Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

urlseek20.vmn.net in my google chrome

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

urlseek20.vmn.net in my google chrome

Unread postby Kuzu » March 6th, 2011, 7:40 pm

hello
my browser redirect me to hxxp://urlseek20.vmn.net very often and my internet gets slow.
there you got my dds:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Kuzu at 0:29:42,85 on 2011-03-07
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.48.1045.18.3070.1974 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\vfsFPService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Pando Networks\Media Booster\PMB.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Kuzu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kuzu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kuzu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kuzu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Kuzu\Downloads\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
uStart Page = hxxp://securityresponse.symantec.com/av ... x_homepage
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DigitalPersona Personal Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - c:\program files\digitalpersona\bin\DpOtsPluginIe8.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\pasek narzędzi aol 5.0\aoltb.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.5\CoIEPlg.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\pasek narzędzi aol 5.0\aoltb.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\kuzu\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [DpAgent] c:\program files\digitalpersona\bin\dpagent.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [Anti-phishing Domain Advisor] "c:\programdata\anti-phishing domain advisor\visicom_antiphishing.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Wyszukiwarka na pasku narzędzi AOL - c:\programdata\aol\ietoolbar\resources\pl-pl\local\search.html
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.co ... .3.1.0.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
LSA: Notification Packages = scecli DPPWDFLT
.
============= SERVICES / DRIVERS ===============
.
R0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\system32\drivers\Amddfltr.sys [2010-10-20 15416]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-5 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-5 301528]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\programdata\symantec\definitions\symcdata\ipsdefs\20101208.003\IDSvix86.sys [2010-12-10 287792]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe [2011-2-3 81920]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2011-1-4 284672]
R2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ati technologies\ati.ace\reservation manager\AMD Reservation Manager.exe [2010-6-17 140224]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-5 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-3-5 53592]
R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2011-2-5 37944]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-1-23 52736]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-10-20 102448]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-11-5 36608]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-4-1 81296]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008]
R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-3-26 40752]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-13 23888]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-6-11 193840]
.
=============== Created Last 30 ================
.
2011-03-06 13:05:25 -------- d-----w- c:\windows\system32\appmgmt
2011-03-06 12:40:12 388096 ----a-r- c:\users\kuzu\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-03-06 12:40:11 -------- d-----w- c:\program files\Trend Micro
2011-03-05 18:03:22 -------- d-----w- c:\progra~2\LightScribe
2011-03-05 16:09:28 -------- d-----w- c:\users\kuzu\appdata\local\Apps
2011-03-05 16:08:47 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-05 16:08:43 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-03-05 16:07:14 40648 ----a-w- c:\windows\avastSS.scr
2011-03-05 16:07:09 -------- d-----w- c:\program files\AVAST Software
2011-03-05 16:07:09 -------- d-----w- c:\progra~2\AVAST Software
2011-03-01 20:35:59 -------- d-----w- C:\lol eu
2011-02-27 15:21:14 -------- d-----w- c:\progra~2\SpinTop Games
2011-02-27 15:19:54 -------- d-----w- c:\windows\Zuma's Revenge!
2011-02-27 15:19:54 -------- d-----w- c:\program files\Zuma's Revenge!
2011-02-22 22:56:29 -------- d-----w- c:\users\kuzu\appdata\roaming\Unity
2011-02-22 22:43:24 -------- d-----w- c:\users\kuzu\appdata\local\Unity
2011-02-14 19:30:37 -------- d-----w- c:\program files\Codemasters
2011-02-14 19:28:12 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2011-02-14 19:28:12 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2011-02-14 19:28:12 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2011-02-14 19:28:12 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2011-02-14 19:28:11 696320 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2011-02-14 19:28:11 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2011-02-14 19:28:11 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2011-02-11 20:53:05 -------- d-----w- c:\users\kuzu\appdata\local\ElevatedDiagnostics
2011-02-11 20:13:51 -------- d-----w- c:\users\kuzu\appdata\roaming\RadarSync
2011-02-11 20:13:42 -------- d-----w- c:\users\kuzu\appdata\local\antiphishing-radarsync1_0dn
2011-02-11 20:13:30 -------- d-----w- c:\progra~2\Anti-phishing Domain Advisor
2011-02-11 20:11:24 -------- d-----w- c:\program files\Driver Cleaner
2011-02-11 00:52:56 46 ----a-w- C:\sd.vbs
2011-02-08 15:54:43 -------- d-----w- c:\windows\system32\Adobe
2011-02-08 11:06:50 -------- d-----w- c:\program files\Audacity
2011-02-05 23:05:54 -------- d-----w- c:\program files\Real Alternative
2011-02-05 22:51:25 -------- d-----w- c:\users\kuzu\appdata\local\AMD
2011-02-05 21:53:06 -------- d-----w- c:\program files\ATI Stream
2011-02-05 21:52:30 -------- d-----w- c:\progra~2\AMD
2011-02-05 21:52:16 37944 ----a-w- c:\windows\system32\drivers\amdiox86.sys
2011-02-05 21:52:10 -------- d-----w- c:\program files\ATI Technologies
2011-02-05 21:45:49 -------- d-----w- C:\ATI
2011-02-05 18:59:25 -------- d-----w- c:\users\kuzu\appdata\local\Programs
2011-02-05 18:58:49 -------- d-----w- c:\windows\system32\tr
2011-02-05 18:58:49 -------- d-----w- c:\windows\system32\sv
2011-02-05 18:58:49 -------- d-----w- c:\windows\system32\ru
2011-02-05 18:58:49 -------- d-----w- c:\windows\system32\no
2011-02-05 18:58:49 -------- d-----w- c:\windows\system32\da
2011-02-05 18:58:44 -------- d-----w- c:\windows\system32\ko
2011-02-05 18:58:44 -------- d-----w- c:\windows\system32\ja
2011-02-05 18:58:44 -------- d-----w- c:\windows\system32\it
2011-02-05 18:58:44 -------- d-----w- c:\windows\system32\fr
2011-02-05 18:58:44 -------- d-----w- c:\windows\system32\es
2011-02-05 18:58:44 -------- d-----w- c:\windows\system32\de
2011-02-05 18:58:41 -------- d-----w- c:\windows\DPDrv
2011-02-05 18:54:01 -------- d-----w- c:\progra~2\Downloaded Installations
.
==================== Find3M ====================
.
2011-01-28 08:00:00 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-01-27 00:08:35 0 ----a-w- c:\windows\ativpsrm.bin
2010-12-07 18:40:22 183808 ----a-w- c:\windows\system32\xvidvfw.dll
2010-12-07 18:22:46 810496 ----a-w- c:\windows\system32\xvidcore.dll
2010-12-07 11:16:12 51200 ----a-w- c:\windows\system32\OpenCL.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: TOSHIBA_MK3252GSX rev.LV011C -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x83050000]<< >>UNKNOWN [0x8BF07000]<< >>UNKNOWN [0x8BEF6000]<< >>UNKNOWN [0x8BF34000]<< >>UNKNOWN [0x8B8AA000]<< >>UNKNOWN [0x83019000]<< >>UNKNOWN [0x8B87D000]<< >>UNKNOWN [0x8B8CD000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x8308C458] -> \Device\Harddisk0\DR0[0x864A8030]
\Driver\Disk[0x86992558] -> IRP_MJ_CREATE -> 0x8BF0B39F
3 [0x8BF0B59E] -> ntkrnlpa!IofCallDriver[0x8308C458] -> [0x86991020]
\Driver\Amddfltr[0x86519928] -> IRP_MJ_CREATE -> 0x8BF3506C
5 [0x8BF350B6] -> ntkrnlpa!IofCallDriver[0x8308C458] -> \Device\Ide\IdeDeviceP0T0L0-0[0x86980030]
\Driver\atapi[0x864B2840] -> IRP_MJ_CREATE -> 0x8B8C48C4
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 0:32:37,14 ===============

and Attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 2011-01-27 06:21:13
System Uptime: 2011-03-03 21:46:00 (75 hours ago)
.
Motherboard: Quanta | | 3600
Processor: AMD Turion(tm) X2 Ultra Dual-Core Mobile ZM-80 | Socket M2/S1G1 | 2100/1800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 290 GiB total, 97,485 GiB free.
D: is FIXED (NTFS) - 8 GiB total, 1,363 GiB free.
E: is CDROM ()
F: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Symantec Network Security Intermediate Filter Driver
Device ID: ROOT\LEGACY_SYMIM\0000
Manufacturer:
Name: Symantec Network Security Intermediate Filter Driver
PNP Device ID: ROOT\LEGACY_SYMIM\0000
Service: SymIM
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: COH_Mon
Device ID: ROOT\LEGACY_COH_MON\0000
Manufacturer:
Name: COH_Mon
PNP Device ID: ROOT\LEGACY_COH_MON\0000
Service: COH_Mon
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: sptd
Device ID: ROOT\LEGACY_SPTD\0000
Manufacturer:
Name: sptd
PNP Device ID: ROOT\LEGACY_SPTD\0000
Service: sptd
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.0 - Polish
Adobe Shockwave Player
Adobe Shockwave Player 11.5
Allods Online 1.1.04.44
AMD Driver Support for HP 3D DriverGuard
AMD Fuel
Anti-phishing Domain Advisor
AP Tuner 3.08
AppCore
Archiwizator WinRAR
Astroburn Pro
Atheros Driver Installation Program
ATI Catalyst Install Manager
ATI Catalyst Registration
ATI Stream SDK v2 Developer
µTorrent
Audacity 1.2.6
avast! Free Antivirus
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-core-static
ccc-utility
CCC Help English
ccCommon
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Component Framework
CyberLink DVD Suite
CyberLink YouCam
Detektor Winampa
DigitalPersona Personal 4.11
Driver Cleaner 3
Free Metronome V.1.00
Gadu-Gadu 10
GameDesire-Pool & Snooker
GIMP 2.6.11
Google Chrome
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HiJackThis
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Quick Launch Buttons 6.40 D3
HP QuickPlay 3.7
HP QuickTouch 1.00 D2
HP Update
HP User Guides 0102
HP Wireless Assistant
HPNetworkAssistant
IDT Audio
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 5
JMicron JMB38X Flash Media Controller
Juiced2_HIN
K-Lite Codec Pack 6.9.0 (Full)
LabelPrint
League of Legends
LightScribe System Software 1.12.33.2
LiveUpdate (Symantec Corporation)
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Excel MUI (Polish) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (Polish) 2007
Microsoft Office PowerPoint MUI (Polish) 2007
Microsoft Office PowerPoint Viewer 2007 (Polish)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Polish) 2007
Microsoft Office Proofing (Polish) 2007
Microsoft Office Shared MUI (Polish) 2007
Microsoft Office Word MUI (Polish) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Microsoft WSE 3.0 Runtime
Nero BurnLite 10
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
Norton AntiVirus
Norton AntiVirus Help
Norton Confidential Core
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
Pakiet sterowników systemu Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Pakiet zgodności dla systemu Office 2007
Pando Media Booster
Pasek narzędzi AOL 5.0
PC Connectivity Solution
PhotoScape
Power2Go
PowerDirector
Project IGI2 - Covert Strike
ProtectSmart Hard Drive Protection
QuickPlay SlingPlayer 0.4.6
Real Alternative 2.0.2
Realtek 8169 8168 8101E 8102E Ethernet Driver
SAMSUNG Mobile Composite Device Software
Samsung Mobile Modem Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio
Samsung New PC Studio USB Driver Installer
SAMSUNG USB Mobile Device Software
SamsungConnectivityCableDriver
Skype™ 5.1
SPBBC 32bit
SpeedFan (remove only)
Symantec Real Time Storage Protection Component
SymNet
Synaptics Pointing Device Driver
System Requirements Lab CYRI
The Lord of the Rings FREE Trial
The Sims™ 3
TotalExcelConverter
UltraISO Premium V9.36
Unity Web Player
Update for Office 2007 (KB934528)
Validity Sensors software
Warhammer Online - Age of Reckoning
Wiedźmin Edycja Rozszerzona
Winamp
Windows Live Messenger
Windows Media Player Firefox Plugin
Zuma's Revenge!
.
==== End Of File ===========================
waiting for your help:)
Last edited by Cypher on March 7th, 2011, 7:15 am, edited 1 time in total.
Reason: Disabled malicious URL
Kuzu
Active Member
 
Posts: 6
Joined: March 6th, 2011, 7:35 pm
Advertisement
Register to Remove

Re: urlseek20.vmn.net in my google chrome

Unread postby Dakeyras » March 7th, 2011, 7:04 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.
Hi and welcome to Malware Removal. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:


  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Windows 7 Advice:

All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.

The Operating System in use comes with a inbuilt utility called User Access Control(UAC) when prompted by this with anything I ask you to do carry out please select the option Allow.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Mutiple Anti-Virus Advice:

At present you have both avast! Free Antivirus and Norton Internet Security(which includes Norton AntiVirus) installed and active in System Memory. This is far from ideal, will cause a system conflict and lesson overall online protection.

I advise you decide which application you wish to keep and uninstall one only of the aforementioned.

Peer to Peer Advice:

I see you have µTorrent installed, if I may bring your attention to the forum policy about such applications here.

As a condition of receiving our help, I have included the P2P program µTorrent in the removal instructions below, so we are not wasting our time.

If you have used this, you can be fairly confident this is a principal reason your computer is infected.

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Limewire, Vuze.
Criminals have "planted" thousands upon thousands of infections in the "free" shared files. Some of the recent infections can turn your machine into a doorstop.
It's also very important to avoid any "cracks" or "Keygens" that allow unauthorized use of programs. Besides being illegal, these files also are loaded with "planted" malware.

Next:

Now please go to Start(Windows 7 Orb) >> Control Panel >> Programs and Features and remove the following (if present):

Adobe Reader 8.1.0 - Polish <-- Out of date versions can be exploited, we will update this in due course.
µTorrent
Java(TM) 6 Update 22 <-- Out of date versions can be exploited, we will update this in due course.
Java(TM) 6 Update 5

To do so click once on each of the above to highlight then click on Uninstall/Change and follow the prompts.

Scan with MBRCheck:

Please download MBRCheck.exe and save to your desktop.

Alternative Download is here.

  • Right-click on MBRCheck.exe and select Run as Administrator.
  • A window similar to this should open on your desktop:-

Image

  • If you are prompted with options, enter N at the prompt and press Enter .
  • Press Enter again.
  • A log will open on your Desktop ...... MBRCheck_mm.dd.yy_hh.mm.ss.txt (where mm.dd.yy_hh.mm.ss are the date and time the scan was run).
  • Please post the contents of the log in your next reply.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • A new set of DDS logs. <-- Post them individually please, IE: one Log per post/reply.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: urlseek20.vmn.net in my google chrome

Unread postby Kuzu » March 7th, 2011, 6:07 pm

hello
i do what u say, internet works a little faster then before but i still got redirect to urlseek20.vmn.net.
there is a DDS:


.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Kuzu at 22:59:43,99 on 2011-03-07
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.48.1045.18.3070.1503 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Users\Kuzu\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\vfsFPService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Kuzu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kuzu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kuzu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kuzu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kuzu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kuzu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Users\Kuzu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kuzu\AppData\Local\Google\Chrome\Application\chrome.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Kuzu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kuzu\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\SndVol.exe
C:\Windows\System32\vdsldr.exe
C:\Windows\System32\vds.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
uStart Page = hxxp://securityresponse.symantec.com/av ... x_homepage
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
BHO: DigitalPersona Personal Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - c:\program files\digitalpersona\bin\DpOtsPluginIe8.dll
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\pasek narzędzi aol 5.0\aoltb.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\pasek narzędzi aol 5.0\aoltb.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\kuzu\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [DpAgent] c:\program files\digitalpersona\bin\dpagent.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [Anti-phishing Domain Advisor] "c:\programdata\anti-phishing domain advisor\visicom_antiphishing.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Wyszukiwarka na pasku narzędzi AOL - c:\programdata\aol\ietoolbar\resources\pl-pl\local\search.html
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.co ... .3.1.0.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
LSA: Notification Packages = scecli DPPWDFLT
.
============= SERVICES / DRIVERS ===============
.
R0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\system32\drivers\Amddfltr.sys [2010-10-20 15416]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-5 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-5 301528]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe [2011-2-3 81920]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2011-1-4 284672]
R2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ati technologies\ati.ace\reservation manager\AMD Reservation Manager.exe [2010-6-17 140224]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-5 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-3-5 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-5 42184]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-11-5 233472]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-18 19456]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-6-11 341328]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-3-26 595248]
R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2011-2-5 37944]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-1-23 52736]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-11-5 36608]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-4-1 81296]
R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-3-26 40752]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-6-11 193840]
.
=============== Created Last 30 ================
.
2011-03-06 13:05:25 -------- d-----w- c:\windows\system32\appmgmt
2011-03-06 12:40:12 388096 ----a-r- c:\users\kuzu\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-03-06 12:40:11 -------- d-----w- c:\program files\Trend Micro
2011-03-05 18:03:22 -------- d-----w- c:\progra~2\LightScribe
2011-03-05 16:09:28 -------- d-----w- c:\users\kuzu\appdata\local\Apps
2011-03-05 16:08:47 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-05 16:08:43 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-03-05 16:07:14 40648 ----a-w- c:\windows\avastSS.scr
2011-03-05 16:07:09 -------- d-----w- c:\program files\AVAST Software
2011-03-05 16:07:09 -------- d-----w- c:\progra~2\AVAST Software
2011-03-01 20:35:59 -------- d-----w- C:\lol eu
2011-02-27 15:21:14 -------- d-----w- c:\progra~2\SpinTop Games
2011-02-27 15:19:54 -------- d-----w- c:\windows\Zuma's Revenge!
2011-02-27 15:19:54 -------- d-----w- c:\program files\Zuma's Revenge!
2011-02-22 22:56:29 -------- d-----w- c:\users\kuzu\appdata\roaming\Unity
2011-02-22 22:43:24 -------- d-----w- c:\users\kuzu\appdata\local\Unity
2011-02-14 19:30:37 -------- d-----w- c:\program files\Codemasters
2011-02-14 19:28:12 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2011-02-14 19:28:12 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2011-02-14 19:28:12 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2011-02-14 19:28:12 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2011-02-14 19:28:11 696320 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2011-02-14 19:28:11 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2011-02-14 19:28:11 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2011-02-11 20:53:05 -------- d-----w- c:\users\kuzu\appdata\local\ElevatedDiagnostics
2011-02-11 20:13:51 -------- d-----w- c:\users\kuzu\appdata\roaming\RadarSync
2011-02-11 20:13:42 -------- d-----w- c:\users\kuzu\appdata\local\antiphishing-radarsync1_0dn
2011-02-11 20:13:30 -------- d-----w- c:\progra~2\Anti-phishing Domain Advisor
2011-02-11 20:11:24 -------- d-----w- c:\program files\Driver Cleaner
2011-02-11 00:52:56 46 ----a-w- C:\sd.vbs
2011-02-08 15:54:43 -------- d-----w- c:\windows\system32\Adobe
2011-02-08 11:06:50 -------- d-----w- c:\program files\Audacity
2011-02-05 23:05:54 -------- d-----w- c:\program files\Real Alternative
2011-02-05 22:51:25 -------- d-----w- c:\users\kuzu\appdata\local\AMD
.
==================== Find3M ====================
.
2011-01-28 08:00:00 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-01-27 00:08:35 0 ----a-w- c:\windows\ativpsrm.bin
.
============= FINISH: 23:02:01,13 ===============
Kuzu
Active Member
 
Posts: 6
Joined: March 6th, 2011, 7:35 pm

Re: urlseek20.vmn.net in my google chrome

Unread postby Kuzu » March 7th, 2011, 6:11 pm

and here is attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 2011-01-27 06:21:13
System Uptime: 2011-03-07 22:42:34 (1 hours ago)
.
Motherboard: Quanta | | 3600
Processor: AMD Turion(tm) X2 Ultra Dual-Core Mobile ZM-80 | Socket M2/S1G1 | 2100/1800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 290 GiB total, 101,315 GiB free.
D: is FIXED (NTFS) - 8 GiB total, 1,364 GiB free.
E: is CDROM ()
F: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Symantec Network Security Intermediate Filter Driver
Device ID: ROOT\LEGACY_SYMIM\0000
Manufacturer:
Name: Symantec Network Security Intermediate Filter Driver
PNP Device ID: ROOT\LEGACY_SYMIM\0000
Service: SymIM
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: sptd
Device ID: ROOT\LEGACY_SPTD\0000
Manufacturer:
Name: sptd
PNP Device ID: ROOT\LEGACY_SPTD\0000
Service: sptd
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player
Adobe Shockwave Player 11.5
Allods Online 1.1.04.44
AMD Driver Support for HP 3D DriverGuard
AMD Fuel
Anti-phishing Domain Advisor
AP Tuner 3.08
Archiwizator WinRAR
Astroburn Pro
Atheros Driver Installation Program
ATI Catalyst Install Manager
ATI Catalyst Registration
ATI Stream SDK v2 Developer
µTorrent
Audacity 1.2.6
avast! Free Antivirus
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-core-static
ccc-utility
CCC Help English
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CyberLink DVD Suite
CyberLink YouCam
Detektor Winampa
DigitalPersona Personal 4.11
Driver Cleaner 3
Free Metronome V.1.00
Gadu-Gadu 10
GameDesire-Pool & Snooker
GIMP 2.6.11
Google Chrome
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HiJackThis
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Quick Launch Buttons 6.40 D3
HP QuickPlay 3.7
HP QuickTouch 1.00 D2
HP Update
HP User Guides 0102
HP Wireless Assistant
HPNetworkAssistant
IDT Audio
JMicron JMB38X Flash Media Controller
Juiced2_HIN
K-Lite Codec Pack 6.9.0 (Full)
LabelPrint
League of Legends
LightScribe System Software 1.12.33.2
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Excel MUI (Polish) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (Polish) 2007
Microsoft Office PowerPoint MUI (Polish) 2007
Microsoft Office PowerPoint Viewer 2007 (Polish)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Polish) 2007
Microsoft Office Proofing (Polish) 2007
Microsoft Office Shared MUI (Polish) 2007
Microsoft Office Word MUI (Polish) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Microsoft WSE 3.0 Runtime
Nero BurnLite 10
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
Pakiet sterowników systemu Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Pakiet zgodności dla systemu Office 2007
Pando Media Booster
Pasek narzędzi AOL 5.0
PC Connectivity Solution
PhotoScape
Power2Go
PowerDirector
Project IGI2 - Covert Strike
ProtectSmart Hard Drive Protection
QuickPlay SlingPlayer 0.4.6
Real Alternative 2.0.2
Realtek 8169 8168 8101E 8102E Ethernet Driver
SAMSUNG Mobile Composite Device Software
Samsung Mobile Modem Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio
Samsung New PC Studio USB Driver Installer
SAMSUNG USB Mobile Device Software
SamsungConnectivityCableDriver
Skype™ 5.1
SpeedFan (remove only)
Synaptics Pointing Device Driver
System Requirements Lab CYRI
The Lord of the Rings FREE Trial
The Sims™ 3
TotalExcelConverter
UltraISO Premium V9.36
Unity Web Player
Update for Office 2007 (KB934528)
Validity Sensors software
Warhammer Online - Age of Reckoning
Wiedźmin Edycja Rozszerzona
Winamp
Windows Live Messenger
Windows Media Player Firefox Plugin
Zuma's Revenge!
.
==== End Of File ===========================

And I almost forgot, it is necessary to end of using p2p or is there any ways to protect for malware and other unwanted stuff?
Kuzu
Active Member
 
Posts: 6
Joined: March 6th, 2011, 7:35 pm

Re: urlseek20.vmn.net in my google chrome

Unread postby Dakeyras » March 7th, 2011, 9:29 pm

Hi. :)

i do what u say, internet works a little faster then before but i still got redirect to urlseek20.vmn.net.
OK and thanks for the update.

it is necessary to end of using p2p or is there any ways to protect for malware and other unwanted stuff?
Yes you will have to uninstall µTorrent per the forum policy(which I suggest you read) otherwise I will be unable to assist you.

Also please run the scan with MBRCheck, per the instructions in my last post here, thank you.

I have question I would like for you to answer also please regarding the Cisco related applications you have installed...Is this machine you are requesting assistance with used for business related activities and or home use only?
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: urlseek20.vmn.net in my google chrome

Unread postby Kuzu » March 8th, 2011, 9:34 am

It is for home using.I f i had to delate utorrent is there any possibilyty that malware moves from one computer to another by wifi? becouse i have another computer in home and there a malwares wont be dangerous.
Kuzu
Active Member
 
Posts: 6
Joined: March 6th, 2011, 7:35 pm

Re: urlseek20.vmn.net in my google chrome

Unread postby Dakeyras » March 8th, 2011, 10:04 am

Hi. :)

It is for home using.
Thank you for the clarification.

I f i had to delate utorrent
No had about it I'm afraid, either you remove/uninstall the application or I will actually withdraw my assistance per the forum policy I have mentioned now for the third time and the last I will further add. Otherwise this topic will be closed!

is there any possibilyty that malware moves from one computer to another by wifi? becouse i have another computer in home and there a malwares wont be dangerous.
It is possible unfortunately, any machine can become infected on say the type of WiFi(Wireless) LAN(local area network) you are probably using is if the actual Router in use that sends the signal is compromised and or all the machines on the network are setup to allow access to each other for example.

Now let my know how you wish to proceed, if you really want my assistance as in are you going to comply with forum policy or not?
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: urlseek20.vmn.net in my google chrome

Unread postby Kuzu » March 8th, 2011, 10:32 am

ok,
utorrent uninstaled, here you gor mbrcheck:


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv5 Notebook PC
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 213):
0x83041000 \SystemRoot\system32\ntkrnlpa.exe
0x8300A000 \SystemRoot\system32\halmacpi.dll
0x80BA9000 \SystemRoot\system32\kdcom.dll
0x83600000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x8360B000 \SystemRoot\system32\PSHED.dll
0x8361C000 \SystemRoot\system32\BOOTVID.dll
0x83624000 \SystemRoot\system32\CLFS.SYS
0x83666000 \SystemRoot\system32\CI.dll
0x83711000 \SystemRoot\system32\drivers\Wdf01000.sys
0x83782000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x83790000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x837D8000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x837E1000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x837E9000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8B609000 \SystemRoot\system32\DRIVERS\pci.sys
0x8B633000 \SystemRoot\System32\drivers\partmgr.sys
0x8B737000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8B75D000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8B76D000 \SystemRoot\System32\drivers\volmgrx.sys
0x8B7B8000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8B7C0000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8B7CB000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8B7D2000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8B7E0000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B7F6000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8B803000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8B826000 \SystemRoot\system32\DRIVERS\msahci.sys
0x8B830000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8B839000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B86D000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B87E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B9AD000 \SystemRoot\System32\Drivers\msrpc.sys
0x8B9D8000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8BA26000 \SystemRoot\System32\Drivers\cng.sys
0x8BA83000 \SystemRoot\System32\drivers\pcw.sys
0x8BA91000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8BA9A000 \SystemRoot\system32\drivers\ndis.sys
0x8BB51000 \SystemRoot\system32\drivers\NETIO.SYS
0x8BB8F000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8BC33000 \SystemRoot\System32\drivers\tcpip.sys
0x8BD7C000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8BDAD000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8BDB6000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8BDF5000 \SystemRoot\System32\Drivers\spldr.sys
0x8BDFD000 \SystemRoot\system32\speedfan.sys
0x8BC00000 \SystemRoot\System32\drivers\rdyboost.sys
0x8BBB4000 \SystemRoot\System32\Drivers\mup.sys
0x8BBC4000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8BBCC000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x8BC2D000 \SystemRoot\system32\giveio.sys
0x8BE05000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8BE37000 \SystemRoot\system32\DRIVERS\disk.sys
0x8BE48000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8BE6D000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x8BE75000 \SystemRoot\system32\DRIVERS\Amddfltr.sys
0x8BEB0000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8BECF000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x8BF2D000 \SystemRoot\System32\Drivers\Null.SYS
0x8BF34000 \SystemRoot\System32\Drivers\Beep.SYS
0x8BF3B000 \SystemRoot\System32\drivers\vga.sys
0x8BF47000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8BF68000 \SystemRoot\System32\drivers\watchdog.sys
0x8BF75000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8BF7D000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8BF85000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8BF8D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8BF98000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8BFA6000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8BFBD000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8BFC8000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8B644000 \SystemRoot\system32\drivers\afd.sys
0x8BFD2000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8B69E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8BFD7000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8BFDE000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8BBD5000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x8BBEF000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8BA00000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8BA13000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8B6D0000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8B9EB000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8B9F5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8B711000 \??\C:\Program Files\UltraISO\drivers\ISODrive.sys
0x8B728000 \SystemRoot\System32\drivers\discache.sys
0x9141F000 \SystemRoot\system32\drivers\csc.sys
0x91483000 \SystemRoot\System32\Drivers\dfsc.sys
0x9149B000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x914A9000 \SystemRoot\System32\Drivers\aswSP.SYS
0x914F1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x91512000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x91E0B000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x9225F000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x92316000 \SystemRoot\System32\drivers\dxgmms1.sys
0x9234F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x9282A000 \SystemRoot\system32\DRIVERS\athr.sys
0x9293A000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x92944000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x92965000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x92991000 \SystemRoot\system32\DRIVERS\jmcr.sys
0x929A5000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x929AF000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x92800000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x9280F000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x929FA000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x9236E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x9237B000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x92827000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x923AA000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x923B7000 \SystemRoot\system32\DRIVERS\enecir.sys
0x923CF000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x923DA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x923DE000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x923E7000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x91523000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x91535000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x923F4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x9154D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x9156F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x91587000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x9159E000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x91E00000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x915B5000 \SystemRoot\system32\DRIVERS\swenum.sys
0x915B7000 \SystemRoot\system32\DRIVERS\ks.sys
0x915EB000 \SystemRoot\system32\DRIVERS\circlass.sys
0x91400000 \SystemRoot\system32\DRIVERS\amdiox86.sys
0x91410000 \SystemRoot\system32\DRIVERS\umbus.sys
0x9682E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x96872000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x96883000 \SystemRoot\system32\drivers\AtihdW73.sys
0x9689F000 \SystemRoot\system32\drivers\portcls.sys
0x968CE000 \SystemRoot\system32\drivers\drmk.sys
0x968E7000 \SystemRoot\system32\DRIVERS\stwrt.sys
0x9694F000 \SystemRoot\system32\DRIVERS\hidir.sys
0x9695E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x96971000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x96978000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x96984000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9698F000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x969A5000 \SystemRoot\system32\drivers\vfs101x.sys
0x969B2000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x98440000 \SystemRoot\System32\win32k.sys
0x969C9000 \SystemRoot\System32\drivers\Dxapi.sys
0x969D3000 \SystemRoot\System32\Drivers\usbvideo.sys
0x9680B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x96818000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x96823000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x8BE7D000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x8BE8E000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x98E35000 \SystemRoot\System32\Drivers\bthport.sys
0x98E99000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x98EBD000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x98ECA000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x98EE5000 \SystemRoot\system32\DRIVERS\bthmodem.sys
0x98EF7000 \SystemRoot\system32\drivers\modem.sys
0x986A0000 \SystemRoot\System32\TSDDD.dll
0x986D0000 \SystemRoot\System32\cdd.dll
0x98F0F000 \SystemRoot\system32\drivers\luafv.sys
0x98F2A000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x98F62000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x98F65000 \SystemRoot\system32\drivers\WudfPf.sys
0x98F7F000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x98F8F000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x98FD5000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x98FE5000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAF62D000 \SystemRoot\system32\drivers\HTTP.sys
0xAF6B2000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAF6CB000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAF6DD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAF700000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAF73B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAF756000 \SystemRoot\system32\drivers\peauth.sys
0xAF7ED000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAF600000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x98E00000 \SystemRoot\System32\drivers\tcpipreg.sys
0xB2200000 \SystemRoot\System32\DRIVERS\srv2.sys
0xB224F000 \SystemRoot\System32\DRIVERS\srv.sys
0xB230C000 \??\C:\Windows\system32\FsUsbExDisk.SYS
0xB2315000 \??\C:\Users\Kuzu\AppData\Local\Temp\mbr.sys
0xB231C000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB2327000 \SystemRoot\system32\DRIVERS\monitor.sys
0x77C50000 \Windows\System32\ntdll.dll
0x484A0000 \Windows\System32\smss.exe
0x77E90000 \Windows\System32\apisetschema.dll
0x00240000 \Windows\System32\autochk.exe
0x77B50000 \Windows\System32\wininet.dll
0x77E70000 \Windows\System32\nsi.dll
0x77A10000 \Windows\System32\urlmon.dll
0x77DE0000 \Windows\System32\clbcatq.dll
0x77960000 \Windows\System32\msvcrt.dll
0x778D0000 \Windows\System32\oleaut32.dll
0x77DB0000 \Windows\System32\imagehlp.dll
0x77890000 \Windows\System32\ws2_32.dll
0x777C0000 \Windows\System32\user32.dll
0x77DA0000 \Windows\System32\lpk.dll
0x776E0000 \Windows\System32\kernel32.dll
0x76A90000 \Windows\System32\shell32.dll
0x76A30000 \Windows\System32\difxapi.dll
0x76A10000 \Windows\System32\imm32.dll
0x77D90000 \Windows\System32\psapi.dll
0x76870000 \Windows\System32\setupapi.dll
0x76850000 \Windows\System32\sechost.dll
0x76650000 \Windows\System32\iertutil.dll
0x76600000 \Windows\System32\Wldap32.dll
0x76560000 \Windows\System32\usp10.dll
0x764B0000 \Windows\System32\rpcrt4.dll
0x76450000 \Windows\System32\shlwapi.dll
0x763D0000 \Windows\System32\comdlg32.dll
0x763C0000 \Windows\System32\normaliz.dll
0x762F0000 \Windows\System32\msctf.dll
0x76190000 \Windows\System32\ole32.dll
0x760F0000 \Windows\System32\advapi32.dll
0x760A0000 \Windows\System32\gdi32.dll
0x76070000 \Windows\System32\wintrust.dll

Processes (total 80):
0 System Idle Process
4 SYSTEM
300 C:\Windows\System32\smss.exe
420 csrss.exe
496 csrss.exe
504 C:\Windows\System32\wininit.exe
540 C:\Windows\System32\winlogon.exe
600 C:\Windows\System32\services.exe
608 C:\Windows\System32\lsass.exe
616 C:\Windows\System32\lsm.exe
728 C:\Windows\System32\svchost.exe
820 C:\Windows\System32\svchost.exe
908 C:\Windows\System32\svchost.exe
944 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\svchost.exe
1016 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\stacsv.exe
1224 C:\Windows\System32\svchost.exe
1284 C:\Windows\System32\hpservice.exe
1356 C:\Windows\System32\svchost.exe
1572 C:\Windows\System32\dwm.exe
1580 C:\Windows\explorer.exe
1624 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1812 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1852 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
1876 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
1896 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
1928 C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
1956 C:\Program Files\Winamp\winampa.exe
1968 C:\Program Files\IDT\WDM\sttray.exe
1996 C:\Program Files\DigitalPersona\Bin\DpAgent.exe
804 C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
1248 C:\Program Files\AVAST Software\Avast\AvastUI.exe
1788 C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
2052 C:\Windows\ehome\ehmsas.exe
2212 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
2332 C:\Windows\System32\spoolsv.exe
2408 C:\Program Files\Skype\Phone\Skype.exe
2440 C:\Program Files\DigitalPersona\Bin\DpHostW.exe
2644 C:\Windows\System32\taskhost.exe
2844 C:\Windows\System32\svchost.exe
2996 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe
3028 C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
3064 C:\Windows\System32\svchost.exe
3096 C:\Windows\System32\FsUsbExService.Exe
3128 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
3176 C:\Program Files\Nero\Update\NASvc.exe
3276 C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
3300 C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
3340 C:\Windows\SMINST\BLService.exe
3428 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
3648 C:\Windows\System32\svchost.exe
3676 C:\Windows\System32\vfsFPService.exe
3748 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
2044 C:\Program Files\Skype\Plugin Manager\skypePM.exe
2980 WmiPrvSE.exe
4164 C:\Users\Kuzu\AppData\Local\Google\Chrome\Application\chrome.exe
4316 C:\Users\Kuzu\AppData\Local\Google\Chrome\Application\chrome.exe
4328 C:\Users\Kuzu\AppData\Local\Google\Chrome\Application\chrome.exe
4344 C:\Users\Kuzu\AppData\Local\Google\Chrome\Application\chrome.exe
4428 C:\Users\Kuzu\AppData\Local\Google\Chrome\Application\chrome.exe
4572 C:\Users\Kuzu\AppData\Local\Google\Chrome\Application\chrome.exe
4680 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
4952 C:\Windows\System32\SearchIndexer.exe
5036 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
5136 WmiPrvSE.exe
5424 C:\Windows\System32\svchost.exe
5572 C:\Windows\System32\svchost.exe
5832 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
5892 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
5484 C:\Windows\System32\svchost.exe
5736 C:\Program Files\Windows Media Player\wmpnetwk.exe
2488 C:\Users\Kuzu\AppData\Local\Google\Chrome\Application\chrome.exe
5304 C:\Windows\System32\audiodg.exe
1908 C:\Program Files\Gadu-Gadu 10\gg.exe
4420 C:\Users\Kuzu\AppData\Local\Google\Chrome\Application\chrome.exe
492 C:\Windows\System32\SearchProtocolHost.exe
2420 C:\Windows\System32\SearchFilterHost.exe
3400 C:\Users\Kuzu\Downloads\MBRCheck.exe
3924 C:\Windows\System32\conhost.exe
960 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000048`7cd00000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK3252GSX, Rev: LV011C

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!
Kuzu
Active Member
 
Posts: 6
Joined: March 6th, 2011, 7:35 pm

Re: urlseek20.vmn.net in my google chrome

Unread postby Dakeyras » March 8th, 2011, 12:15 pm

Hi. :)

utorrent uninstaled, here you gor mbrcheck:
OK and thank you.

It has come to my attention that this application Anti-phishing Domain Advisor has some undesirable characteristics and the probable cause for some of the issues you are currently experiencing with your machine...My advice would be to uninstall it as follows.

Please go to Start(Windows 7 Orb >> Control Panel >> Programs and Features and remove the following (if present):

Anti-phishing Domain Advisor

To do so click once on each of the below and click on Uninstall/Change and follow the prompts.

Scan with OTL:

Please download OTL and save it to your Desktop.

Alternate downloads are here and here.

  • Double click on OTL.exe to start OTL.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any further symptoms and or problems encountered?
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: urlseek20.vmn.net in my google chrome

Unread postby Kuzu » March 8th, 2011, 1:51 pm

if u have time can u make a screen shot what is active in your OTL becouse i have iin polish wersion i can't translate your advice to use in my OTL?
Kuzu
Active Member
 
Posts: 6
Joined: March 6th, 2011, 7:35 pm

Re: urlseek20.vmn.net in my google chrome

Unread postby Dakeyras » March 8th, 2011, 3:18 pm

Hi. :)

if u have time can u make a screen shot what is active in your OTL becouse i have iin polish wersion i can't translate your advice to use in my OTL?
OK I was suspecting to be honest you may have had some language difficulties through no fault of your own. Now this forum is English language based only and what you have asked is just not feasible I'm afraid and will probably make the Malware Removal process that more difficult for both of us. I'm Multi-Lingual myself but unfortunately Polish is not one of them...

The best advise I can give you now is seek assistance at this Polish Language forum:-

http://www.fixitpc.pl/

Join, post a topic requesting assistance in this part of the forum:-

http://www.fixitpc.pl/forum/6-diagnosty ... eczenstwa/

By all means include a link back to this topic if you so wish and mention the fact I advised you seek assistance in a forum using your native language.

I will ask for this topic to be closed. Good luck and stay safe!
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: urlseek20.vmn.net in my google chrome

Unread postby Cypher » March 8th, 2011, 3:48 pm

As this issue needs to be resolved at a Polish Language forum, this topic is now closed!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 131 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware