbCoup.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E525E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 03C97990 C:\Documents and Settings\jennifer.richmond\Local Settings\Application Data\Coupons.com\tbCoup.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 03C96810 C:\Documents and Settings\jennifer.richmond\Local Settings\Application Data\Coupons.com\tbCoup.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E56FF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] WS2_32.dll!WSALookupServiceNextW 71AB3181 6 Bytes JMP 71A60F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] WS2_32.dll!WSALookupServiceEnd 71AB350E 6 Bytes JMP 71A30F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] WS2_32.dll!WSALookupServiceBeginW 71AB35EF 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] WS2_32.dll!send 71AB4C27 6 Bytes JMP 71A00F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes JMP 71970F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] WS2_32.dll!recv 71AB676F 6 Bytes JMP 719D0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] WS2_32.dll!WSASend 71AB68FA 6 Bytes JMP 719A0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 6 Bytes JMP 71940F5A
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2136] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 32605465 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2136] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3292B771 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2244] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F10001
.text C:\Program Files\Internet Explorer\iexplore.exe[2244] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 024673D0 C:\Documents and Settings\jennifer.richmond\Local Settings\Application Data\Coupons.com\tbCoup.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2244] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 02467730 C:\Documents and Settings\jennifer.richmond\Local Settings\Application Data\Coupons.com\tbCoup.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2244] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2244] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD10D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2244] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2244] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25464E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2244] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5397 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2244] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2244] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 02467640 C:\Documents and Settings\jennifer.richmond\Local Settings\Application Data\Coupons.com\tbCoup.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2244] USER32.dll!CreateDialogParamA 7E43C7DB 5 Bytes JMP 02467550 C:\Documents and Settings\jennifer.richmond\Local Settings\Application Data\Coupons.com\tbCoup.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2244] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 024678B0 C:\Documents and Settings\jennifer.richmond\Local Settings\Application Data\Coupons.com\tbCoup.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2244] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E519A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2244] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E51FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2244] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E53FA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2244] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 024666B0 C:\Documents and Settings\jennifer.richmond\Local Settings\Application Data\Coupons.com\tbCoup.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2244] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E525E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2244] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 02467990 C:\Documents and Settings\jennifer.richmond\Local Settings\Application Data\Coupons.com\tbCoup.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2244] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 02466810 C:\Documents and Settings\jennifer.richmond\Local Settings\Application Data\Coupons.com\tbCoup.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2244] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2244] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E56FF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2244] WS2_32.dll!WSALookupServiceNextW 71AB3181 6 Bytes JMP 71A60F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2244] WS2_32.dll!WSALookupServiceEnd 71AB350E 6 Bytes JMP 71A30F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2244] WS2_32.dll!WSALookupServiceBeginW 71AB35EF 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2244] WS2_32.dll!send 71AB4C27 6 Bytes JMP 71A00F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2244] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes JMP 71970F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2244] WS2_32.dll!recv 71AB676F 6 Bytes JMP 719D0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2244] WS2_32.dll!WSASend 71AB68FA 6 Bytes JMP 719A0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2244] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 6 Bytes JMP 71940F5A
.text C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE[2252] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 32605465 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE[2252] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3292B771 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2424] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F10001
.text C:\Program Files\Internet Explorer\iexplore.exe[2424] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 03CA73D0 C:\Documents and Settings\jennifer.richmond\Local Settings\Application Data\Coupons.com\tbCoup.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2424] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 03CA7730 C:\Documents and Settings\jennifer.richmond\Local Settings\Application Data\Coupons.com\tbCoup.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2424] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2424] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD10D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2424] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2424] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25464E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2424] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5397 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2424] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2424] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 03CA7640 C:\Documents and Settings\jennifer.richmond\Local Settings\Application Data\Coupons.com\tbCoup.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2424] USER32.dll!CreateDialogParamA 7E43C7DB 5 Bytes JMP 03CA7550 C:\Documents and Settings\jennifer.richmond\Local Settings\Application Data\Coupons.com\tbCoup.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2424] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 03CA78B0 C:\Documents and Settings\jennifer.richmond\Local Settings\Application Data\Coupons.com\tbCoup.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2424] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E519A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2424] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E51FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2424] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E53FA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2424] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 03CA66B0 C:\Documents and Settings\jennifer.richmond\Local Settings\Application Data\Coupons.com\tbCoup.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2424] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E525E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2424] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 03CA7990 C:\Documents and Settings\jennifer.richmond\Local Settings\Application Data\Coupons.com\tbCoup.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2424] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 03CA6810 C:\Documents and Settings\jennifer.richmond\Local Settings\Application Data\Coupons.com\tbCoup.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2424] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2424] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E56FF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2424] WS2_32.dll!WSALookupServiceNextW 71AB3181 6 Bytes JMP 71A60F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2424] WS2_32.dll!WSALookupServiceEnd 71AB350E 6 Bytes JMP 71A30F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2424] WS2_32.dll!WSALookupServiceBeginW 71AB35EF 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2424] WS2_32.dll!send 71AB4C27 6 Bytes JMP 71A00F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2424] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes JMP 71970F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2424] WS2_32.dll!recv 71AB676F 6 Bytes JMP 719D0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2424] WS2_32.dll!WSASend 71AB68FA 6 Bytes JMP 719A0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2424] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 6 Bytes JMP 71940F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01130001
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5397 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5334 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E519A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E51FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E53FA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E525E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] ws2_32.dll!WSALookupServiceNextW 71AB3181 6 Bytes JMP 71A60F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] ws2_32.dll!WSALookupServiceEnd 71AB350E 6 Bytes JMP 71A30F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] ws2_32.dll!WSALookupServiceBeginW 71AB35EF 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] ws2_32.dll!send 71AB4C27 6 Bytes JMP 71A00F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] ws2_32.dll!WSARecv 71AB4CB5 6 Bytes JMP 71970F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] ws2_32.dll!recv 71AB676F 6 Bytes JMP 719D0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] ws2_32.dll!WSASend 71AB68FA 6 Bytes JMP 719A0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] ws2_32.dll!WSAGetOverlappedResult 71AC0D1B 6 Bytes JMP 71940F5A

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

---- Threads - GMER 1.0.15 ----

Thread System [4:444] 8A2D516D
Thread System [4:944] 89992B90

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\jennifer.richmond\Local Settings\Temporary Internet Files\Content.IE5\UNZ5Z8ED\stamp[2].txt 0 bytes

---- EOF - GMER 1.0.15 ----

Attached Files


Edited by jrichmond1975, 18 November 2011 - 03:14 PM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:44 AM

Posted 18 November 2011 - 02:16 PM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,092 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:44 PM

Posted 23 November 2011 - 01:54 PM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,092 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:44 PM

Posted 10 December 2011 - 06:46 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users