how to remove urlseek

Microsoft Windows vista home premium - 3...
November 25, 2010 at 08:48:20
Specs: Windows Vista
I have been experiencing browser hi-jacking from some bozos who call themselves,urlseek.vmn.net. I have a windows vista computer. I use both explorer and chrome. Searches relatedto this problem only seemto turn up solutions for firefox. Does anyone knowhow I can get rid of this? Thanks Tim

See More: how to remove urlseek

Report •


#1
November 25, 2010 at 11:08:09
Try installing a legitimate anti-spyware software. You can try superantispyware and malwarebytes antimalware. Both mentioned software are free and does a great job at detecting and removing various spyware. Download, install and update. Then run a full system scan. Download links http://www.pcrisk.com/top-spyware-r...

Report •

#2
November 25, 2010 at 12:51:37
Thanks. I'll give the malwarebytes a try. Perhaps I should have mentioned that I have already tried to scan for it with Superantispyware. Nothing turns up. I also tried an online scan from Panda. Nothing there either. Mcafee Stinger shows 4 infected files but says it can not repair them. I'll keep trying.

Thanks again,

Tim


Report •

#3
November 25, 2010 at 16:28:41
Hi:

Ok. I just ran malwarebytes. Nothing turned up there either.

Tim


Report •

Related Solutions

#4
November 26, 2010 at 03:53:52
Try these:
1- Trojan Remover
2- Hitman Pro
Remove all they find. Run them till they are clean.
Do this next step AFTER you do the above.
If the above doesn't work you can use
3- combofix
http://www.bleepingcomputer.com/com...
Follow the tutorial closely and you will be fine.


Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#5
November 26, 2010 at 07:46:02
Thanks. I'll get to work.

Tim


Report •

#6
November 26, 2010 at 10:15:20
Hi Again:

Ok....So I ran Trojan Remover and Hitman Pro. Neither of those turned anything up. As instructed, I ran combofix. I did my best to follow the tutorial carefully but it seemed that combofix was moving faster than I was, automatically skipping steps that were outlined in the instructions. Hopefully this will not result in a problem.

Also, combofix prompted me to disable Superantispyware. I attempted to do this but I could not figure out how. So I attempted to uninstall Superantispyware completely. It kept, reinstalling itself, however. Finally I opted to run combofix anyway.

The following is the Combofix log file.

ComboFix 10-11-25.06 - Tim 11/26/2010 9:18.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.872 [GMT -8:00]
Running from: c:\users\Tim\Downloads\ComboFix.exe
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_usnjsvc


((((((((((((((((((((((((( Files Created from 2010-10-26 to 2010-11-26 )))))))))))))))))))))))))))))))
.

2010-11-26 16:30 . 2010-11-26 16:30 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-11-26 16:30 . 2010-11-26 16:30 -------- d-----w- c:\programdata\Hitman Pro
2010-11-26 16:07 . 2006-06-19 21:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-11-26 16:07 . 2006-05-25 23:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-11-26 16:07 . 2005-08-26 09:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-11-26 16:07 . 2003-02-03 04:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-11-26 16:07 . 2002-03-06 09:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-11-26 16:07 . 2010-11-26 16:15 -------- d-----w- c:\program files\Trojan Remover
2010-11-26 16:07 . 2010-11-26 16:07 -------- d-----w- c:\users\Tim\AppData\Roaming\Simply Super Software
2010-11-26 16:07 . 2010-11-26 16:07 -------- d-----w- c:\programdata\Simply Super Software
2010-11-26 15:54 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{52A74652-F63D-45E7-BE51-A19BFE89EFC7}\mpengine.dll
2010-11-25 21:18 . 2010-11-25 21:18 -------- d-----w- c:\users\Tim\AppData\Roaming\Malwarebytes
2010-11-25 21:17 . 2010-04-29 23:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-25 21:17 . 2010-11-25 21:17 -------- d-----w- c:\programdata\Malwarebytes
2010-11-25 21:17 . 2010-04-29 23:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-25 21:17 . 2010-11-25 21:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-25 21:15 . 2010-11-25 21:15 -------- d-----w- c:\users\Tim\AppData\Roaming\Sammsoft
2010-11-25 21:15 . 2010-11-25 21:15 -------- d-----w- c:\program files\MemTurbo 4
2010-11-25 21:15 . 2010-11-25 21:15 -------- d-----w- c:\program files\Advanced Registry Optimizer
2010-11-23 14:16 . 2010-11-23 14:16 -------- d-----w- c:\users\Tim\AppData\Roaming\Panda Security
2010-11-23 14:15 . 2010-11-23 14:15 -------- d-----w- c:\users\Tim\AppData\Roaming\SurfSecret Privacy Suite
2010-11-23 14:14 . 2010-11-23 14:15 -------- d-----w- c:\users\Tim\AppData\Local\panda2_0dn
2010-11-23 14:14 . 2010-11-23 14:15 -------- d-----w- c:\programdata\Panda Security Toolbar Antiphishing
2010-11-23 14:13 . 2010-11-23 14:13 -------- d-----w- c:\programdata\Panda Security
2010-11-23 14:11 . 2010-10-07 16:50 428352 ----a-w- c:\users\Tim\StubInstaller.exe
2010-11-23 04:02 . 2009-06-30 18:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-11-23 04:02 . 2010-11-23 14:15 -------- d-----w- c:\program files\Panda Security
2010-11-10 14:16 . 2010-10-07 11:35 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 18:41 . 2009-10-03 14:08 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-20 09:25 . 2010-10-14 13:03 231936 ----a-w- c:\windows\system32\msshsq.dll
2010-09-10 16:37 . 2010-10-13 13:18 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 17:26 . 2010-10-13 13:17 833024 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 17:23 . 2010-10-13 13:17 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 15:53 . 2010-10-13 13:17 389632 ----a-w- c:\windows\system32\html.iec
2010-09-08 15:28 . 2010-10-13 13:17 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:24 . 2010-10-13 13:17 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:23 . 2010-10-13 13:17 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-06 14:13 . 2010-10-13 13:17 303616 ----a-w- c:\windows\system32\drivers\srv.sys
2010-09-06 14:12 . 2010-10-13 13:17 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-06 14:12 . 2010-10-13 13:17 101888 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-31 15:41 . 2010-10-13 13:17 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:41 . 2010-10-13 13:17 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:40 . 2010-10-13 13:17 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:39 . 2010-10-13 13:17 2037248 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2010-11-02 14:03 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2010-11-02 86696]

[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-05-14 22:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-05-14 22:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2006-11-12 446976]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 1481968]
"Google Update"="c:\users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-05-09 133104]
"AROReminder"="c:\program files\Advanced Registry Optimizer\ARO.exe" [2010-10-18 2215944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-20 815104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-15 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-15 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-15 81920]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-05-02 184320]
"Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe" [2007-08-30 61440]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-06-27 212992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-05-14 406848]
"Panda Security Toolbar Antiphishing"="c:\programdata\Panda Security Toolbar Antiphishing\panda2_0dn.exe" [2010-11-02 441856]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-08-02 1167808]

c:\users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MemTurbo.lnk - c:\program files\MemTurbo 4\MemTurbo.exe [2010-11-25 3121760]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-4 110592]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-7-10 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-7-10 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 19:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-11-26 16968]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2010-06-17 126024]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-02-29 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-02-29 51440]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-08-09 140608]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2010-05-28 141384]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2010-07-22 99400]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2010-04-30 111112]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2010-07-22 112712]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4219619567-1222890213-1990470374-1000Core.job
- c:\users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-09 14:43]

2010-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4219619567-1222890213-1990470374-1000UA.job
- c:\users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-09 14:43]

2010-05-15 c:\windows\Tasks\McDefragTask.job
- c:\windows\system32\Defrag.exe [2008-09-24 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.att.net
uInternet Settings,ProxyOverride = *.local
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Radio365Agent - (no file)
HKLM-Run-MWLExe - c:\program files\Mcafee\MWL\MWLGui.exe
HKLM-Run-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
HKLM-Run-DXDllRegExe - dxdllreg.exe
AddRemove-HDMI - c:\windows\system32\igxpun.exe
AddRemove-MSC - c:\program files\McAfee\MSC\mcuninst.exe
AddRemove-{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A} - c:\program files\McAfee\SiteAdvisor\Uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-26 09:48
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3388)
c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Dell\QuickSet\quickset.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2010-11-26 09:56:10 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-26 17:56

Pre-Run: 5,012,058,112 bytes free
Post-Run: 4,932,923,392 bytes free

- - End Of File - - 6231DEA0E87FFC8057241EA16711DB72

Thanks so much for your time. I am very grateful!

Tim


Report •

#7
November 26, 2010 at 13:40:11
funny that after you uninstalled Super-Anti it kept re-installing.
If your problem is not rectified, I would suggest you use revo uninstaller to remove Super, that will clean it out of registry.
http://www.revouninstaller.com/revo...

You can always re-install it later if you'd like.
Here is my setup for many years now
1- Avast Free
2- winpatrol
3- spyware Blaster
4- Ccleaner slim
5- Malwarebytes
Those are on all of my PC's plus I set them up on all my repairs too, all free versions and work great. I quit using Super years ago.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#8
November 26, 2010 at 16:26:54
Ok. Thanks. I'll give that a try. And so far I have not seen a return of that Urlseek. I will cross my fingers that it does not return.

Thanks again,

Tim


Report •

#9
November 27, 2010 at 08:27:24
Hi:

Well. It appears that It's back. Now the web address has changes slightly. It's now urlseek60.vmn.net. Otherwise it is the same. It was gone for a few hours at least. Any further ideas?

Tim


Report •

#10
November 27, 2010 at 09:40:09
Run these is this order:
1- rkill.exe (stops malware)
2- tdss killer (removes unwanted rootkit if present)
3- Malwarebytes (run full scan removing all it finds)

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#11
November 27, 2010 at 12:56:45
Hi:

Ok. I have run all three. rkill.exe presented a log file that shows a list of "processes terminated," while running it. Otherwise I am not sure what it accomplished. Tdss killer reported that it found no malicious software. Malwarebytes also reported that it found nothing.

Does this mean anything?

Thanks.

Tim


Report •

#12
November 27, 2010 at 13:07:36
Mcafee Stinger shows 4 infected files but says it can not repair them
What are the names of the files?


rkill.exe presented a log file that shows a list of "processes terminated," while running it.
That's unusual, which processes were they?

The more info the better ....did you use revo to uninstall super-anti?

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#13
November 27, 2010 at 13:15:13
Hi:

I did use revo to uninstall superantispyware. That operation was successful thanks for the suggestion. The following is the logfile in question from from rkill.exe:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Tim on 11/27/2010 at 9:52:09.


Services Stopped:


Processes terminated by Rkill or while it was running:


C:\ProgramData\Panda Security Toolbar Antiphishing\panda2_0dn.exe
C:\Users\Tim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tim\Downloads\rkill.exe


Rkill completed on 11/27/2010 at 9:52:15.

Thanks again,

Tim


Report •

#14
November 27, 2010 at 18:39:45
Run another combofix now that super is uninstalled.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#15
November 27, 2010 at 19:31:01
Hi:

Okey dokey. As you instructed, I just ran combofix again. Hopefully it will work this time. The following is the log file:

ComboFix 10-11-27.01 - Tim 11/27/2010 19:11:48.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.955 [GMT -8:00]
Running from: c:\users\Tim\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-10-28 to 2010-11-28 )))))))))))))))))))))))))))))))
.

2010-11-28 03:22 . 2010-11-28 03:22 -------- d-----w- c:\users\Marie\AppData\Local\temp
2010-11-28 03:22 . 2010-11-28 03:22 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-11-28 03:22 . 2010-11-28 03:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-26 16:30 . 2010-11-26 16:30 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-11-26 16:30 . 2010-11-26 16:30 -------- d-----w- c:\programdata\Hitman Pro
2010-11-26 16:07 . 2006-06-19 21:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-11-26 16:07 . 2006-05-25 23:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-11-26 16:07 . 2005-08-26 09:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-11-26 16:07 . 2003-02-03 04:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-11-26 16:07 . 2002-03-06 09:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-11-26 16:07 . 2010-11-26 16:15 -------- d-----w- c:\program files\Trojan Remover
2010-11-26 16:07 . 2010-11-26 16:07 -------- d-----w- c:\users\Tim\AppData\Roaming\Simply Super Software
2010-11-26 16:07 . 2010-11-26 16:07 -------- d-----w- c:\programdata\Simply Super Software
2010-11-26 15:54 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{52A74652-F63D-45E7-BE51-A19BFE89EFC7}\mpengine.dll
2010-11-25 21:18 . 2010-11-25 21:18 -------- d-----w- c:\users\Tim\AppData\Roaming\Malwarebytes
2010-11-25 21:17 . 2010-04-29 23:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-25 21:17 . 2010-11-25 21:17 -------- d-----w- c:\programdata\Malwarebytes
2010-11-25 21:17 . 2010-04-29 23:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-25 21:17 . 2010-11-25 21:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-25 21:15 . 2010-11-25 21:15 -------- d-----w- c:\users\Tim\AppData\Roaming\Sammsoft
2010-11-25 21:15 . 2010-11-25 21:15 -------- d-----w- c:\program files\MemTurbo 4
2010-11-25 21:15 . 2010-11-25 21:15 -------- d-----w- c:\program files\Advanced Registry Optimizer
2010-11-23 14:16 . 2010-11-23 14:16 -------- d-----w- c:\users\Tim\AppData\Roaming\Panda Security
2010-11-23 14:15 . 2010-11-23 14:15 -------- d-----w- c:\users\Tim\AppData\Roaming\SurfSecret Privacy Suite
2010-11-23 14:14 . 2010-11-23 14:15 -------- d-----w- c:\users\Tim\AppData\Local\panda2_0dn
2010-11-23 14:14 . 2010-11-23 14:15 -------- d-----w- c:\programdata\Panda Security Toolbar Antiphishing
2010-11-23 14:13 . 2010-11-23 14:13 -------- d-----w- c:\programdata\Panda Security
2010-11-23 14:11 . 2010-10-07 16:50 428352 ----a-w- c:\users\Tim\StubInstaller.exe
2010-11-23 04:02 . 2009-06-30 18:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-11-23 04:02 . 2010-11-23 14:15 -------- d-----w- c:\program files\Panda Security
2010-11-10 14:16 . 2010-10-07 11:35 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 18:41 . 2009-10-03 14:08 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-20 09:25 . 2010-10-14 13:03 231936 ----a-w- c:\windows\system32\msshsq.dll
2010-09-10 16:37 . 2010-10-13 13:18 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 17:26 . 2010-10-13 13:17 833024 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 17:23 . 2010-10-13 13:17 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 15:53 . 2010-10-13 13:17 389632 ----a-w- c:\windows\system32\html.iec
2010-09-08 15:28 . 2010-10-13 13:17 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:24 . 2010-10-13 13:17 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:23 . 2010-10-13 13:17 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-06 14:13 . 2010-10-13 13:17 303616 ----a-w- c:\windows\system32\drivers\srv.sys
2010-09-06 14:12 . 2010-10-13 13:17 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-06 14:12 . 2010-10-13 13:17 101888 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-31 15:41 . 2010-10-13 13:17 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:41 . 2010-10-13 13:17 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:40 . 2010-10-13 13:17 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:39 . 2010-10-13 13:17 2037248 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2010-11-02 14:03 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2010-11-02 86696]

[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-05-14 22:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-05-14 22:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2006-11-12 446976]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Google Update"="c:\users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-05-09 133104]
"AROReminder"="c:\program files\Advanced Registry Optimizer\ARO.exe" [2010-10-18 2215944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-20 815104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-15 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-15 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-15 81920]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-05-02 184320]
"Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe" [2007-08-30 61440]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-06-27 212992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-05-14 406848]
"Panda Security Toolbar Antiphishing"="c:\programdata\Panda Security Toolbar Antiphishing\panda2_0dn.exe" [2010-11-02 441856]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-08-02 1167808]

c:\users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MemTurbo.lnk - c:\program files\MemTurbo 4\MemTurbo.exe [2010-11-25 3121760]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-4 110592]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-7-10 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-7-10 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-11-26 16968]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2010-06-17 126024]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [x]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-08-09 140608]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2010-05-28 141384]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2010-07-22 99400]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2010-04-30 111112]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2010-07-22 112712]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMD25
*Deregistered* - klmd25
*Deregistered* - SASDIFSV
*Deregistered* - SASENUM

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4219619567-1222890213-1990470374-1000Core.job
- c:\users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-09 14:43]

2010-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4219619567-1222890213-1990470374-1000UA.job
- c:\users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-09 14:43]

2010-05-15 c:\windows\Tasks\McDefragTask.job
- c:\windows\system32\Defrag.exe [2008-09-24 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.att.net
uInternet Settings,ProxyOverride = *.local
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-27 19:22
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

Thanks once more. Your support has been invaluable.


Report •

#16
November 28, 2010 at 08:45:45
Doesn't look like the complete combofix file?

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#17
November 28, 2010 at 09:25:07
Really? I could have sworn I copied the whole thing. I'd like to post it again. But I am having trouble locating it. I did click save on the note pad document. But I am not sure how retrieve it. If you have some advice on that I will track it down and post again.

Thanks again,

Tim


Report •

#18
November 28, 2010 at 09:28:09
By the way. I just discovered the Urlseek is still there! ouch!

Report •

#19
November 28, 2010 at 09:59:40
You can search for it by clicking on start and then typing combofix in the box and enter

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#20
November 28, 2010 at 10:03:22
http://www.bleepingcomputer.com/for...

I found that, it may help you...Good Luck

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#21
November 28, 2010 at 10:12:18
Searching for combofix keeps giving me the message, "no items match your search."

I'll take a look at the other thread.

Thanks again,

Tim


Report •


Ask Question