The_official_survey pop up
Hello, warsawtom. Thank you for your most recent DDS log and for the additional updates to your issue. It would be helpful if you do not post lengthy quotes when you reply, so that I do not have to scroll through so much to get to your response. Let's see if the following will resolve the remaining issues.
Advertising Center
This appears to be associated with Nero and seems to have installed with versions 8 and 9. To delete:
- Click Start > (My) Computer > Double click Local Disk C:.
- Click the following folder: Common files > Nero.
- If it exists, locate the following folder, right click on it, and then click Delete.
MarketResearch
This appears to be associated with your HP products. It seems that when your printer was installed, it also installed a component named HP Customer Participation Program 13.0.
According to HP Support, “It provides customers an opportunity to participate in market research designed to improve HP products and experiences, and various programs with benefits such as special offers, awards and enhanced technical support.” Since removing this application does not interfere with printer updates, it is safe to uninstall, though you may receive a message that removing the program will affect the Printer Driver Software -- it will not.
Please navigate to your Programs and Features and uninstall HP Customer Participation Program 13.0.
Playtopus
Yes, the runDLL error is the result of deleting this from your Program Files. The program is still appearing under the Installed Programs list. Let’s try to uninstall Playtopus and any associated files using Revo Uninstaller.
Please download Revo Uninstaller freeware from http://www.revouninstaller.com/revo_..._download.html
- Double click the installation file on the desktop to run the installer.
- Let it install to the default location.
- Double click the new Revo Uninstaller Icon on the desktop to start the program. You will now see a list of installed programs that Revo Uninstaller can remove.
- Locate the program you are uninstalling: Playtopus
- Right click the Icon, then choose Uninstall.
- Click Yes to the warning and choose the Uninstall Mode.
- Choose the Advanced option, and then click Next.
- This will launch the program's built in uninstaller. Be patient as it can take several minutes.
- Once the uninstaller is done, click Next.
- Revo Uninstaller will now scan for leftover information. Be patient as it can take several minutes.
- Once this scan is done, click Next.
- You will then be presented of the leftover entries found by Revo Uninstaller.
- Look at ALL of the entries to ensure they relate to the uninstall. These should appear in bold print.
- Click Select All if they are related to the uninstall, or check only the entries that are related > Click Delete to remove the entries.
- Click Next.
- If there are any program file folders left over, you will be presented with a list to be removed.
- Again, look at ALL of the entries to ensure they are related to the uninstall.
- Click Select All if they are related to the uninstall, or check only the entries that are related. > Delete to remove the entries.
- Click Finish to go back to the uninstall list.
- Close the program.
You neglected to mention that the pop-up you have been receiving is an audio ad, or am I understanding that this is a new development? Let me know if we have now resolved anything.
The_official_survey pop up
Hello warsawtom.
Uninstalling Nero was a good choice since the program was not being used at all. It's always a good idea to remove unused/obsolete programs from your system.
When it comes to malware, any little bit of information can be significant in resolving an issue. Is your audio pop-up strictly audio, or is it a combined audio-visual pop-up?
Audio Pop-up
Let's try to block it using the browsers' pop-up blockers.
For Internet Explorer
- Open Internet Explorer.
- Click Tools > Pop-up Blocker.
- Select Turn on Pop-up Blocker.
For Firefox
- Open Firefox.
- Click Tools > Options.
- Click the Content tab.
- Check mark Block pop-up windows > Click OK.
For Google Chrome
- Open Google Chrome.
- Click Tools > Options.
- Click the Under the Hood tab.
- Click Content Settings.
- Check mark Do not allow any site to show pop-ups > Click Close.
Random hypertext links
From your description, it appears your system has been injected with Text Enhance. Text Enhance is an adware program and browser hijacker, as well as an add-on for Internet Explorer, Firefox, and Chrome. It is typically added when you install other free programs. Since this is a very recent development, it may have installed alongside Revo Uninstaller, unless you have installed other freeware. Let's work through the following steps to remove Text Enhance.
1. Clear Browser Cache and Cookies
For Internet Explorer
- Open Internet Explorer.
- Click Tools > Internet Options found at the bottom.
- In the General tab, under Browser history, click Delete.
- Check mark all options and click Delete. If you want to preserve Passwords or Form Data, leave these unchecked.
For Firefox
- Open Firefox.
- Click Tools > Clear Recent History.
- Expand the Details option.
- Check mark Browsing & download history and Cookies.
- From the drop down menu, select Everything.
- Click Clear Now.
For Google Chrome
- Open Chrome.
- Click the Chrome menu icon (wrench or 3 bars) at the top right of the browser window.
- Select Tools.
- Select Clear browsing data. The Clear browsing data dialogue box appears in a new tab.
- From the drop-down menu next to Obliterate the following items from:, select the beginning of time.
- Check mark the following items:
- Empty the cache
- Delete cookies and other site and plug-in data
- Click Clear browsing data.
2. Uninstall Text Enhance in Programs
- Click Start and select Control Panel.
- When the Control Panel window opens, click on Uninstall a program found under the Programs category.
- If you are using the Classic View of the Control Panel, then you would double-click on the Programs and Features icon instead.
- Look through the list of programs. If Text Enhance is listed, left-click on it once to highlight it.
- Click on the Uninstall button.
- When asked if you are sure you want to uninstall, click Yes.
- The program will uninstall, and when completed, you will be back at the list of programs installed on your computer.
- When finished, close the Programs and Features screen.
3. Block/Disable/Remove Browser Extensions
For Internet Explorer
- Open Internet Explorer.
- Click Tools > Manage Add-ons.
- In the Manage Add-ons window, under Add-on Types (found on left side) highlight Toolbars and Extensions.
- Under the Show: drop-down menu (found on left side) make sure All add-ons is selected.
- Highlight the extension (Text Enhance) you wish to remove, and select Disable.
- The Disable add-on window may pop up to warn you that related services and add-ons will also be disabled. Click Disable.
- Click Close to exit the Manage Add-ons window.
For Firefox:
- Open Firefox.
- Click Tools > Add-ons.
- In the Add-ons window, under Add-on Types select Extensions.
- Click to highlight the extension (Text Enhance) you wish to remove and select Disable. If you want to delete an extension entirely, click Remove.
- The Disable add-on window may pop up to warn you that related services and add-ons will also be disabled. Click Disable.
- Exit the Add-ons Manager window, and restart Firefox to complete the process.
For Google Chrome
- Open Google Chrome.
- Click the Chrome menu icon (wrench or 3 bars) at the top right of the browser window.
- Click Tools > Select Extensions to open the Options tab.
- Uncheck Enabled to disable the extension (Text Enhance), or click Remove to delete it completely.
4. Remove Text Enhance registry keys with Adwcleaner
- Close all open programs and internet browsers.
- Double click on adwcleaner.exe to run the tool.
- Click on the Delete button.
- A logfile will automatically open after the scan has finished.
- You can also find the logfile at C:\AdwCleaner[S1].txt
.
Copy and paste the adwcleaner.txt report into your next reply.
5. Scan with Malwarebytes Anti-malware
Scan your computer with MBAM again and send me a fresh log.
Let me know if we have resolved the issues.
The_official_survey pop up
Hello, warsawtom.
Are you still with me?
The_official_survey pop up
Hello, warsawtom.
To begin, please rescan your system with the following tools, and post the fresh logs. You will find instructions posted HERE.
The_official_survey pop up
Hello, warsawtom.
Thank you for the logs and your updated information. It is not unusual for malware to resurface after removal, as was the case for Playtopus.
Please work through the following tasks
1. Please send me a screenshot of the pop-up window.
2. You mentioned in post 23 that you did not use Nero and had completely uninstalled it. Your latest DDS log indicates that the program is still appearing in your Control Panel. Your pop-up may be associated with Nero's Advertising Center as I had previously explained in post 22. Please uninstall the following Nero applications in your Control Panel's Programs list:
- Nero ControlCenter
- Nero Express
- Nero InfoTool
- Nero Live
- Nero Live Help
- Nero PhotoSnap Help
- Nero Recode Help
- Nero ShowTime
- Nero StartSmart Help
- Nero Vision
- Nero WaveEditor Help
- neroxml
Please run the following scan
Run OTL.exe
- Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
- Then click the Run Fix button at the top.
Code:
:OTL
(x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [2013-6-26 1598128]
:Commands
[emptytemp]
[resethosts]
- Let the program run unhindered; it will reboot when it is done. If it does not, please reboot your system.
- Post the new log in your next reply.
CHECKLIST: In your next reply, please post the following:
- OTL log
- Screenshot of pop-up window
- Let me know if uninstalling the Nero applications resolved the pop-up.