VAToronto

CLOSED Pop-up Survey in Yahoo that I cannot seem to get rid of

Recommended Posts

Hello 

I started to get this survey pop up about 2 weeks ago. It started to come more frequently last week. I reached out to my internet provider and they did some work on my chrome and reset it. I've downloaded your emergency kit and done a number of scans and I'm still getting this pop up this morning. I'm wondering if someone could help me out. I would like to know what I can do to prevent it again and I would also like to get rid of it.

Thank you so much.

FRST.txt

Addition.txt

scan_170609-170506.txt

scan_170612-144823.txt

scan_170613-150744.txt

Share this post


Link to post
Share on other sites

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 0
Startup: C:\Users\Deborah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk.disabled [2014-09-19]
ShortcutTarget: Dropbox.lnk.disabled -> C:\Users\Deborah\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Deborah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2017-03-28]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Deborah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk.disabled [2015-04-19]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk.disabled -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: sasnative64autocheck autochk *
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {3AF91E45-ACFA-4777-B866-576BB2D0E06B} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {3AF91E45-ACFA-4777-B866-576BB2D0E06B} URL =
SearchScopes: HKU\S-1-5-21-2819273676-777421008-3553160601-1001 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
S3 avchv; \SystemRoot\system32\DRIVERS\avchv.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
U4 vsserv; no ImagePath
2017-06-09 13:35 - 2017-06-09 13:35 - 00000000 ____D C:\ProgramData\SecuritySuite
2017-06-09 13:30 - 2017-06-09 13:30 - 00000000 ____D C:\Users\Deborah\Documents\TotalAV
2017-06-09 13:27 - 2017-06-09 13:27 - 00000000 ____D C:\Users\Deborah\AppData\Roaming\TotalAV
2017-06-01 13:27 - 2017-06-01 13:27 - 00000001 _____ C:\Users\Deborah\Downloads\}
C:\Users\Deborah\CanonAPChkTool_Win_v100_EN (1).exe
C:\Users\Deborah\iTunes64Setup.exe
C:\Users\Deborah\setup_maxhire.exe
2014-12-06 16:31 - 2014-12-06 16:31 - 84041160 _____ (SweetLabs,Inc.) C:\Users\dhorn_000.DEBORAH\AppData\Local\Temp\oct1076.tmp.exe
2014-11-17 11:31 - 2014-11-17 11:32 - 50678288 _____ (SweetLabs,Inc.) C:\Users\dhorn_000.DEBORAH\AppData\Local\Temp\oct843.tmp.exe
CustomCLSID: HKU\S-1-5-21-2819273676-777421008-3553160601-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Deborah\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2819273676-777421008-3553160601-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Deborah\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2819273676-777421008-3553160601-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Deborah\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2819273676-777421008-3553160601-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Deborah\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2819273676-777421008-3553160601-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Deborah\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2819273676-777421008-3553160601-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Deborah\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2819273676-777421008-3553160601-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Deborah\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2819273676-777421008-3553160601-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Deborah\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2819273676-777421008-3553160601-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Deborah\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2819273676-777421008-3553160601-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Deborah\AppData\Local\Google\Update\1.3.29.2\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2819273676-777421008-3553160601-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Deborah\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {05270B00-E811-4E7F-80B1-DB53E53491B0} - \LaunchSignup -> No File <==== ATTENTION
Task: {5D48B30E-8D52-48C9-A49F-8FBD4F1182F0} - \boosterpop -> No File <==== ATTENTION
Task: {806782BB-6081-424A-9EFF-858C8BD38BC1} - System32\Tasks\Spybot - Search & Destroy -  Scheduled Task => C:\Users\Deborah\Downloads\SpybotPortable\App\Spybot\SpybotSD.exe
Task: {BAF04A51-BDD2-4A2A-A815-2C718FF88E0C} - System32\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task => C:\Users\Deborah\Downloads\SpybotPortable\App\Spybot\SDUpdate.exe
Task: C:\Windows\Tasks\Spybot - Search & Destroy -  Scheduled Task.job => C:\Users\Deborah\Downloads\SpybotPortable\App\Spybot\SpybotSD.exe
Task: C:\Windows\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task.job => C:\Users\Deborah\Downloads\SpybotPortable\App\Spybot\SDUpdate.exe
AlternateDataStreams: C:\Users\Deborah\iTunes64Setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Deborah\setup_maxhire.exe:BDU [0]
AlternateDataStreams: C:\Users\Deborah\Desktop\Admin Tools:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Deborah\Desktop\Downloads.lnk:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Deborah\Desktop\Recipes:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Deborah\Desktop\Support-LogMeInRescue.exe:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Deborah\Downloads\chromeinstall-7u67.exe:BDU [0]
AlternateDataStreams: C:\Users\Deborah\Downloads\DriverSupport.exe:BDU [0]
AlternateDataStreams: C:\Users\Deborah\Downloads\jre-7u67-windows-i586.exe:BDU [0]
AlternateDataStreams: C:\Users\Deborah\Downloads\jre-7u67-windows-x64.exe:BDU [0]

Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.