Author Topic: urlseek  (Read 24523 times)

0 Members and 1 Guest are viewing this topic.

jeffce

  • Guest
Re: urlseek
« Reply #45 on: August 23, 2012, 02:57:55 AM »
Hi,

You can go ahead and remove that from your Desktop using right-click >> Delete.  :)

ehargett

  • Guest
Re: urlseek: REVISITED :)
« Reply #46 on: August 31, 2012, 08:16:00 PM »
I'm attaching new OTL and MBAM scans, and I hope it ok to simply re-open this issue as opposed to creating a new one, especially since it is the same problem. :)
I forgot to run the asw thingy, but will get that done as soon as I post these logs.

OF NOTE: I have been running perfectly fine with no redirects to urlseek since my last post to the forum regarding this, so, I thought we had resolved this...  However, today, I went to open my homepage which is a "my.yahoo.com" site, and it decided to take me to a urlseek site instead. I have not downloaded anything that was even the least bit risky, so I am baffled. The redirects started after rebooting my computer this morning and updating Adobe Flash.

Elizabeth

ehargett

  • Guest
Re: urlseek
« Reply #47 on: August 31, 2012, 08:49:42 PM »
And here is the aswMBR file..

Elizabeth

jeffce

  • Guest
Re: urlseek
« Reply #48 on: September 04, 2012, 02:03:14 PM »
Hi,

Can you let me know what browser(s) it is that you are being redirected in?  :)

ehargett

  • Guest
Re: urlseek
« Reply #49 on: September 05, 2012, 03:15:42 PM »
Firefox and Internet Explorer..
For about an hour I thought I was getting away with working while using IE, but then it decided to start redirecting me, too..
Sorry for the delayed response... :)

Elizabeth

jeffce

  • Guest
Re: urlseek
« Reply #50 on: September 05, 2012, 09:25:28 PM »
Hi,

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)
----------

ehargett

  • Guest
Re: urlseek
« Reply #51 on: September 07, 2012, 06:05:22 PM »
I apologize for delay.
Here is the log.
Elizabeth

jeffce

  • Guest
Re: urlseek
« Reply #52 on: September 08, 2012, 09:16:19 PM »
Hi there,

Run OTL.exe
  • Copy/paste the following text written inside of the quote box into the Custom Scans/Fixes box located at the bottom of OTL

    Quote

    :Services

    :OTL
    IE - HKLM\..\URLSearchHook: {37153479-1976-43c3-a1ee-557513977b64} - No CLSID value found
    IE - HKU\S-1-5-21-3045708588-2119644354-3407544181-1001\..\URLSearchHook: {37153479-1976-43c3-a1ee-557513977b64} - No CLSID value found
    IE - HKU\S-1-5-21-3045708588-2119644354-3407544181-1001\..\SearchScopes\{9A5A4E42-5BF1-4281-92FB-1A60B9F9D976}: "URL" = http://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
    IE - HKU\S-1-5-21-3045708588-2119644354-3407544181-1001\..\SearchScopes\{A3FF93DF-EA9B-46F6-A2B7-55F6A033B058}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
    FF - HKLM\Software\MozillaPlugins\@Guffins.com/Plugin:  File not found
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}: C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi
    [2012/02/22 18:58:26 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
    [2012/02/22 18:58:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
    O2 - BHO: (no name) - {37153479-1976-43c3-a1ee-557513977b64} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {37153479-1976-43c3-a1ee-557513977b64} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - Reg Error: Value error. File not found
    O3 - HKU\S-1-5-21-3045708588-2119644354-3407544181-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-3045708588-2119644354-3407544181-1001\..\Toolbar\WebBrowser: (no name) - {37153479-1976-43C3-A1EE-557513977B64} - No CLSID value found.
    O3 - HKU\S-1-5-21-3045708588-2119644354-3407544181-1001\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O33 - MountPoints2\{81032316-d5e6-11e1-a0d4-7c6d62935b09}\Shell - "" = AutoRun
    O33 - MountPoints2\{81032316-d5e6-11e1-a0d4-7c6d62935b09}\Shell\AutoRun\command - "" = J:\MotoCastSetup.exe -a

    :Files
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [resethosts]
    [clearallrestorepoints]
    [start explorer]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
----------

ehargett

  • Guest
Re: urlseek
« Reply #53 on: September 09, 2012, 06:04:56 PM »
I am posting the new OTL scan, as well as a little notepad text that popped up after the Fix scan rebooted the computer.

Thanks,
Elizabeth

jeffce

  • Guest
Re: urlseek
« Reply #54 on: September 10, 2012, 03:24:21 AM »
Hi there,

Are you still getting redirects?  :)

ehargett

  • Guest
Re: urlseek
« Reply #55 on: September 10, 2012, 08:59:45 PM »
So far, so good today. I landed on a couple of websites that WOT flagged, but none of them were a urlseek.

Now, I am hesitant to close this out, since I am really not sure where/what the urlseek is coming from. It is a COMPLETE pain in the behind, so I would like input on how to avoid it. I run my scans like a good little girl, :) but it never comes up on any scan. I simply start getting redirected to urlseek websites, and that's how I know there is a problem.

I'm going to play around a little more before I finally declare this a dead issue.. but if you get a chance, you can lmk your thoughts on this particular redirecter..

Elizabeth

jeffce

  • Guest
Re: urlseek
« Reply #56 on: September 11, 2012, 07:38:29 PM »
Go ahead and play around with it and we can see where we stand.  Let me know how your system behaves.  :)

ehargett

  • Guest
Re: urlseek
« Reply #57 on: September 16, 2012, 02:42:48 PM »
Things seem to be working fine. No more automatic  privacy clearing from the Iobit I mentioned in our PM, and no more redirects.
Please, elaborate on what your "fix" did/stopped/etc so I'll know what to uninstall, if anything.. You may PM, if you'd like, with this information.
I'm still keeping an eye on everything, but I think we're ok at this point.

Elizabeth

jeffce

  • Guest
Re: urlseek
« Reply #58 on: September 17, 2012, 01:47:00 AM »
There were some bad entries that were related to one of the Coupon toolbars and some other orphaned entries that needed to be removed.  Nothing really bad but things that needed to go anyway.  :)