infected with adnxs?

Status
Not open for further replies.
Juliet said:
Running a scan today it found more objects?

Open MBAM, click on the history tab, look for the log with todays date.
Please copy and paste that in your next reply.
****

Don't worry over what RogueKiller found, those are safe entries.

.
Click to expand...

I don't know when that stuff got quarantined. There are several logs in the history so I copies the scan log from earlier and the protection log (to follow). I reset IE and cleared the personal settings and the third party cookie pop ups are going to drive us nuts for a while but I think it fixed whatever was blocking Delfix, cause now I can access it (I sent the link from my laptop to my e-mail so I could access it from the desktop computer to check it). As soon as I tried to access the net I started getting an ad pop up. I think it was ad.aol.com but not sure because I lost it trying to get rid of the third party cookie pop ups.

Anyway here are the logs you requested and hopefully we're getting to the bottom of this.

MBam log:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/2/2014
Scan Time: 1:37:05 AM
Logfile: mbamnewest.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.02.02
Rootkit Database: v2014.09.19.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: waldo

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 325869
Time Elapsed: 9 min, 49 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


MBam protection log:

Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 10/2/2014 12:42:57 AM, SYSTEM, WALDO-PC, Protection, Malware Protection, Starting,
Protection, 10/2/2014 12:42:57 AM, SYSTEM, WALDO-PC, Protection, Malware Protection, Started,
Protection, 10/2/2014 12:42:58 AM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, Starting,
Update, 10/2/2014 12:42:59 AM, SYSTEM, WALDO-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.9.19.1,
Update, 10/2/2014 12:43:02 AM, SYSTEM, WALDO-PC, Manual, Malware Database, 2014.3.4.9, 2014.10.2.2,
Protection, 10/2/2014 12:43:02 AM, SYSTEM, WALDO-PC, Protection, Refresh, Starting,
Protection, 10/2/2014 12:43:26 AM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, Started,
Protection, 10/2/2014 12:43:27 AM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, Stopping,
Protection, 10/2/2014 12:43:27 AM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, Stopped,
Protection, 10/2/2014 12:43:31 AM, SYSTEM, WALDO-PC, Protection, Refresh, Success,
Protection, 10/2/2014 12:43:31 AM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, Starting,
Protection, 10/2/2014 12:43:32 AM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, Started,
Detection, 10/2/2014 11:33:40 AM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, IP, 31.170.179.179, alnera.eu, 63445, Outbound, C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe,
Detection, 10/2/2014 11:33:40 AM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, IP, 31.170.179.179, alnera.eu, 63445, Outbound, C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe,
Detection, 10/2/2014 11:33:46 AM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, IP, 31.170.179.179, alnera.eu, 63512, Outbound, C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe,
Protection, 10/2/2014 11:45:10 AM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, Stopping,
Protection, 10/2/2014 11:45:10 AM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, Stopped,
Protection, 10/2/2014 11:45:10 AM, SYSTEM, WALDO-PC, Protection, Malware Protection, Stopping,
Protection, 10/2/2014 11:45:10 AM, SYSTEM, WALDO-PC, Protection, Malware Protection, Stopped,
Protection, 10/2/2014 11:56:43 AM, SYSTEM, WALDO-PC, Protection, Malware Protection, Starting,
Protection, 10/2/2014 11:56:43 AM, SYSTEM, WALDO-PC, Protection, Malware Protection, Started,
Protection, 10/2/2014 11:56:43 AM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, Starting,
Protection, 10/2/2014 11:56:43 AM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, Started,
Update, 10/2/2014 11:57:35 AM, SYSTEM, WALDO-PC, Manual, Malware Database, 2014.10.2.2, 2014.10.2.7,
Protection, 10/2/2014 11:57:37 AM, SYSTEM, WALDO-PC, Protection, Refresh, Starting,
Protection, 10/2/2014 11:57:37 AM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, Stopping,
Protection, 10/2/2014 11:57:37 AM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, Stopped,
Protection, 10/2/2014 11:57:42 AM, SYSTEM, WALDO-PC, Protection, Refresh, Success,
Protection, 10/2/2014 11:57:42 AM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, Starting,
Protection, 10/2/2014 11:57:42 AM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, Started,
Protection, 10/2/2014 2:10:43 PM, SYSTEM, WALDO-PC, Protection, Malware Protection, Starting,
Protection, 10/2/2014 2:10:43 PM, SYSTEM, WALDO-PC, Protection, Malware Protection, Started,
Protection, 10/2/2014 2:10:43 PM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, Starting,
Protection, 10/2/2014 2:11:40 PM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, Started,
Protection, 10/2/2014 2:14:16 PM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, Stopping,
Protection, 10/2/2014 2:14:16 PM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, Stopped,
Protection, 10/2/2014 2:14:16 PM, SYSTEM, WALDO-PC, Protection, Malware Protection, Stopping,
Protection, 10/2/2014 2:14:17 PM, SYSTEM, WALDO-PC, Protection, Malware Protection, Stopped,
Protection, 10/2/2014 2:15:46 PM, SYSTEM, WALDO-PC, Protection, Malware Protection, Starting,
Protection, 10/2/2014 2:15:46 PM, SYSTEM, WALDO-PC, Protection, Malware Protection, Started,
Protection, 10/2/2014 2:15:46 PM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, Starting,
Protection, 10/2/2014 2:16:22 PM, SYSTEM, WALDO-PC, Protection, Malicious Website Protection, Started,

(end)


fixlistlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-09-2014 02
Ran by waldo at 2014-10-02 14:14:33 Run:3
Running from C:\Users\waldo\Desktop
Loaded Profile: waldo (Available profiles: waldo)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM-x32 - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File
EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key Deleted successfully.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ba00b7b1-0351-477a-b948-23e3ee5a73d4} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{ba00b7b1-0351-477a-b948-23e3ee5a73d4}" => Key deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 18 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====


Let me know what else we need to do. Thanks much!!!
 
I think I'm going to shoot myself since I can't find the reason for this popup.

Let's experiment.

uStart Page = hxxp://www.aol.com <-- did you set AOL as your home page?

AOL Toolbar <-- uninstall AOL toolbar. It's not needed and should not interfere with AOL.

AdblockPlus

For Google Chrome
https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb

For Firefox
https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/

  • AdblockPlus, Surf the web without annoying ads!
  • Blocks banners, pop-ups and video ads - even on Facebook and YouTube
  • Protects your online privacy
  • Two-click installation, It's free!
  • click the icon that corresponds to your browser and download.


*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

Try the above and let's see what results we get from this.
 
Juliet said:
I think I'm going to shoot myself since I can't find the reason for this popup.

Let's experiment.

uStart Page = hxxp://www.aol.com <-- did you set AOL as your home page?

AOL Toolbar <-- uninstall AOL toolbar. It's not needed and should not interfere with AOL.

AdblockPlus

For Google Chrome
https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb

For Firefox
https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/

  • AdblockPlus, Surf the web without annoying ads!
  • Blocks banners, pop-ups and video ads - even on Facebook and YouTube
  • Protects your online privacy
  • Two-click installation, It's free!
  • click the icon that corresponds to your browser and download.


*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

Try the above and let's see what results we get from this.
Click to expand...

I believe the aol toolbar is already removed, at least I remember removing it at some point. Don't see it and yes aol.com is my homepage. So far the pop up has not come back. I don't use google or firefox, is it available for IE? I'm as frustrated as you are .
 
Just for your info I couldn't find AOL toobar but I did go into add/remove programs and it was there. Tried to uninstall it and it said it was already installed and asked if I wanted to remove the (can't remember what it said LOL) and I said yes, so now it is not longer in add/remove programs. System seems fine, no weird pop ups at this point.
 
That should read it was already UNINSTALLED. Need some coffee!
Click to expand...

Let's go get a double cappuccino! (do they make a triple)

How's the machine?
 
Ok, I ran Delfix and removed all the excess stuff. Some web pages were acting a little strange (like not being able to click on anything on the page) but I did a reboot and it fixed that. I did not install adblock plus yet. I'm holding off on that for the moment. Things are running a little slow but I attribute that to resetting IE and removing personal settings. I notice that pages I visit frequently are loading faster. So far no weird pop-ups. And thinking it over when I got that aol pop up I may not have reset the home page back to AOL yet. And it has not come up since. So far so good. If we could leave this thread up for a few days I'll use the heck out of it and see how it runs. I have to thank you for all your help with this, I know how frustrating it was. Let's cross our fingers that everything works ok. Have a great day!
 
I have to thank you for all your help with this, I know how frustrating it was. Let's cross our fingers that everything works ok. Have a great day!
Click to expand...
We're glad to help.

You have a great day too!
 
Well a couple of days and everything seems to be working just fine! Thanks so much for the help. I think you can close out this thread now.
 
Glad we could help. :)
sparkle.gif


Since this issue appears resolved ... this Topic is closed.
 
Status
Not open for further replies.
Back
Top