PUP.Optional.MySearchDial.A

[Saajuk]

My Malwarebytes keeps detecting this potential threat every day even though I quarintine and trash it every day. I tried looking for the file location (C:\Users\Saajuk\AppData\Local\Google\Chrome\User Data\Default\Prefrences) but i get get stuck after getting the my user name (Saajuk) and I dont have a AppData folder as you can see in the attached image. Is the folder invisible or something? I've dad this problem with SearchDial with another laptop but It was way worse where I could actually see what was happening with my browser being hijacked and all but with this one nothings wrong and Malwarebytes keeps detecting it and its getting irritating. 

http://i928.photobucket.com/albums/ad126/Saajuk/Capture222_zps18656758.png

Is there an easy fix to this?

Lenovo Y500
Windows 8

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please download AdwCleaner by Xplode onto your Desktop.

Before starting AdwCleaner, close all open programs and internet browsers, then double-click on the AdwCleaner icon.



If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.
When the AdwCleaner program will open, click on the Scan button as shown below.



AdwCleaner will now start to search for malicious files that may be installed on your computer.
To remove the files that were detected in the previous step, please click on the Clean button.



AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button. AdwCleaner will now delete all detected adware from your computer. When it is done it will display an alert that explains what PUPs (Potentially Unwanted Programs) and Adware are. Please read through this information and then press the OK button. You will now be presented with an alert that states AdwCleaner needs to reboot your computer.
Please click on the OK button to allow AdwCleaner reboot your computer.A log will be produced. Please copy and paste this log in your next reply.
*********************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• It should update automatically if the computer is connected to the internet.
• Click on Threat Scan and click on Scan Now.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete make sure all the infections have "quarantine" selected in the Action box.
  
• Click on "Quarantine All" You may be asked to Restart your computer to completely remove the infections.
  
• When disinfection is completed you can click on "Copy to Clipboard".
  
• Paste the log in you next reply (CTRL+ V)

*************************************************
Please download Junkware Removal Tool to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.

[Saajuk]

here is the results

Adwcleaner: http://i928.photobucket.com/albums/ad126/Saajuk/snip1_zpsaa394113.png

Malwarebytes: http://i928.photobucket.com/albums/ad126/Saajuk/snip2_zpsde8dccdc.png

JRT: http://i928.photobucket.com/albums/ad126/Saajuk/snip3_zps102cb03f.png

[SuperDave]

Please do not attach your logs unless absolutely necessary. Copy and paste them in your reply(ies)

Malwarebytes' Anti-Rootkit

Please download Malwarebytes' Anti-Rootkit and save it to your desktop.

• Be sure to print out and follow the instructions provided on that same page for performing a scan.
• Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  
• When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  
• If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  
• Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
• Copy and paste the contents of these two log files in your next reply.

[Saajuk]

said it didnt detect any threats and both logs are practically blank. I ran Malwarebytes again and then again and it keeps coming up wih the same thing I posted in the 1st post, so it isnt fixed yet i guess.

[SuperDave]

I cannot read the log that you attached. Please run MBAM again and copy and paste the log.

[Saajuk]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/3/2014
Scan Time: 11:53:40 AM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.03.04
Rootkit Database: v2014.07.01.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: Saajuk

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 301997
Time Elapsed: 6 min, 36 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.MySearchDial.A, C:\Users\Saajuk\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "http://start.mysearchdial.com/?f=1&a=irmsd0202ch&cd=2XzuyEtN2Y1L1Qzu0EzztAzy0D0FtCyE0CtByByCyC0AzzyDtN0D0Tzu0SyBzztDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1943442087&ir=" ],), ,[bf98dfbb3b40ff3704552998808430d0]

Physical Sectors: 0
(No malicious items detected)


(end)


sorry bout the delay

[SuperDave]

Ok, now I would like to see the log from MBAR please.

[Saajuk]

mbar-log-YYYY-MM-DD:      ˙ţM#a#l#w#a#r#e#b#y#t#e#s# #A#n#t#i#-#R#o#o#t#k#i#t# #B#E#T#A# #1#.#0#7#.#0#.#1#0#1#2#


system-log.txt:     ˙ţ-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#9#9# # # # # # # # # # # # # # # # # #B#a#s#i#c# #d#a#t#a# #p#a#r#t#i#t#i#o#n#
 #0#y#p#e# #i#s# #E#m#p#t#y# #(#0#x#0#)#



not sure if they are suppose to look like that but thats what I get when I open them in Open Office word doc

[SuperDave]

Open them in Notepad.

[Saajuk]

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.07.05.01

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16921
Saajuk :: BRANDON [administrator]

7/4/2014 8:10:11 PM
mbar-log-2014-07-04 (20-10-11).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 302565
Time elapsed: 5 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)









---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16921

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.395000 GHz
Memory total: 17124581376, free: 12550864896

Downloaded database version: v2014.07.05.01
Downloaded database version: v2014.07.03.01
Initializing...
======================
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 71EF1326

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 3229271709
    GPT Header CurrentLba = 1 BackupLba 31277231
    GPT Header FirstUsableLba 34  LastUsableLba 31277198
    GPT Header Guid e0eeb463-fd43-4001-853e-4b8d6a66bc
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 3229271709
    Backup GPT header CurrentLba = 31277231 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 31277198
    Backup GPT header Guid e0eeb463-fd43-4001-853e-4b8d6a66bc
    Backup GPT header Contains 128 partition entries starting at LBA 31277199
    Backup GPT header Partition entry size = 128

    Partition 0 Type b8cb5058-c187-4719-baf0-379ca2d4c97e
    Partition ID 4613ee39-4727-4347-8134-173f59f716f
    FirstLBA 2048  Last LBA 31277055
    Attributes 0
    Partition Name                                  HFS

Disk Size: 16013942784 bytes
Sector size: 512 bytes

Done!
Drive 1
This is a System drive
Scanning MBR on drive 1...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 71EF1321

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 3898779921
    GPT Header CurrentLba = 1 BackupLba 1953525167
    GPT Header FirstUsableLba 34  LastUsableLba 1953525134
    GPT Header Guid 184c91d7-d3a3-45db-b786-a0fac0e21f24
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 3898779921
    Backup GPT header CurrentLba = 1953525167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 1953525134
    Backup GPT header Guid 184c91d7-d3a3-45db-b786-a0fac0e21f24
    Backup GPT header Contains 128 partition entries starting at LBA 1953525135
    Backup GPT header Partition entry size = 128

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID cbe3da1f-b208-48c1-96b3-c9f9ab6fd9
    FirstLBA 2048  Last LBA 2050047
    Attributes 1
    Partition Name                 Basic data partition

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 82f163a2-19a4-4e84-96de-11b585a3827
    FirstLBA 2050048  Last LBA 2582527
    Attributes 1
    Partition Name                 EFI system partition

    GPT Partition 1 is bootable
    Partition 2 Type bfbfafe7-a34f-448a-9a5b-6213eb736c22
    Partition ID c1fdc808-1453-4f83-8538-8cd3756f07e
    FirstLBA 2582528  Last LBA 4630527
    Attributes 1
    Partition Name                 Basic data partition

    Partition 3 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 7ebc3f13-1bdf-452e-b2f9-588badc52c90
    FirstLBA 4630528  Last LBA 4892671
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 94e59173-8fe-42dd-ada-216313c8b3f
    FirstLBA 4892672  Last LBA 1858435071
    Attributes 0
    Partition Name                 Basic data partition

    Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 324f21a9-f404-4ba4-a71e-84ce91dc7ce8
    FirstLBA 1858435072  Last LBA 1859151871
    Attributes 1
    Partition Name                                     

    Partition 6 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 9d47d1a9-9e3c-41b3-80c7-6e0ec87ca27
    FirstLBA 1859151872  Last LBA 1911580671
    Attributes 0
    Partition Name                 Basic data partition

    Partition 7 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 44d418e8-ac48-4638-8765-e71736232abf
    FirstLBA 1911580672  Last LBA 1953523711
    Attributes 1
    Partition Name                 Basic data partition

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished

[SuperDave]

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.

• Leave the check mark next to Remove found threats.
  

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[Saajuk]

link for the alternate browsers doesnt work. Using Chrome.

[SuperDave]

I presume you still have IE on your computer?

[Saajuk]

here the results from log file:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK