Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browser redirected to Sedoparking (again and again T_T)

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Browser redirected to Sedoparking (again and again T_T)

Unread postby nashata » December 14th, 2009, 2:58 am

Just now I tried opening some of my bookmarks for work and they went to sedoparking again.. :lol: (I'll try to laugh it off)
nashata
Regular Member
 
Posts: 26
Joined: December 4th, 2009, 3:29 am
Advertisement
Register to Remove

Re: Browser redirected to Sedoparking (again and again T_T)

Unread postby Odd dude » December 14th, 2009, 5:47 am

I'm unfortunately no router expert so I can't really help you with that.

However, let's assume the reboot should have done the trick, that means there may be another problem and that my diagnosis was wrong.

We'll test as follows:

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Next run another GMER scan and post the log.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Browser redirected to Sedoparking (again and again T_T)

Unread postby nashata » December 14th, 2009, 6:02 am

I will try to download it before tonight. Right now it's redirected to sedoparking again and again.
nashata
Regular Member
 
Posts: 26
Joined: December 4th, 2009, 3:29 am

Re: Browser redirected to Sedoparking (again and again T_T)

Unread postby nashata » December 14th, 2009, 9:32 am

GMER log (thanks for your time OD, really):

GMER 1.0.15.15273 - http://www.gmer.net
Rootkit scan 2009-12-14 20:31:23
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\pwniyaob.sys


---- System - GMER 1.0.15 ----

SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwClose [0xA8E5CE36]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwCreateFile [0xA8E60BD8]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwCreateKey [0xA8E5E098]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwCreateThread [0xA8E62222]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwDebugActiveProcess [0xA8E61EF8]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwDeleteFile [0xA8E60F16]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwDeleteKey [0xA8E5E2BE]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwDeleteValueKey [0xA8E5E922]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwDeviceIoControlFile [0xA8E5D042]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwDuplicateObject [0xA8E60554]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwFsControlFile [0xA8E5CE78]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwInitiatePowerAction [0xA8E5CB9A]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwLoadDriver [0xA8E5FF0C]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwMakeTemporaryObject [0xA8E5CCF8]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwOpenFile [0xA8E60A10]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwOpenProcess [0xF778F470]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwOpenSection [0xA8E5D20C]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwOpenThread [0xA8E620BC]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwProtectVirtualMemory [0xA8E628F4]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwReadVirtualMemory [0xA8E5D3BC]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwRenameKey [0xA8E5E42E]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwReplaceKey [0xA8E61848]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwRequestWaitReplyPort [0xA8E6035E]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwRestoreKey [0xA8E6169A]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwSetContextThread [0xA8E62690]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwSetInformationFile [0xA8E613CA]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwSetInformationProcess [0xA8E61FE8]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwSetSystemInformation [0xA8E6009C]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwSetSystemPowerState [0xA8E5CC4A]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwSetSystemTime [0xA8E5CA3A]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwSetValueKey [0xA8E5E5E2]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwShutdownSystem [0xA8E5CB10]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwSuspendProcess [0xA8E61E0A]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwSuspendThread [0xA8E6256C]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwSystemDebugControl [0xA8E5C996]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwTerminateProcess [0xF778F520]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwTerminateThread [0xF778F5C0]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwWriteFile [0xA8E61096]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwWriteFileGather [0xA8E61230]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwWriteVirtualMemory [0xF778F660]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C98 80503B74 8 Bytes JMP 5092E45E
.text ntkrnlpa.exe!ZwCallbackReturn + 2F24 80503E00 4 Bytes CALL C2F92424
.text ntkrnlpa.exe!ZwCallbackReturn + 2F54 80503E30 12 Bytes [9C, 00, E6, A8, 4A, CC, E5, ...] {PUSHF ; ADD DH, AH; TEST AL, 0x4a; INT 3 ; IN EAX, 0xa8; CMP CL, DL; IN EAX, 0xa8}
.text ntkrnlpa.exe!ZwCallbackReturn + 2F88 80503E64 12 Bytes [0A, 1E, E6, A8, 6C, 25, E6, ...] {OR BL, [ESI]; OUT 0xa8, AL; INSB ; AND EAX, 0xc996a8e6; IN EAX, 0xa8}
pnidata C:\WINDOWS\system32\DRIVERS\secdrv.sys unknown last section [0xA827CF00, 0x24000, 0x48000000]

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [28]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F49C
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F530
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F6BD
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [68]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [28]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F49C
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F530
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F6BD
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [68]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6144AE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6144ADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6144A7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6144ADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [61449CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6144AE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6144ADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6144A7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6144ADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [61449CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6144AE29] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6144AE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6144ADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6144ADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6144A7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6144A3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [6144A3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [61449C27] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [61449B56] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [61449B94] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [61449CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6144ADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6144ADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [6144A7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6144AE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6144AE29] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [61449D87] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61449B94] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6144A3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [61449C27] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [6144A3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [61449CF2] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61449B56] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Ip jaagabki.sys (Malware Defender Driver/TorchSoft)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp jaagabki.sys (Malware Defender Driver/TorchSoft)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp jaagabki.sys (Malware Defender Driver/TorchSoft)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp jaagabki.sys (Malware Defender Driver/TorchSoft)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE0 0xBD 0xF2 0x04 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBD 0x7A 0x4B 0xA1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7D 0xF7 0xAF 0xAA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE0 0xBD 0xF2 0x04 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBD 0x7A 0x4B 0xA1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7D 0xF7 0xAF 0xAA ...

---- EOF - GMER 1.0.15 ----
nashata
Regular Member
 
Posts: 26
Joined: December 4th, 2009, 3:29 am

Re: Browser redirected to Sedoparking (again and again T_T)

Unread postby nashata » December 14th, 2009, 9:34 am

Sorry it's double posted :D
nashata
Regular Member
 
Posts: 26
Joined: December 4th, 2009, 3:29 am

Re: Browser redirected to Sedoparking (again and again T_T)

Unread postby Odd dude » December 14th, 2009, 11:11 am

OK, that log came back good.

You can start Defogger and click the "Re-enable" button.

Do your still have your Windows disc?
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Browser redirected to Sedoparking (again and again T_T)

Unread postby nashata » December 14th, 2009, 12:28 pm

No, I usually go to the computer shop to have it reformatted. I have an old Windows XP cd that works for the other computer, but for this notebook, somehow the display is spread weirdly and there's no fixing it, probably because of different width ratio (I asked the computer shop again after reformatting myself).

The redirected page is happening more and more now, especially when I'm opening a link from somewhere (like emails, the link you gave, etc). I guess tomorrow I'll try to go online from a free wifi provided place to check if this is related to the internet.
nashata
Regular Member
 
Posts: 26
Joined: December 4th, 2009, 3:29 am

Re: Browser redirected to Sedoparking (again and again T_T)

Unread postby Odd dude » December 14th, 2009, 2:21 pm

nashata wrote:I guess tomorrow I'll try to go online from a free wifi provided place to check if this is related to the internet.
That would be very helpful in determining whether it's indeed the router or not :)

The reason I asked whether you still had your Windows XP disc was not because I was out of options, but because we might need it. Any Windows XP disc will be fine as long as it meets these requirements:
- Must be the same edition (Home/Professional) as you're using
- Must be the same service pack as you're using (that would be SP2)
Does the CD you have meet these requirements?
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Browser redirected to Sedoparking (again and again T_T)

Unread postby nashata » December 14th, 2009, 2:44 pm

Oh I didn't think you were :D
I don't think that the Windows cd I have is the same one to this, though. If anything, I can always go back to the computer shop and ask what kind of cd they're using. But that probably took some time since I can only go there around weekend.
nashata
Regular Member
 
Posts: 26
Joined: December 4th, 2009, 3:29 am

Re: Browser redirected to Sedoparking (again and again T_T)

Unread postby nashata » December 15th, 2009, 9:30 am

Hi OD,
currently I'm online using a Free Wi-Fi and so far for the last 5 minutes, no sedoparking just yet. Will keep you informed if it appears.
nashata
Regular Member
 
Posts: 26
Joined: December 4th, 2009, 3:29 am

Re: Browser redirected to Sedoparking (again and again T_T)

Unread postby Odd dude » December 16th, 2009, 12:40 pm

From the absence of any subsequent replies, I take it that using this free wifi the problem disappeared? If so, the problem is your router and I'll see whether I can assist you.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Browser redirected to Sedoparking (again and again T_T)

Unread postby nashata » December 16th, 2009, 1:56 pm

I tried using wi-fi yesterday, and no sedoparking for an hour. Then I went home and tried again using the usual connection and it's back to sedo! :cry:
nashata
Regular Member
 
Posts: 26
Joined: December 4th, 2009, 3:29 am

Re: Browser redirected to Sedoparking (again and again T_T)

Unread postby Odd dude » December 16th, 2009, 2:17 pm

Then the problem is with your router and therefore your router needs to be reset. If you give me the name and codenumber of your router I might be able to find some instructions for doing that.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Browser redirected to Sedoparking (again and again T_T)

Unread postby nashata » December 16th, 2009, 2:34 pm

It's Prolink Hurricane 5200C. I tried the tiny reset button just now, but after a while, the browser's page only asked me to reenter username and password (unlike the first time setup).
nashata
Regular Member
 
Posts: 26
Joined: December 4th, 2009, 3:29 am

Re: Browser redirected to Sedoparking (again and again T_T)

Unread postby Odd dude » December 16th, 2009, 3:13 pm

OK, I have zero experience with this, so if these instructions don't work, there really isn't much more I can do for you.

Enter this address in Internet Explorer:
192.168.1.1

Find something called DNS Configuration (in the document I found on-line it's listed under Advanced Configuration, not sure if this helps, I'm sorry I can't be more clear) and set it to Attain DNS Addresses Manually. Save your settings and close. Then shut down your computer and press the button labeled 'reset' on the back of the router. Leave the router like that for a while, then turn back on your computer. Do ipconfig/flushdns and ipconfig/registerdns. Then click start>run and copy and paste:
Code: Select all
sc config dnscache start= disabled

Click OK. A MS-DOS prompt opens and closes in the blink of an eye. Now reboot the computer and see if things have changed.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 485 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware