Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

sedoparking redirect

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

sedoparking redirect

Unread postby dmlutchen » December 1st, 2011, 5:56 pm

Ive seen this be resolved here before so Im hoping it will be the case with with me too. About a week ago Im on my laptop both Firefox and Chrome and just randomly search results are being prompted to be saved and when I go to the address bar and type in a search term not all the time but randomly be redirected so sedoparking.com I also cant download and save anything in Firefox as it says I cannot change the contents of the folder. Also Chrome now takes forever and a day.. This is now happening on my desktop too.

DDS -

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by David at 15:51:16 on 2011-12-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1644 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\David\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Sticky Password\stpass.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\Suo10_SmartRAM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\TeamViewer\Version6\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version6\tv_x64.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\David\AppData\Local\Temp\7zO6D5.tmp\SUPERAntiSpyware Professional.exe
C:\Users\David\AppData\Local\Temp\7zO6D5.tmp\SUPERAntiSpyware\SKEL\ba50f6b24b4fbcb577104839711a2478aa30d320\SASCORE.EXE
C:\Program Files (x86)\Everything\Everything.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.com/
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
uRun: [3DFE07AAA0B32A309ED9547B543D5CA16227B004._service_run] "C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
uRun: [Google Update] "C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [MusicManager] "C:\Users\David\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [Advanced SystemCare 4] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe"
uRun: [StickyPassword] C:\Program Files (x86)\Sticky Password\stpass.exe
uRun: [SmartRAM] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\Suo10_SmartRAM.exe" /m
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_Plugin.exe -update plugin
mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
mRun: [EPSON_UD_START] "C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe" -UDCONNECT
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [GrpConv] grpconv -o
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoInstrumentation = 0 (0x0)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://C:\Program Files (x86)\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://C:\Program Files (x86)\ieSpell\wikipedia.HTM
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7C413551-5001-4EBE-9365-9DFA8947F2D4} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7C413551-5001-4EBE-9365-9DFA8947F2D4}\075627B696E6373676 : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{7C413551-5001-4EBE-9365-9DFA8947F2D4}\157756374775966496 : DhcpNameServer = 192.168.9.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{7C413551-5001-4EBE-9365-9DFA8947F2D4}\25169646562737 : DhcpNameServer = 172.16.15.253 4.2.2.2
TCP: Interfaces\{7C413551-5001-4EBE-9365-9DFA8947F2D4}\4457E6E62427F637 : DhcpNameServer = 4.2.2.2 4.2.2.3
TCP: Interfaces\{7C413551-5001-4EBE-9365-9DFA8947F2D4}\4656661657C647 : DhcpNameServer = 192.168.10.1
TCP: Interfaces\{7C413551-5001-4EBE-9365-9DFA8947F2D4}\C45747368656E6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AB9D3333-D19A-4DED-BBC7-5C56D7E1BA07} : DhcpNameServer = 192.168.42.129
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL acaptuser32.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO-X64: ZoneAlarm Security Engine Registrar - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
mRun-x64: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
mRun-x64: [EPSON_UD_START] "C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe" -UDCONNECT
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce-x64: [GrpConv] grpconv -o
IE-X64: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE-X64: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
AppInit_DLLs-X64: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL acaptuser32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\drgfjiy6.default\
FF - prefs.js: browser.search.selectedEngine - Search The Web
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Sticky Password\npSPAutofill.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
FF - plugin: C:\Users\David\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\David\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\David\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\David\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R1 CFRMD;CFRMD;C:\Windows\system32\DRIVERS\CFRMD.sys --> C:\Windows\system32\DRIVERS\CFRMD.sys [?]
R1 CFRPD;CFRPD;C:\Windows\system32\DRIVERS\CFRPD.sys --> C:\Windows\system32\DRIVERS\CFRPD.sys [?]
R1 ElRawDisk;ElRawDisk;\??\C:\Windows\system32\drivers\ElRawDsk.sys --> C:\Windows\system32\drivers\ElRawDsk.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AdvancedSystemCareService;Advanced SystemCare Service;C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-10-23 328536]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-9-8 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 EMP_UDSA;EMP_UDSA;C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [2011-10-13 94208]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-11-3 92216]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-10-8 681656]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-7-25 33672]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2011-7-25 827520]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-8-30 2358656]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
R3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\system32\DRIVERS\teamviewervpn.sys --> C:\Windows\system32\DRIVERS\teamviewervpn.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
RUnknown 1538571drv;1538571drv; [x]
RUnknown 41178656;41178656; [x]
RUnknown DwProt;DwProt; [x]
S2 a2AntiMalware;Emsisoft Anti-Malware 5.1 - Service;"G:\UTILITIES\EMSISOFT ANTI-MALWARE\a2service.exe" --> G:\UTILITIES\EMSISOFT ANTI-MALWARE\a2service.exe [?]
S2 Cleaner_Validator;COMODO System - Cleaner Service;F:\USB\Utilities\Cleaner_Validator.exe --> F:\USB\Utilities\Cleaner_Validator.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 IMFservice;IMF Service;G:\Utilities\IObit Malware Fighter\IMFsrv.exe --> G:\Utilities\IObit Malware Fighter\IMFsrv.exe [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-4-22 30192]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-12-01 16:48:09 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2011-12-01 03:47:07 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{02266703-8A69-4473-8EB0-C13E83FF233A}\offreg.dll
2011-12-01 03:47:03 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{02266703-8A69-4473-8EB0-C13E83FF233A}\mpengine.dll
2011-12-01 03:27:19 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-11-28 02:16:51 -------- d-----w- C:\Program Files\iPod
2011-11-28 02:16:50 -------- d-----w- C:\Program Files\iTunes
2011-11-28 02:16:50 -------- d-----w- C:\Program Files (x86)\iTunes
2011-11-15 19:23:56 52568 ----a-r- C:\Windows\System32\AdobePDF.dll
2011-11-15 19:23:56 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2011-11-15 19:19:43 112056 ----a-w- C:\Windows\SysWow64\acaptuser32.dll
2011-11-13 16:34:07 -------- d-----w- C:\Users\David\AppData\Roaming\SpringPublisher
2011-11-13 16:34:07 -------- d-----w- C:\Program Files (x86)\SpringPublisher
2011-11-11 22:09:40 -------- d-----w- C:\ProgramData\ALM
2011-11-11 20:26:20 -------- d-----w- C:\Windows\SysWow64\syncdb
2011-11-11 00:53:42 -------- d-----w- C:\Users\David\.thumbnails
2011-11-10 18:10:25 -------- d-----w- C:\Program Files (x86)\GIMP-2.0
2011-11-08 19:57:02 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-08 19:57:02 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-08 19:56:59 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-08 19:56:58 3144704 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M ====================
.
2011-11-24 01:07:57 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-24 19:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-10-09 02:27:58 51496 ----a-w- C:\Windows\System32\drivers\stflt.sys
2011-10-09 02:20:57 74703 ----a-w- C:\Windows\SysWow64\mfc45.dll
2011-10-09 02:19:57 74703 ----a-w- C:\Windows\SysWOW64mfc45.dll
2011-10-01 01:12:50 14848 ----a-w- C:\Windows\System32\smrgdf.exe
2011-10-01 01:12:44 45568 ----a-w- C:\Windows\System32\iolobtdfg.exe
2011-10-01 01:03:32 2142856 ----a-w- C:\Windows\System32\Incinerator64.dll
2011-10-01 01:03:30 2084488 ----a-w- C:\Windows\SysWow64\Incinerator32.dll
2011-09-28 16:52:48 10210304 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-09-28 16:25:40 24600576 ----a-w- C:\Windows\System32\atio6axx.dll
2011-09-28 16:16:56 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-09-28 16:16:46 736768 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-09-28 16:15:26 867328 ----a-w- C:\Windows\System32\aticfx64.dll
2011-09-28 16:12:58 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-09-28 16:12:52 487936 ----a-w- C:\Windows\System32\atieclxx.exe
2011-09-28 16:12:18 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-09-28 16:11:10 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-09-28 16:10:56 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-09-28 16:10:48 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-09-28 16:10:38 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-09-28 16:10:32 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-09-28 16:10:28 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-09-28 16:10:22 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-09-28 16:10:12 18584064 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-09-28 16:07:26 4231680 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-09-28 15:58:10 4960256 ----a-w- C:\Windows\System32\atidxx64.dll
2011-09-28 15:56:48 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-09-28 15:56:26 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-09-28 15:56:14 4023296 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-09-28 15:48:04 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-09-28 15:48:04 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-09-28 15:48:02 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-09-28 15:47:54 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-09-28 15:47:52 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-09-28 15:47:42 9809920 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-09-28 15:46:24 4174848 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-09-28 15:44:46 8390656 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-09-28 15:42:08 5431808 ----a-w- C:\Windows\System32\atiumd64.dll
2011-09-28 15:41:34 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-09-28 15:35:34 479744 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-09-28 15:35:26 335872 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-09-28 15:35:16 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-09-28 15:35:12 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-09-28 15:35:12 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-09-28 15:35:08 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-09-28 15:35:02 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-09-28 15:34:54 317952 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-09-28 15:34:12 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-09-28 15:34:06 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-09-28 15:34:00 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-09-28 15:33:54 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-09-28 15:33:24 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-09-28 15:32:34 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2011-09-28 15:32:34 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-09-28 15:32:30 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-09-28 15:32:30 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-09-14 16:47:42 60416 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-09-14 16:47:40 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-09-14 16:47:22 51200 ----a-w- C:\Windows\System32\OpenCL.dll
2011-09-14 16:47:18 43520 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2011-09-14 16:47:10 16652288 ----a-w- C:\Windows\System32\amdocl64.dll
2011-09-14 16:46:58 13625856 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-09-14 16:38:30 44032 ----a-w- C:\Windows\System32\amdoclcl64.dll
2011-09-14 16:38:28 37376 ----a-w- C:\Windows\SysWow64\amdoclcl.dll
2011-09-14 05:51:25 627600 ----a-w- C:\Windows\System32\deployJava1.dll
2011-09-07 04:26:18 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
.
============= FINISH: 15:53:32.34 ===============
You do not have the required permissions to view the files attached to this post.
dmlutchen
Active Member
 
Posts: 4
Joined: December 1st, 2011, 5:20 pm
Advertisement
Register to Remove

Re: sedoparking redirect

Unread postby Cypher » December 2nd, 2011, 6:56 am

Posting Logs as Attachments

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.

The section Logs posted as attachments explains why you should not post attachments unless the helper assisting you requests that you do so. Thank you for your understanding.

This topic is now closed.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 122 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware