Nightmare called visitorsurveyusa.com

6-10 days ago, I somehow picked up a very annoying adware popup that I've been unable to identify or eliminate with Malwarebytes or AdwareCleaner. They appear everywhere, offering free goodies for doing a survey. The offers are sometimes specific to the site they pop up on, including yahoo and amazon. Yesterday their popup came up when I navigated to MG.

The initial popup lead to http://helpingtrk.com and from there visitorsurveyusa.com. I did a search with duckduckgo and both showed up with the comment "We would like to show you a description here but the site won't allow us". Not sure what that signifies, but I thought was amusing.

I spent a considerable amount of time yesterday amassing the logs as directed. Hopefully I did ok and got them attached properly.

As noted, I don't know how this infected me. This was just set up a few weeks ago with a clean OS install, and a few apps. I don't think I have installed anything downloaded anywhere except MajorGeeks except for some print drivers from Samsung and Canon. Also Java and Fiefox.

I don't know if or how it could be related, but I also recently have been getting may script hickups, "a script is making your broser run very slow, igore stop etc." Happens with both IE 8 Firefox. I am running XP SP3 and IE8 with all updates.

One thing that puzzled me along the way was the youtube video pertaining to attaching files to posts. It looked like doing a C:\majorgeeks\analyze\tools and something from there. I don't have anything like that or know how to get it. I do have an old version of HighjackThis as well as the newer Trend version, and as sonn as I send this post I'm going to install and run one of them. I'll make sure to save a log. HT is an old time firend I haven't seen for a long time.

Any insights and guidance greatly appreciated.

 

View attachment HitmanPro_20150404_1904.log

View attachment MGlogs1.zip

 

Thanks for getting back We'll try to work thru this but can't at the moment.

Trying to be helpful here, but you might try the MS link and see what happens for you. For me, whirlygig thing "loading", for 35 minutes now. I suggest: Open IE . Click Tools->Internet Options->Advanced . Go the bottom of the page and click on "Reset"

I opened mscong, and set it back to normal, then rebooted.

I then tried OTM. I am getting a screen with 3 tabs. Not sure what to do now. I don't see any type of list. The only choice I have is if I choose Cleanup! I didn't. screenshot attched, I hope.

 

I've tried several times to attach a screenshot.rtf uploaded. "Upload failed" Trust me, nothing I can do when I open OTM generates any kind of list.

 

Sorry for the absence. I initially managed to misunderstand your instructions to copy and paste your stuff into OTM. Then I got a missive from she who must be obeyed wanting me to amass a bunch of tax documentation for our son who graduated last year . At which point I was exasperated and suffering severe screen fatigue. So this morning Iwent back to work with fresh eyes.

Everything seemed to go ok until XP was rebooting, during which I heard I heard an XP thump sound and thought to myself "uh-oh". Sure enough, the generic XP wallpaper comes up but nothing else but A message box-no icons bars or Start button.

The message:
"Windows could not find "C\Documenets and Settings\SJ\Desktop\OTM.exe. Make sure you typed the name correctly, and then try again. To seaarch for a file, click the Start button, and then click Search." with an OK button.

I didn't proceed further.

I am certain OTM.exe is or was on the desktop. I downloaded and saved it to the desktop, and just ran it from the desktop.

thought or suggestions?

 

By the way, I am pretty sure NIS was disabled when all of the logs were generated. I had been disbling it 5 hrs at a time, the last time I disbled it permanently. May leave it that way for a good while.

 

OTM appears to have disappeared from my desktop. NIS shows it is and was not enabled. Search finds OTM.EXE-1849DC11.pf in C:\Windows\Prefetch, size 30k timestamped 9:47am when is when I clicked CleanIt!. It almost seems like it was moved by the startup script when OTM initiated a reboot. I could Uninstall NIS if you think that would help.

 

This morning I went ahead and uninstalled NIS. At that point I decided to download OTM.exe back to my desktop and try it again. Then unexpected things happened. When I clicked the OTM icon the regular program page did not come up. Instead the entire OTM window was occupied by what looked to be a log. The top line said something to the effect "All junkware enries removed". There were no visible options such as save or print. I believe I right clicked to try and copy the text and everything disappeared. Restarting OTM merely brought up the regular screen.

I can say for sure that there is no .log or .txt files on my drive that could possibly be associated with OTM, and
The previously noted OTM.EXE-1849DC11.pf file is now 36kb and datestamped this morning.

After this, I ran JRT and the log is attached.

I think its maybe time to give things a rest and see if OTM did actually fix something, and see if I experience reoccurence of the popups. They had appeared occasionally using Yahoo mail, none so far today.

 

Bad news. I tried bouncing around on Amazon yesterday, enough that I thought I would get a popup if it was still active. Looked like it might be gone. Not the case.

This morning I'm getting them like mad, on both Amazon and eBay. I just got one that was new to me, it filled the screen. This is very frustrating.

 

Maybe all is not lost. While contemplating the prospect of doing another scratch rebuild, I decided to run through all previous steps and logs in succession. This morning I got 3 popups on 6 clicks with Amazon, similar on eBay. After the above, none so far with a lot more clicks. Knock on wood.

Perhaps having NIS thoroughly uninstalled thru the entire process.

When I ran OTM this time I copied and saved the info in the right side box before I rebooted. I'm attaching that. After rebooting I could find no trace of OTM anything. It looks like it deletes itself on reboot. It and RogueKiller are both absent on my desktop.

Knock on wood, again.