Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

hijacked [Solved]

Started by nickf33 , Feb 09 2014 12:48 PM

This topic is locked

#31
nickf33

Posted 12 February 2014 - 09:24 PM

Member

Topic Starter
Member
101 posts

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
During scan window came up
Database version: v2014.02.12.11 3 times asking if I really
wanted to stop scan.
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
nickf :: NICK [administrator]

2/12/2014 8:13:30 PM
mbam-log-2014-02-12 (20-13-30).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 401651
Time elapsed: 1 hour(s), 54 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 8
HKCR\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\Typelib\{FBC322D5-407E-4854-8C0B-555B951FD8E3} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\Savings Bull (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Highlightly (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\SavingsbullFilter (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 59
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP40\A0004645.exe (PUP.Optional.OptimizerPro) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP40\A0004647.exe (PUP.Optional.OptimizerPro) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP40\A0004648.exe (PUP.Optional.OptimizerPro) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP40\A0004649.exe (PUP.Optional.OptimizerPro) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP42\A0004655.dll (Adware.Agent) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP42\A0004656.exe (PUP.Optional.PricePeep.A) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP42\A0004657.exe (PUP.Optional.PricePeep.A) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP47\A0004710.exe (PUP.Optional.PursuePoint.A) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP47\A0004713.exe (PUP.Optional.PursuePoint.A) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP51\A0004839.rbf (PUP.Optional.SavingsBull.A) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP51\A0004871.dll (PUP.Optional.PursuePoint.A) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP51\A0004879.exe (PUP.Optional.PursuePoint.A) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP51\A0004880.exe (PUP.Optional.PursuePoint.A) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP51\A0004884.exe (PUP.Optional.Sambreel.A) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP52\A0004966.exe (PUP.Optional.OptimumInstaller.A) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP52\A0005276.exe (PUP.Optional.PlusHD.A) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP52\A0005263.exe (PUP.Optional.OptimumInstaller.A) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP52\A0005272.exe (PUP.Optional.PlusHD.A) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP52\A0005273.dll (PUP.Optional.PlusHD.A) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP52\A0005274.exe (PUP.Optional.PlusHD.A) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP52\A0005275.exe (PUP.Optional.PlusHD.A) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP52\A0005277.exe (PUP.Optional.PlusHD.A) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP52\A0005278.exe (PUP.Optional.PlusHD.A) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP52\A0005281.exe (PUP.Optional.PlusHD.A) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP54\A0005304.exe (PUP.Optional.OptimumInstaller.A) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP55\A0005335.dll (PUP.Optional.MySearchDial.A) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP55\A0005336.dll (PUP.Optional.MySearchDial.A) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP55\A0005337.exe (PUP.Optional.MySearchDial.A) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP55\A0005338.dll (PUP.Optional.MySearchDial.A) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP55\A0005341.dll (PUP.Optional.MySearchDial.A) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP55\A0005342.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP55\A0005343.dll (PUP.Optional.Conduit.A) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP55\A0005344.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Temp\InstallFilter32.msi (PUP.Optional.SavingsBull.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files\Mysearchdial\1.8.21.0\mysearchdialApp.dll.vir (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Mysearchdial\1.8.21.0\mysearchdialEng.dll.vir (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Mysearchdial\1.8.21.0\mysearchdialsrv.exe.vir (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll.vir (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Mysearchdial\1.8.21.0\bh\mysearchdial.dll.vir (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\Main\bin\SPTool.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\Main\bin\uninstall.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\UI\bin\cltmngui.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\nickf\Desktop\Setup.exe (PUP.Optional.OptimumInstaller.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\nickf\Desktop\downloads\ffdshow.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\nickf\Desktop\downloads\infrarecorder.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\nickf\Desktop\unused\downloads\ffdshow.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\nickf\Desktop\unused\downloads\infrarecorder.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\nickf\My Documents\Downloads\Hitman_Pro_TSV33UX3D.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\nickf\My Documents\Downloads\Spybot%20Search%20&%20Destroy(1).exe (PUP.Optional.Bundler) -> Quarantined and deleted successfully.
C:\Documents and Settings\nickf\My Documents\Downloads\Spybot%20Search%20&%20Destroy.exe (PUP.Optional.Bundler) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\02112014_142204\C_Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe (PUP.Optional.Savingsbull) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\02112014_142204\C_Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe (PUP.Optional.Savingsbull) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\02112014_142204\C_Program Files\SearchProtect\Main\bin\CltMngSvc.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\02112014_142204\C_Program Files\SearchProtect\SearchProtect\bin\cltmng.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\02112014_142204\C_Program Files\SearchProtect\SearchProtect\bin\SPTool64.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\02112014_142204\C_Program Files\SearchProtect\SearchProtect\bin\SPVC32.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\02112014_142204\C_Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\02112014_142204\C_Program Files\SearchProtect\SearchProtect\bin\SPVC64.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\02112014_142204\C_Program Files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

(end)

Edited by nickf33, 12 February 2014 - 09:28 PM.

#32
nickf33

Posted 12 February 2014 - 10:07 PM

Member

Topic Starter
Member
101 posts

No threats found on ESET scan. Also pop-ups and redirection stopped

#33
nickf33

Posted 12 February 2014 - 10:13 PM

Member

Topic Starter
Member
101 posts

Results of screen317's Security Check version 0.99.79
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Please wait while WMIC compiles updated MOF files.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
M
i
c
r
o
s
o
f
t
ECHO is off.
S
e
c
u
r
i
t
y
ECHO is off.
E
s
e
n
t
i
a
l
s
ECHO is off.
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 4.6
SpywareGuard v2.2
Spybot - Search & Destroy
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java 7 Update 17
Java version out of Date!
Adobe Flash Player 12.0.0.43
Adobe Reader XI
Mozilla Firefox (26.0)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 5%
````````````````````End of Log``````````````````````

#34
nickf33

Posted 12 February 2014 - 10:17 PM

Member

Topic Starter
Member
101 posts

godawgs, Computer running great. I thought i downloaded all the logs in step five?

#35
nickf33

Posted 13 February 2014 - 11:41 AM

Member

Topic Starter
Member
101 posts

godawgs,I don't know how to thank you.Your the best. are there any more steps?My pc is back to normal,Also I want to thank you for your great patience with me, and my mistakes. Just one more thing can you advise me how to avoid this in the future?Do I have the right anti-spyware installed? Nick33

#36
godawgs

Posted 13 February 2014 - 11:43 AM

Teacher

Retired Staff
8,228 posts

godawgs, Computer running great. I thought i downloaded all the logs in step five?

That's what we like to hear. And yes, you posted all of the logs requested :thumbsup:

We just need to change the search provider in Chrome and update an out of date program and then we can clean up an you'll be ready to go on your way

Step-1.

Reset Chrome Search Provider

Open the Chrome browser.
Click the Chrome menu Chrome menu on the browser toolbar
Select Settings. The Settings page will open.
In the "Search" section, click Manage search engines.
Find all Mysearchdial entries.
Mouse over them and click the X to remove them.
Make the search engine of your choice, like Google the (Default) search engine by mousing over it and clicking Make default.

Step-2.

Posted Image

JAVA Advice

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software or need it to play games on-line.
In that instance I would recommend that you only use Firefox or Chrome to visit those sites and do the following:

For Firefox, install the NoScript add-on.
For Chrome, install the Script-No add-on.
NOTE: After installing the add-ons you will need to tell them that the site you are visiting is allowed to run Java.
Disable Java in your browsers until you need it for that software and then enable it. (See How to disable Java in your web browser or How to unplug Java from the browser)

If you still want to update your Java, follow the instructions below:

A.
Your version of Java is way out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older versions of Java components and update:

Download the latest version of the Java Runtime Environment (JRE) Version from Here or Here and save it to your desktop.
Look for "Java Platform, Standard Edition". You will see the current Java version and update number under listed under the heading. Example: The newest update is Java SE 7u51
Click the "Download button under the JRE" column.
On the Java SE Runtime Environment page, click the button to "Accept License Agreement".
Under the Java SE Runtime Environment 7u51 heading:
To install the version for your system:
- For Windows 32 bit systems, look for Windows x86 Offline 29.79MB, click the jre-7u51-windows-i586.exe file and save it to your desktop. Do Not run it from the Java site.
Close any programs you may have running - especially your web browser.

B.
Uninstall all versions of Java

Click Start > Control Panel > Add/Remove Programs. The list of installed programs will populate.
Remove all older versions of Java. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE or J2SE
The versions I see on the computer are:
- Java 7 Update 17
Click each program and click the Remove or Change/Remove button and follow the on screen instructions for the Java uninstaller.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.

C.
Install the latest JAVA

Back on your desktop:

Double-click on the jre-7u51-windows-i586.exe file to install the newest version.
When the Java Setup - Welcome window opens, click the Install > button.
If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version. It's on the Update tab in Java in the Control Panel.

[Note:] The Java Quick Starter (JQS.exe) adds a service to improve the initial start up time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > You will have to be in Classic View to see Java(It looks like a coffee cup). Double-click on Java click the Advanced Tab click Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Let me know if you were able to change the search provider in Chrome and if the JAVA update was successfull.

#37
nickf33

Posted 13 February 2014 - 05:22 PM

Member

Topic Starter
Member
101 posts

godawgs I didn't know I had chrome browser.Will continue with other steps.

#38
nickf33

Posted 13 February 2014 - 06:13 PM

Member

Topic Starter
Member
101 posts

godawgs, Don't have crome.Uninstalled Java was not able to download new version.

#39
nickf33

Posted 14 February 2014 - 11:57 AM

Member

Topic Starter
Member
101 posts

Hi,godawgs are we finished?

#40
godawgs

Posted 14 February 2014 - 03:36 PM

Teacher

Retired Staff
8,228 posts

You are very welcome.

Hi,godawgs are we finished?

Not yet...almost.

Just one more thing can you advise me how to avoid this in the future?Do I have the right anti-spyware installed?

We will cover this in the clean up part of the process.

Don't have crome.Uninstalled Java was not able to download new version.

You are correct about Chrome. It's not in the list of installed programs, but the OTL log does some Chrome entries. Just skip that part for now.

Why weren't you able to download JAVA? Did you get any error messages?

#41
nickf33

Posted 14 February 2014 - 04:09 PM

Member

Topic Starter
Member
101 posts

Sorry!
In order to download products from Oracle Technology Network you must agree to the OTN license terms.
Be sure that...
Your browser has "cookies" and JavaScript enabled.
You clicked on "Accept License" for the product you wish to download.
You attempt the download within 30 minutes of accepting the license.
From here you can go...

Did that?

#42
nickf33

Posted 14 February 2014 - 04:34 PM

Member

Topic Starter
Member
101 posts

Was able to get in now but downloads are only for windowsx64

#43
godawgs

Posted 14 February 2014 - 04:59 PM

Teacher

Retired Staff
8,228 posts

Did you download the NoScript add-on and install it in the FF browser before doing the JAVA update?

#44
nickf33

Posted 14 February 2014 - 05:01 PM

Member

Topic Starter
Member
101 posts

yes

#45
godawgs

Posted 14 February 2014 - 05:16 PM

Teacher

Retired Staff
8,228 posts

The problem is the NoScript add-on you installed. It isn't allowing JavaScripts on the site. You have to tell it to allow them.
For now, please open the FF browser. Click the down arrow beside Firefox in the upper left hand corner and click Add-ons. On the Add-ons page click Extensions in the left column. In the right column find the NoScript add-on and click the Disable button.
Close the browser and then re-open it and then go to the Java site and download the update again. It should download correctly this time

Once you have the update done you can go to the No-Scripts page here and read about how to work the NoScript add-on. Once you know how to use it you can go back to the Firefox add-on page an Enable it again.