Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest
New tabs opening Primeslots.com and static.webimpresion.com
-
25-03-2014 8:44pmI use Chrome and recently I have noticed if I leave my laptop idle for a while a new tab will open with either primeslots.com or static.webimpresion.com. Both are alerted as phishing sites by Chrome.
I have searched for how to remove but any of the sites I found with details of web extensions to look for have failed as none of the extensions listed are listed on in my extensions so that route is failing.
Plenty of other sites offer removal tools but I am sceptical of installing any of them in case they are hoax tools and infect me worse!!
So if anyone has any helpful info on removing this malware I'd be grateful if you could share it!! BTW I use eset anti-virus but it does not detect it.0
Comments
-
Download OTL to your Desktop
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Click the Quick Scan button. Do not change any settings. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files here
0 -
Thanks JSA for any help you can give. I have attached the two files.0
-
don't attach the logs, easier if you post them for me
open OTL copy this into the box
:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0ByE0AyEtBtBzz0FzyzzyCtN0D0Tzu0CyCtDyDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=640394618&ir=
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0ByE0AyEtBtBzz0FzyzzyCtN0D0Tzu0CyCtDyDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=640394618&ir=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0ByE0AyEtBtBzz0FzyzzyCtN0D0Tzu0CyCtDyDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=640394618&ir=
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0ByE0AyEtBtBzz0FzyzzyCtN0D0Tzu0CyCtDyDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=640394618&ir=
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0ByE0AyEtBtBzz0FzyzzyCtN0D0Tzu0CyCtDyDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=640394618&ir=
IE - HKCU\..\SearchScopes\{FD0916A5-C1D6-4841-BF56-03937D5F750F}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3275663&CUI=UN11615326762723122&UM=1
O33 - MountPoints2\{e978cedf-6994-11e2-884b-705ab6cbf2ac}\Shell - "" = AutoRun
O33 - MountPoints2\{e978cedf-6994-11e2-884b-705ab6cbf2ac}\Shell\AutoRun\command - "" = E:\SafeStick.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
[2013/08/27 18:26:04 | 000,423,709 | ---- | C] () -- C:\Users\Enda\AppData\Local\mysearchdial_speedial_v9.0.2.crx
[2013/08/27 18:26:09 | 000,000,000 | ---D | M] -- C:\Users\Enda\AppData\Roaming\mysearchdial
[2014/03/17 12:09:00 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\MySearchDial.job
:Commands
[PURITY]
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[EMPTYJAVA]
[CREATERESTOREPOINT]
[Reboot]
:Files
ipconfig /flushdns /c
click run fix post the log it gives
then run adwcleaner, post the log it gives
www.bleepingcomputer.com/download/adwcleaner/0 -
Thanks again for your help. Logs:
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FD0916A5-C1D6-4841-BF56-03937D5F750F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD0916A5-C1D6-4841-BF56-03937D5F750F}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e978cedf-6994-11e2-884b-705ab6cbf2ac}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e978cedf-6994-11e2-884b-705ab6cbf2ac}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e978cedf-6994-11e2-884b-705ab6cbf2ac}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e978cedf-6994-11e2-884b-705ab6cbf2ac}\ not found.
File E:\SafeStick.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\LaunchU3.exe -a not found.
C:\Users\Enda\AppData\Local\mysearchdial_speedial_v9.0.2.crx moved successfully.
C:\Users\Enda\AppData\Roaming\mysearchdial\UpdateProc folder moved successfully.
C:\Users\Enda\AppData\Roaming\mysearchdial\icons_2.2.4.731 folder moved successfully.
C:\Users\Enda\AppData\Roaming\mysearchdial folder moved successfully.
C:\Windows\Tasks\MySearchDial.job moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
User: All Users
User: Classic .NET AppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Enda
->Temp folder emptied: 1855700568 bytes
->Temporary Internet Files folder emptied: 1259685354 bytes
->Google Chrome cache emptied: 431059747 bytes
->Flash cache emptied: 96420 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 768047679 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 45310 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78039 bytes
RecycleBin emptied: 3969 bytes
Total Files Cleaned = 4,115.00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Classic .NET AppPool
User: Default
User: Default User
User: DefaultAppPool
User: Enda
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYJAVA]
User: Administrator
User: All Users
User: Classic .NET AppPool
User: Default
User: Default User
User: DefaultAppPool
User: Enda
User: Public
Total Java Files Cleaned = 0.00 mb
Restore point Set: OTL Restore Point
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Enda\Desktop\cmd.bat deleted successfully.
C:\Users\Enda\Desktop\cmd.txt deleted successfully.
OTL by OldTimer - Version 3.2.69.0 log created on 03262014_191418
Files\Folders moved on Reboot...
C:\Users\Enda\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Enda\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
# AdwCleaner v3.022 - Report created 26/03/2014 at 19:28:43
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Enda - ENDA-PC
# Running from : C:\Users\Enda\Downloads\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
Service Found : WajamUpdater
***** [ Files / Folders ] *****
File Found : C:\Windows\System32\Tasks\Dealply
File Found : C:\Windows\System32\Tasks\MySearchDial
File Found : C:\Windows\Tasks\Dealply.job
Folder Found C:\Program Files (x86)\BitLord 2
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\DealPly
Folder Found C:\Program Files (x86)\DealPlyLive
Folder Found C:\Program Files (x86)\MyPC Backup
Folder Found C:\ProgramData\Ask
Folder Found C:\ProgramData\DealPlyLive
Folder Found C:\Users\Enda\AppData\Local\apn
Folder Found C:\Users\Enda\AppData\Local\Conduit
Folder Found C:\Users\Enda\AppData\Local\DealPlyLive
Folder Found C:\Users\Enda\AppData\Local\torch
Folder Found C:\Users\Enda\AppData\LocalLow\boost_interprocess
Folder Found C:\Users\Enda\AppData\LocalLow\Conduit
Folder Found C:\Users\Enda\AppData\LocalLow\PriceGong
Folder Found C:\Users\Enda\AppData\Roaming\BitLord
Folder Found C:\Users\Enda\AppData\Roaming\DealPly
Folder Found C:\Users\Enda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitLord
Folder Found C:\Users\Enda\AppData\Roaming\OpenCandy
Folder Found C:\Users\Enda\Documents\BitLord
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DealPlyLive
Key Found : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
Key Found : HKCU\Software\mysearchdial
Key Found : HKCU\Software\torch
Key Found : HKCU\Software\Wajam
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\DealPlyLive
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\mysearchdial
Key Found : [x64] HKCU\Software\torch
Key Found : [x64] HKCU\Software\Wajam
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Found : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3275663
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DealPlyLive
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Found : HKLM\Software\InstallCore
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\torch
Key Found : HKLM\Software\Wajam
Key Found : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16521
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://start.mysearchdial.com/?f=2&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0ByE0AyEtBtBzz0FzyzzyCtN0D0Tzu0CyCtDyDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=640394618&ir=
-\\ Google Chrome v33.0.1750.154
[ File : C:\Users\Enda\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [5084 octets] - [26/03/2014 19:28:43]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5144 octets] ##########0 -
Advertisement
-
have adwcleaner delete what it found, reboot and tell me how its running0
-
Done all you suggested and so far so good. Left the laptop idle for a while and no random tabs opened. Thanks a mil for all your help, greatly appreciated.0
Advertisement