I’ve been having intermittent issues for a while now with a Network shield pop-up for a malicious URL blocked. The URL in question is “http:// stats.mydatastatssrv.com/stats.gif?action”. I first ran a scan using mbam about a month ago and found several objects and successfully removed them. I followed this scan up with another scan using mbam showing a clean system. Both of these initial logs have been attached (dated 2014-02-17).
Today I received the same pop-up and performed a third scan finding yet more items for removal. All items were successfully removed and the log is attached (2014-03-14).
Given my recent experience of this issue recurring, I am not convinced that the issue has been resolved and I would greatly appreciate any assistance in determining the cause of these pop-ups. I also downloaded and ran both OTL.exe and aswmbr.exe and will post the associated logs in a reply post to this one.
I meant to include this above but forgot. I use chrome as my browser and generally the pop-ups seem to come up as soon as I open chrome before I actually start browsing anywhere besides my google home page. I don’t think I can say that it has never happened any other time but that is my best recollection based on what it did most recently. Also, the pop-up occurred most recently three times in relatively rapid succession (although in the past it seems I only received it once).
:Commands
[CREATERESTOREPOINT]
:OTL
IE - HKU\S-1-5-21-3918443845-2643131500-1363349224-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-search.com/?q={searchTerms}&affID=119351&tt=gc_150213_neue&babsrc=SP_ss&mntrId=CA1CC0CB389DFFBF
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O15 - HKU\S-1-5-21-3918443845-2643131500-1363349224-1001\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Reg Error: Key error.)
:Files
C:\Users\Tice\AppData\Local\Google\Chrome\User Data\Default\Extensions\jneaojaoiajhnemidnjhoempalnidbhj
:Commands
[resethosts]
[emptytemp]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.
I’ve been watching over the last week and I’ve had no new pop-ups in that time. I ran another mbam scan this morning and found nothing, so as of now it appears the issue has been resolved.