Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Invasive "Survey" hijacking web browser


  • Please log in to reply
11 replies to this topic

#1 barnierubble

barnierubble

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:46 AM

Posted 05 December 2017 - 01:43 PM

Whenever I'm using my Rogers/Yahoo email recently, at some point a "survey" hijacks the browser (Firefox). I cannot navigate away from the survey page, other than to close the browser (or click "ACCEPT" which I have not done, of course). This survey resides at the following url:

 

https://eventmembers.com/?ac2f8998b3f502d23cf42494aa69a26b#

 

 

This page tells that you've been selected by your isp to take a user survey about their service. It shows a dialogue box asking you to click "ACCEPT" in order to answer their survey. I immediately suspected it's illegitimate.

 

I'm running Windows 10 64bit, and Windows Defender/Firewall currently. I also scan regularly w/ Malwarebytes free version. I recently uninstalled ZoneAlarm free version as it was apparently having compatibility issues since the latest Windows10 updates ("Creators update"... who knows? I lose track trying to keep abreast of all the issues Microdaft creates for it's unfortunate users, myself included). The issue in question only arose after having uninstalled ZoneAlarm free, although I have no clue if there's any relationship.

 

If I havn't provided enough, or the correct information, please just ask. I'm admittedly feeling less computer literate with every breath so please be patient and thorough when questioning or instructing me.

 

Thanks in advance for any response.



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,414 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:46 AM

Posted 05 December 2017 - 03:08 PM

Use the programs below to clean, remove adware and remove malware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download AdwCleaner by Xplode onto your desktop. (compatible with Windows 7, 8 and 10)

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

Download and run the FREE online scanner from Free Virus Scan | Online Virus Scan from ESET | ESET

  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 barnierubble

barnierubble
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:46 AM

Posted 08 December 2017 - 01:13 PM

Thnx for response buddy215.  I've gone through the steps you outlined, the results are below as you requested.

 

NOTE:  there was no file ending in "[S1]" as your post suggested, so I posted the two files that were provided instead by AdwCleaner
 
 

Adwcleaner[S0].txt:

 

# AdwCleaner 7.0.5.0 - Logfile created on Thu Dec 07 20:53:09 2017
# Updated on 2017/29/11 by Malwarebytes 
# Database: 12-06-2017.1
# Running on Windows 10 Home (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
 
 
AdwCleaner[C0].txt:
 
# AdwCleaner 7.0.5.0 - Logfile created on Thu Dec 07 20:54:00 2017
# Updated on 2017/29/11 by Malwarebytes 
# Running on Windows 10 Home (X64)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
No malicious folders deleted.
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
No malicious registry entries deleted.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries deleted.
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [945 B] - [2017/12/7 20:53:9]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
 
 
 
NOTE:  below is the list of threats found by the ESET scan, I DID NOT click "CLEAN ALL" since your instructions didn't specify to do so
 
 
ESET-ThreatList.txt:
 
C:\Program Files\Vuze\.install4j\user\mism.exe a variant of Win32/Toolbar.Conduit.AR potentially unwanted application cleaned by deleting
C:\Program Files (x86)\NCH Software\Prism\prism.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application cleaned by deleting
C:\Program Files (x86)\NCH Software\Prism\prismsetup_v1.82.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted
C:\Program Files (x86)\NCH Software\Prism\uninst.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application cleaned by deleting
C:\Program Files (x86)\NCH Software\Switch\switch.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application cleaned by deleting
C:\Program Files (x86)\NCH Software\Switch\switchsetup_v4.35.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted
C:\Program Files (x86)\NCH Software\Switch\switchsetup_v4.52.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application deleted
C:\Program Files (x86)\NCH Software\WavePad\wavepad.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application cleaned by deleting
C:\Program Files (x86)\NCH Software\WavePad\wavepadsetup_v5.31.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted
C:\Users\Andrew\Downloads\ccsetup537.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
Z:\ANDREW-PC\Backup Set 2016-10-24 002859\Backup Files 2016-10-24 002859\Backup files 11.zip a variant of Win32/Toolbar.Conduit.H potentially unwanted application,a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application deleted
Z:\ANDREW-PC\Backup Set 2016-10-24 002859\Backup Files 2016-10-24 002859\Backup files 2.zip a variant of Win32/Toolbar.Conduit.AR potentially unwanted application deleted
Z:\ANDREW-PC\Backup Set 2016-12-04 190001\Backup Files 2016-12-04 190001\Backup files 11.zip a variant of Win32/Toolbar.Conduit.H potentially unwanted application,a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application deleted
Z:\ANDREW-PC\Backup Set 2016-12-04 190001\Backup Files 2016-12-04 190001\Backup files 3.zip a variant of Win32/Toolbar.Conduit.AR potentially unwanted application deleted
Z:\ANDREW-PC\Backup Set 2017-01-09 103936\Backup Files 2017-01-09 103936\Backup files 11.zip a variant of Win32/Toolbar.Conduit.H potentially unwanted application,a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application deleted
Z:\ANDREW-PC\Backup Set 2017-01-09 103936\Backup Files 2017-01-09 103936\Backup files 2.zip a variant of Win32/Toolbar.Conduit.AR potentially unwanted application deleted
Z:\ANDREW-PC\Backup Set 2017-02-26 190001\Backup Files 2017-02-26 190001\Backup files 11.zip a variant of Win32/Toolbar.Conduit.H potentially unwanted application,a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application deleted
Z:\ANDREW-PC\Backup Set 2017-02-26 190001\Backup Files 2017-02-26 190001\Backup files 2.zip a variant of Win32/Toolbar.Conduit.AR potentially unwanted application deleted
Z:\ANDREW-PC\Backup Set 2017-03-19 190001\Backup Files 2017-03-19 190001\Backup files 11.zip a variant of Win32/Toolbar.Conduit.H potentially unwanted application,a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application deleted
Z:\ANDREW-PC\Backup Set 2017-03-19 190001\Backup Files 2017-03-19 190001\Backup files 2.zip a variant of Win32/Toolbar.Conduit.AR potentially unwanted application deleted
Z:\ANDREW-PC\Backup Set 2017-04-24 100245\Backup Files 2017-04-24 100245\Backup files 11.zip a variant of Win32/Toolbar.Conduit.H potentially unwanted application,a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application deleted
Z:\ANDREW-PC\Backup Set 2017-04-24 100245\Backup Files 2017-04-24 100245\Backup files 2.zip a variant of Win32/Toolbar.Conduit.AR potentially unwanted application deleted
Z:\ANDREW-PC\Backup Set 2017-05-28 190001\Backup Files 2017-05-28 190001\Backup files 12.zip a variant of Win32/Toolbar.Conduit.H potentially unwanted application,a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application deleted
Z:\ANDREW-PC\Backup Set 2017-05-28 190001\Backup Files 2017-05-28 190001\Backup files 2.zip a variant of Win32/Toolbar.Conduit.AR potentially unwanted application deleted
Z:\ANDREW-PC\Backup Set 2017-07-09 235209\Backup Files 2017-07-09 235209\Backup files 12.zip a variant of Win32/Toolbar.Conduit.H potentially unwanted application,a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application deleted
Z:\ANDREW-PC\Backup Set 2017-07-09 235209\Backup Files 2017-07-09 235209\Backup files 3.zip a variant of Win32/Toolbar.Conduit.AR potentially unwanted application deleted
Z:\ANDREW-PC\Backup Set 2017-09-20 184959\Backup Files 2017-09-20 184959\Backup files 12.zip a variant of Win32/Toolbar.Conduit.H potentially unwanted application,a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application deleted
Z:\ANDREW-PC\Backup Set 2017-09-20 184959\Backup Files 2017-09-20 184959\Backup files 3.zip a variant of Win32/Toolbar.Conduit.AR potentially unwanted application deleted
Z:\ANDREW-PC\Backup Set 2017-10-23 104353\Backup Files 2017-10-23 104353\Backup files 13.zip a variant of Win32/Toolbar.Conduit.H potentially unwanted application,a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application deleted
Z:\ANDREW-PC\Backup Set 2017-10-23 104353\Backup Files 2017-10-23 104353\Backup files 3.zip a variant of Win32/Toolbar.Conduit.AR potentially unwanted application deleted
Z:\ANDREW-PC\Backup Set 2017-11-20 083334\Backup Files 2017-11-20 083334\Backup files 12.zip a variant of Win32/Toolbar.Conduit.H potentially unwanted application,a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application deleted
Z:\ANDREW-PC\Backup Set 2017-11-20 083334\Backup Files 2017-11-20 083334\Backup files 3.zip a variant of Win32/Toolbar.Conduit.AR potentially unwanted application deleted
Z:\App Installers\PhotoScape_V3.7.exe Win32/OpenCandy potentially unsafe application,Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
Z:\App Installers\switchsetup.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application deleted
Z:\App Installers\CCleaner\ccsetup410.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
 
 
 
NOTE:  And the three lists via CCleaner are as follows ---
 
 
StartUp.txt:
 
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run HP ENVY 5660 series (NET) HP Inc. "C:\Program Files\HP\HP ENVY 5660 series\Bin\ScanToPCActivationApp.exe" -deviceID "TH5536V0PV064T:NW" -scfn "HP ENVY 5660 series (NET)" -AutoStart 1
Yes HKCU:Run OneDrive Microsoft Corporation "C:\Users\Andrew\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
Yes HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes HKLM:Run HotKeysCmds Intel Corporation "C:\WINDOWS\system32\hkcmd.exe"
Yes HKLM:Run IgfxTray Intel Corporation "C:\WINDOWS\system32\igfxtray.exe"
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
Yes HKLM:Run Persistence Intel Corporation "C:\WINDOWS\system32\igfxpers.exe"
Yes HKLM:Run RogersTechXpert Rogers "C:\Program Files (x86)\Rogers\TechXpert\5.8.32.5996\RogersTechXpert.exe" /AUTORUN
Yes HKLM:Run RogersTechXpertExtension Rogers "C:\Program Files (x86)\Rogers\TechXpert Extension\4.8.8.62562\RogersTechXpertExtension.exe" /AUTORUN
Yes HKLM:Run SecurityHealth Microsoft Corporation %ProgramFiles%\Windows Defender\MSASCuiL.exe
 

 

SceduledTasks.txt:
 
Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task OneDrive Standalone Update Task-S-1-5-21-3742594582-1323796267-1362204781-1000 Microsoft Corporation %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Yes Task {5C62999D-A4EB-416A-84B6-581E27AC21C1} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\Andrew\Desktop\burrrn_package.exe -d C:\Users\Andrew\Desktop
 
 
InstalledPrograms.txt:
 
3D Builder Microsoft Corporation 10/28/2017 15.0.2911.0
7-Zip 9.20 (x64 edition) Igor Pavlov 11/8/2012 9.06 MB 9.20.00.0
Acoustica Effects Pack Acoustica, Inc 9/28/2017 3.0
Acoustica Mixcraft 3.1 Acoustica 9/28/2017
Acoustica Mixcraft 4.5 Acoustica 9/28/2017
Acoustica Mixcraft 5 Acoustica 9/28/2017
Acoustica Mixcraft 6 Acoustica 9/28/2017 285 MB b201
Adobe Acrobat Reader DC Adobe Systems Incorporated 11/30/2017 389 MB 18.009.20050
Adobe Flash Player 25 NPAPI Adobe Systems Incorporated 9/28/2017 19.3 MB 25.0.0.171
Adobe Shockwave Player 12.2 Adobe Systems, Inc. 9/28/2017 36.0 MB 12.2.4.194
AnarchyEffects VST Plug-Ins (32 bit) (1.5.1.1) Anarchy-Rhythms.com 9/28/2017 1.5.1.1
Any Video Converter 5.8.1 Anvsoft 9/28/2017 5.8.1
Any Video Converter 5.9.2 Any-Video-Converter.com 4/10/2016 140 MB
App connector Microsoft Corporation 10/5/2016 1.3.3.0
App Installer Microsoft Corporation 11/14/2017 1.0.12894.0
Apple Application Support (32-bit) Apple Inc. 11/13/2017 170 MB 6.1
Apple Application Support (64-bit) Apple Inc. 11/13/2017 192 MB 6.1
Apple Mobile Device Support Apple Inc. 11/13/2017 41.0 MB 11.0.1.2
Apple Software Update Apple Inc. 9/16/2017 7.31 MB 2.4.8.1
Bigasoft Video Downloader Pro 3.10.9.5856 Bigasoft Corporation 3/9/2016 102 MB
Bonjour Apple Inc. 10/9/2015 3.28 MB 3.1.0.1
Calculator Microsoft Corporation 10/10/2017 10.1709.2703.0
Camera Microsoft Corporation 10/17/2017 2017.921.10.0
Candy Crush Soda Saga king.com 11/8/2017 1.101.900.0
CCleaner Piriform 12/8/2017 22.3 MB 5.37
DVD Flick 1.3.0.7 Dennis Meuwissen 11/15/2012 48.1 MB 1.3.0.7
Exact Audio Copy 1.1 Andre Wiethoff 9/28/2017 1.1
Feedback Hub Microsoft Corporation 10/20/2017 1.1708.2831.0
FLAC Frontend Xiph.org 12/8/2015 1.73 MB 2.1.1
FreeRIP MP3 Converter 4.5.4 GreenTree Applications SRL 9/28/2017 5.74 MB 4.5.4
GEAR driver installer for AMD64 and Intel EM64T GEAR Software, Inc. 11/9/2012 245 KB 2.003.1
GIMP 2.8.6 The GIMP Team 9/20/2013 293 MB 2.8.6
Google Chrome Google Inc. 4/28/2017 353 MB 62.0.3202.94
Groove Music Microsoft Corporation 11/18/2017 10.17085.22311.0
HP Dropbox Plugin HP 9/29/2017 3.54 MB 36.0.41.58587
HP ENVY 5660 series Basic Device Software HP Inc. 9/29/2017 157 MB 40.11.1135.17143
HP ENVY 5660 series Help Hewlett Packard 9/29/2017 7.62 MB 34.0.0
HP Google Drive Plugin HP 9/29/2017 3.54 MB 36.0.41.58587
HP Smart HP Inc. 9/29/2017 75.1.298.0
HTC Driver Installer HTC Corporation 4/8/2016 6.20 MB 4.17.0.001
HTC Sync Manager HTC 10/25/2017 334 MB 3.1.86.4
Intel® Processor Graphics Intel Corporation 3/8/2017 9.17.10.3347
IPTInstaller HTC 5/15/2013 600 KB 4.0.8
iTunes Apple Inc. 11/13/2017 536 MB 12.7.1.14
KB4023057 Microsoft Corporation 9/28/2017 644 KB 2.4.0.0
Mail and Calendar Microsoft Corporation 12/5/2017 17.8730.21155.0
Malwarebytes version 3.3.1.2183 Malwarebytes 11/29/2017 143 MB 3.3.1.2183
Maps Microsoft Corporation 10/18/2017 5.1708.2764.0
Medieval CUE Splitter Medieval Software 11/10/2012 1.69 MB 1.2.0
Messaging Microsoft Corporation 11/29/2017 3.34.25004.0
Microsoft Office Home and Student 2010 Microsoft Corporation 9/28/2017 27.8 MB 14.0.7015.1000
Microsoft OneDrive Microsoft Corporation 12/7/2017 100 MB 17.3.7131.1115
Microsoft Silverlight Microsoft Corporation 6/20/2017 143 MB 5.1.50907.0
Microsoft Solitaire Collection Microsoft Studios 11/23/2017 3.18.11201.0
Microsoft Sticky Notes Microsoft Corporation 4/10/2017 1.8.0.0
Microsoft Store Microsoft Corporation 12/5/2017 11711.1001.5.0
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 11/16/2012 596 KB 8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 12/2/2013 1.20 MB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 5/20/2014 1.53 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 5/20/2014 1.53 MB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 2/19/2013 2.83 MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 11/16/2012 1.16 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 11/16/2012 1.14 MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 11/16/2012 1.17 MB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 2/11/2015 28.7 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 2/11/2015 21.2 MB 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 10/1/2017 11.2 MB 10.0.50903
Microsoft Wi-Fi Microsoft Corporation 10/5/2016 1.1604.4.0
Mixed Reality Viewer Microsoft Corporation 12/3/2017 2.1711.17012.0
MixMeister Express 5 MixMeister Technology LLC 11/9/2012 32.7 MB 5.1.5.0
MixMeister Express 6.1.10 MixMeister Technology LLC 11/9/2012 41.2 MB
Mixxx 1.10.1 (64-bit) The Mixxx Team 9/28/2017 1.10.1
Mixxx 1.11.0 (64-bit) The Mixxx Development Team 9/28/2017 1.11.0
Money Microsoft Corporation 9/25/2017 4.21.2212.0
Monkey's Audio 2/26/2015 2.71 MB
Movies & TV Microsoft Corporation 12/1/2017 10.17102.13911.0
Mozilla Firefox 57.0.1 (x64 en-US) Mozilla 12/6/2017 140 MB 57.0.1
Mozilla Maintenance Service Mozilla 11/30/2017 341 KB 57.0.1.6541
Mp3tag v2.85 Florian Heidenreich 11/8/2017 9.52 MB 2.85
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 5/17/2013 2.55 MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 5/17/2013 2.66 MB 4.20.9876.0
My Office Microsoft Corporation 11/22/2017 17.8809.7600.0
News Microsoft Corporation 9/25/2017 4.21.2212.0
OneNote Microsoft Corporation 11/18/2017 17.8730.20741.0
Paid Wi-Fi & Cellular Microsoft Corporation 9/29/2017 2.1709.2484.0
Paint 3D Microsoft Corporation 11/10/2017 3.1710.30027.0
People Microsoft Corporation 11/2/2017 10.2.2791.0
Phone Microsoft Corporation 11/29/2017 3.34.12002.0
Phone Companion Microsoft Corporation 10/5/2016 10.1609.2561.0
Photos Microsoft Corporation 11/14/2017 2017.39091.16340.0
PhotoScape 9/28/2017
Rogers TechXpert 5.8.32 Rogers 5/14/2016 100 MB 5.8.32
Skype Skype 11/30/2017 12.9.604.0
Sports Microsoft Corporation 9/25/2017 4.21.2212.0
Store Experience Host Microsoft Corporation 12/5/2017 11711.1711.20001.0
Sway Microsoft Corporation 11/7/2017 18.1711.50601.0
Tips Microsoft Corporation 10/30/2017 5.12.2691.0
Twitter Twitter Inc. 7/7/2017 5.8.1.0
VLC media player VideoLAN 9/28/2017 127 MB 2.2.6
Voice Recorder Microsoft Corporation 10/10/2017 10.1709.2703.0
Vuze Azureus Software, Inc. 12/8/2017 141 MB 5.7.1.0
Wallet Microsoft Corporation 9/29/2017 1.0.16328.0
Weather Microsoft Corporation 9/25/2017 4.21.2212.0
Windows 10 Update and Privacy Settings Microsoft Corporation 6/28/2017 2.10 MB 1.0.14.0
Windows DVD Player Microsoft Corporation 10/5/2016 3.6.13291.0
Xbox 11/14/2017
Xbox Game bar Microsoft Corporation 11/7/2017 1.22.30001.0
Xbox Game Speech Window Microsoft Corporation 9/29/2017 1.14.2002.0
Xbox Identity Provider Microsoft Corporation 9/25/2017 11.29.23003.0

 

 

Please lmk if I've missed anything, or how to proceed from here (as I said, I've yet to "Clean/Delete" threats found by the ESET scan).


Edited by barnierubble, 08 December 2017 - 04:52 PM.


#4 buddy215

buddy215

  • Moderator
  • 13,414 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:46 AM

Posted 08 December 2017 - 02:33 PM

The list of installed programs was cut short. There should be more as not even Mozilla Firefox is shown.

Please post the entire list.

 

The Eset scan log says it deleted what the scan found which it should have.

 

Do you have an ad blocker installed?

 

Are you paying extra for that "expert tech support"?

 

Suggest Disabling these Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run HP ENVY 5660 series (NET) HP Inc. "C:\Program Files\HP\HP ENVY 5660 series\Bin\ScanToPCActivationApp.exe" -deviceID "TH5536V0PV064T:NW" -scfn "HP ENVY 5660 series (NET)" -AutoStart 1
Yes HKCU:Run OneDrive Microsoft Corporation "C:\Users\Andrew\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
Yes HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes HKLM:Run IgfxTray Intel Corporation "C:\WINDOWS\system32\igfxtray.exe"
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
Yes HKLM:Run RogersTechXpert Rogers "C:\Program Files (x86)\Rogers\TechXpert\5.8.32.5996\RogersTechXpert.exe" /AUTORUN
Yes HKLM:Run RogersTechXpertExtension Rogers "C:\Program Files (x86)\Rogers\TechXpert Extension\4.8.8.62562\RogersTechXpertExtension.exe" /AUTORUN
 
Disable these Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task OneDrive Standalone Update Task-S-1-5-21-3742594582-1323796267-1362204781-1000 Microsoft Corporation %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Yes Task {5C62999D-A4EB-416A-84B6-581E27AC21C1} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\Andrew\Desktop\burrrn_package.exe -d C:\Users\Andrew\Desktop
 
Uninstall this program:
Candy Crush Soda Saga king.com 11/8/2017 1.101.900.0
 
Can you access your Yahoo email account(s) online without using your ISP's Yahoo email client?
 
Block third party cookies...also known as ad and tracking cookies.... from installing in your browsers.
Once blocked....run CCleaner to remove the existing third party cookies.
 
 
 
 
 
 
 

Edited by buddy215, 08 December 2017 - 02:44 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 barnierubble

barnierubble
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:46 AM

Posted 08 December 2017 - 05:47 PM

You're right. That list of installed programs is now complete. Sorry for the error.

I've disabled the Start-Ups, Tasks, and uninstalled the Candy Crush program as you suggested.

 

No I don't have an ad-blocker of any kind (as far as I know).

 

I assume the "expert tech support" you refer to is the junk that comes with my cable/internet package. No extra charge... or value-added. lol

 

As for the "email client" query, I think not... but I honestly don't know.


Edited by barnierubble, 08 December 2017 - 05:51 PM.


#6 buddy215

buddy215

  • Moderator
  • 13,414 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:46 AM

Posted 08 December 2017 - 06:37 PM

Uninstall this program:

Rogers TechXpert 5.8.32 Rogers 5/14/2016 100 MB 5.8.32

 

I see you installed a p2p ...vuze...downloading free stuff...movies, music, software...is very risky as more than half will be bundled

with malware or adware....may be illegal, too. I suggest you run scans using Malwarebytes and AdwCleaner. Let me know if they

found and deleted anything

 

Install Adblock Plus in your browsers. It may block the server responsible for the ad in your email. Let me know if it doesn't.

Adblock Plus :: Add-ons for Firefox  Adblock Plus - Chrome Web Store


Edited by buddy215, 08 December 2017 - 06:39 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 barnierubble

barnierubble
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:46 AM

Posted 11 December 2017 - 04:42 PM

Thnx for those suggestions and links, I'll get to implementing them now.  I gave up torrents altogether (at least a few years ago)... Too much risk. I'd forgotten vuze was left installed.  NOTE: I've scanned via Malwarebytes-free and AdwCleaner more than once since the "survey problem" arose, with no threats found by either. I will repeat the process though.

I started to research ad-blockers once you asked about it, but wasn't sure which one to choose.  Thnx for a recommendation, I'll try it.  

I'll get back to you about my results.



#8 buddy215

buddy215

  • Moderator
  • 13,414 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:46 AM

Posted 11 December 2017 - 05:08 PM

Please do...report back.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 barnierubble

barnierubble
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:46 AM

Posted 13 December 2017 - 01:05 PM

I've uninstalled Rogers TechXpert 5.8.32.

 

Scanned with Malwarebytes and AdwCleaner... no threats found in either case.

 

Added AdBlock Plus to all 3 browsers in use (ie. Firefox, Chrome, Edge).  Seems to have worked in suppressing the initial "survey" problem in all cases so far, except that Edge only supports ABP in regular browsing mode and not private.  So thnx very much for that!.. at least now I can view my emails uninterrupted.

 

Inre: VUZE  can I simply uninstall the program, or does a P2P like that require a more in-depth uninstall process to get rid of all it's components/leftovers?



#10 buddy215

buddy215

  • Moderator
  • 13,414 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:46 AM

Posted 13 December 2017 - 01:35 PM

I don't know how effective the Vuze uninstaller is. You can use Download Revo Uninstaller Freeware that does a very

good job of uninstalling programs.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 barnierubble

barnierubble
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:46 AM

Posted 13 December 2017 - 02:54 PM

Ok, I think I've used that program in the past at some point. Hopefully it's not too tough to figure out. TY



#12 buddy215

buddy215

  • Moderator
  • 13,414 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:46 AM

Posted 13 December 2017 - 03:25 PM

Use the Advanced uninstall as shown at How To: Use Revo Uninstaller - Free Version! - YouTube


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users