Page 7 of 8 FirstFirst ... 345678 LastLast
Results 61 to 70 of 71

Thread: infected with adnxs?

  1. #61
    Senior Member
    Join Date
    Apr 2006
    Posts
    153

    Default

    Quote Originally Posted by Juliet View Post
    Running a scan today it found more objects?

    Open MBAM, click on the history tab, look for the log with todays date.
    Please copy and paste that in your next reply.
    ****

    Don't worry over what RogueKiller found, those are safe entries.

    .
    I don't know when that stuff got quarantined. There are several logs in the history so I copies the scan log from earlier and the protection log (to follow). I reset IE and cleared the personal settings and the third party cookie pop ups are going to drive us nuts for a while but I think it fixed whatever was blocking Delfix, cause now I can access it (I sent the link from my laptop to my e-mail so I could access it from the desktop computer to check it). As soon as I tried to access the net I started getting an ad pop up. I think it was ad.aol.com but not sure because I lost it trying to get rid of the third party cookie pop ups.

    Anyway here are the logs you requested and hopefully we're getting to the bottom of this.

    MBam log:
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 10/2/2014
    Scan Time: 1:37:05 AM
    Logfile: mbamnewest.txt
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.10.02.02
    Rootkit Database: v2014.09.19.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: waldo

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 325869
    Time Elapsed: 9 min, 49 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)


    MBam protection log:

    Malwarebytes Anti-Malware
    www.malwarebytes.org


    Protection, 10/2/2014 12:42:57 AM, SYSTEM, WALDO-PC, Protection, Malware Protection, Starting,
    Protection, 10/2/2014 12:42:57 AM, SYSTEM, WALDO-PC, Protection, Malware Protection, Started,
    Protection, 10/2/2014 12:42:58 AM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, Starting,
    Update, 10/2/2014 12:42:59 AM, SYSTEM, WALDO-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.9.19.1,
    Update, 10/2/2014 12:43:02 AM, SYSTEM, WALDO-PC, Manual, Malware Database, 2014.3.4.9, 2014.10.2.2,
    Protection, 10/2/2014 12:43:02 AM, SYSTEM, WALDO-PC, Protection, Refresh, Starting,
    Protection, 10/2/2014 12:43:26 AM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, Started,
    Protection, 10/2/2014 12:43:27 AM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, Stopping,
    Protection, 10/2/2014 12:43:27 AM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, Stopped,
    Protection, 10/2/2014 12:43:31 AM, SYSTEM, WALDO-PC, Protection, Refresh, Success,
    Protection, 10/2/2014 12:43:31 AM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, Starting,
    Protection, 10/2/2014 12:43:32 AM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, Started,
    Detection, 10/2/2014 11:33:40 AM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, IP, 31.170.179.179, alnera.eu, 63445, Outbound, C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe,
    Detection, 10/2/2014 11:33:40 AM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, IP, 31.170.179.179, alnera.eu, 63445, Outbound, C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe,
    Detection, 10/2/2014 11:33:46 AM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, IP, 31.170.179.179, alnera.eu, 63512, Outbound, C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe,
    Protection, 10/2/2014 11:45:10 AM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, Stopping,
    Protection, 10/2/2014 11:45:10 AM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, Stopped,
    Protection, 10/2/2014 11:45:10 AM, SYSTEM, WALDO-PC, Protection, Malware Protection, Stopping,
    Protection, 10/2/2014 11:45:10 AM, SYSTEM, WALDO-PC, Protection, Malware Protection, Stopped,
    Protection, 10/2/2014 11:56:43 AM, SYSTEM, WALDO-PC, Protection, Malware Protection, Starting,
    Protection, 10/2/2014 11:56:43 AM, SYSTEM, WALDO-PC, Protection, Malware Protection, Started,
    Protection, 10/2/2014 11:56:43 AM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, Starting,
    Protection, 10/2/2014 11:56:43 AM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, Started,
    Update, 10/2/2014 11:57:35 AM, SYSTEM, WALDO-PC, Manual, Malware Database, 2014.10.2.2, 2014.10.2.7,
    Protection, 10/2/2014 11:57:37 AM, SYSTEM, WALDO-PC, Protection, Refresh, Starting,
    Protection, 10/2/2014 11:57:37 AM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, Stopping,
    Protection, 10/2/2014 11:57:37 AM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, Stopped,
    Protection, 10/2/2014 11:57:42 AM, SYSTEM, WALDO-PC, Protection, Refresh, Success,
    Protection, 10/2/2014 11:57:42 AM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, Starting,
    Protection, 10/2/2014 11:57:42 AM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, Started,
    Protection, 10/2/2014 2:10:43 PM, SYSTEM, WALDO-PC, Protection, Malware Protection, Starting,
    Protection, 10/2/2014 2:10:43 PM, SYSTEM, WALDO-PC, Protection, Malware Protection, Started,
    Protection, 10/2/2014 2:10:43 PM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, Starting,
    Protection, 10/2/2014 2:11:40 PM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, Started,
    Protection, 10/2/2014 2:14:16 PM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, Stopping,
    Protection, 10/2/2014 2:14:16 PM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, Stopped,
    Protection, 10/2/2014 2:14:16 PM, SYSTEM, WALDO-PC, Protection, Malware Protection, Stopping,
    Protection, 10/2/2014 2:14:17 PM, SYSTEM, WALDO-PC, Protection, Malware Protection, Stopped,
    Protection, 10/2/2014 2:15:46 PM, SYSTEM, WALDO-PC, Protection, Malware Protection, Starting,
    Protection, 10/2/2014 2:15:46 PM, SYSTEM, WALDO-PC, Protection, Malware Protection, Started,
    Protection, 10/2/2014 2:15:46 PM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, Starting,
    Protection, 10/2/2014 2:16:22 PM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, Started,

    (end)


    fixlistlog:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-09-2014 02
    Ran by waldo at 2014-10-02 14:14:33 Run:3
    Running from C:\Users\waldo\Desktop
    Loaded Profile: waldo (Available profiles: waldo)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    start
    CloseProcesses:
    SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Toolbar: HKLM-x32 - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File
    EmptyTemp:
    Hosts:
    End
    *****************

    Processes closed successfully.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key Deleted successfully.
    "HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ba00b7b1-0351-477a-b948-23e3ee5a73d4} => value deleted successfully.
    "HKCR\Wow6432Node\CLSID\{ba00b7b1-0351-477a-b948-23e3ee5a73d4}" => Key deleted successfully.
    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.
    EmptyTemp: => Removed 18 MB temporary data.


    The system needed a reboot.

    ==== End of Fixlog ====


    Let me know what else we need to do. Thanks much!!!

  2. #62
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    I think I'm going to shoot myself since I can't find the reason for this popup.

    Let's experiment.

    uStart Page = hxxp://www.aol.com <-- did you set AOL as your home page?

    AOL Toolbar <-- uninstall AOL toolbar. It's not needed and should not interfere with AOL.

    AdblockPlus

    For Google Chrome
    https://chrome.google.com/webstore/d...ibdccddilifddb

    For Firefox
    https://addons.mozilla.org/en-US/fir.../adblock-plus/

    • AdblockPlus, Surf the web without annoying ads!
    • Blocks banners, pop-ups and video ads - even on Facebook and YouTube
    • Protects your online privacy
    • Two-click installation, It's free!
    • click the icon that corresponds to your browser and download.



    *NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

    Try the above and let's see what results we get from this.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #63
    Senior Member
    Join Date
    Apr 2006
    Posts
    153

    Default

    Quote Originally Posted by Juliet View Post
    I think I'm going to shoot myself since I can't find the reason for this popup.

    Let's experiment.

    uStart Page = hxxp://www.aol.com <-- did you set AOL as your home page?

    AOL Toolbar <-- uninstall AOL toolbar. It's not needed and should not interfere with AOL.

    AdblockPlus

    For Google Chrome
    https://chrome.google.com/webstore/d...ibdccddilifddb

    For Firefox
    https://addons.mozilla.org/en-US/fir.../adblock-plus/

    • AdblockPlus, Surf the web without annoying ads!
    • Blocks banners, pop-ups and video ads - even on Facebook and YouTube
    • Protects your online privacy
    • Two-click installation, It's free!
    • click the icon that corresponds to your browser and download.



    *NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

    Try the above and let's see what results we get from this.
    I believe the aol toolbar is already removed, at least I remember removing it at some point. Don't see it and yes aol.com is my homepage. So far the pop up has not come back. I don't use google or firefox, is it available for IE? I'm as frustrated as you are .

  4. #64
    Senior Member
    Join Date
    Apr 2006
    Posts
    153

    Default

    Just for your info I couldn't find AOL toobar but I did go into add/remove programs and it was there. Tried to uninstall it and it said it was already installed and asked if I wanted to remove the (can't remember what it said LOL) and I said yes, so now it is not longer in add/remove programs. System seems fine, no weird pop ups at this point.

  5. #65
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Why didn't I add that in the last reply?, I had it on note...sheesh!

    AdBlock for Internet Explorer.
    https://adblockplus.org/releases/adb...lorer-released

    So far the pop up has not come back
    Your machine tells me to not hold my breath.

    Want to try and run Delfix now to remove these tools and quarantine folders?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  6. #66
    Senior Member
    Join Date
    Apr 2006
    Posts
    153

    Default

    Quote Originally Posted by NutherStamper View Post
    Just for your info I couldn't find AOL toobar but I did go into add/remove programs and it was there. Tried to uninstall it and it said it was already installed .
    That should read it was already UNINSTALLED. Need some coffee!

  7. #67
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    That should read it was already UNINSTALLED. Need some coffee!
    Let's go get a double cappuccino! (do they make a triple)

    How's the machine?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  8. #68
    Senior Member
    Join Date
    Apr 2006
    Posts
    153

    Default

    Ok, I ran Delfix and removed all the excess stuff. Some web pages were acting a little strange (like not being able to click on anything on the page) but I did a reboot and it fixed that. I did not install adblock plus yet. I'm holding off on that for the moment. Things are running a little slow but I attribute that to resetting IE and removing personal settings. I notice that pages I visit frequently are loading faster. So far no weird pop-ups. And thinking it over when I got that aol pop up I may not have reset the home page back to AOL yet. And it has not come up since. So far so good. If we could leave this thread up for a few days I'll use the heck out of it and see how it runs. I have to thank you for all your help with this, I know how frustrating it was. Let's cross our fingers that everything works ok. Have a great day!

  9. #69
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    I have to thank you for all your help with this, I know how frustrating it was. Let's cross our fingers that everything works ok. Have a great day!
    We're glad to help.

    You have a great day too!
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  10. #70
    Senior Member
    Join Date
    Apr 2006
    Posts
    153

    Default

    Well a couple of days and everything seems to be working just fine! Thanks so much for the help. I think you can close out this thread now.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •