Solved Cloudscout ads and fake "update flash" installation windows

[TheTurkeyBaster]

If you need any more information pertaining to my computer I should be able to get it for you. Thank you so much for any help you can offer.

 

[argus]

You're missing Addition.txt report.

 

[TheTurkeyBaster]

Sorry, it should be there now.

 

[argus]

Okay,

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;
  autoclean;
  emptyalltemp;
  ipconfig /flushdns;b
  emptyfolderscheck;delete

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

 

[TheTurkeyBaster]

I'm getting an error message saying "selected file is empty" when I try to upload it so below is a copy+paste of it, I hope this is good enough, thanks for all the help.

zoek-results.log copy+paste below:

Zoek.exe v5.0.0.0 Updated 11-March-2015
Tool run by TheTurkeyBaster on Wed 03/11/2015 at 18:41:06.05.
Microsoft Windows 8.1 Pro 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\TheTurkeyBaster\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

3/11/2015 6:43:00 PM Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\Users\TheTurkeyBaster\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [03/10/2015 04:27 PM]

==== Chromium Look ======================

Google Chrome Version: 40.0.2214.115 (Possible outdated, latest Stable version: 41.0.2272.89)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[03/10/2015 04:27 PM]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[07/14/2014 10:22 PM]

Google Voice Search Hotword (Beta) - TheTurkeyBaster\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Avast Online Security - TheTurkeyBaster\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\TheTurkeyBaster\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\TheTurkeyBaster\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Default User\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\TheTurkeyBaster\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\TheTurkeyBaster\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\TheTurkeyBaster\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=4 folders=4 930 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\TheTurkeyBaster\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\THETUR~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on Wed 03/11/2015 at 20:01:29.81 ======================

 

[argus]

How is the situation now?

 

[TheTurkeyBaster]

Nothing has changed

 

[argus]

Uninstall Chrome

Close all Chrome windows and tabs.
Go to the Start menu > Control Panel.
Click Programs and Features.
Double-click Google Chrome.
Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, select the "Also delete your browsing data" checkbox.


Click Start, copy %LOCALAPPDATA%\Google click Local and remove folder chrome

Download Chrome
https://www.google.com/intl/en/chrome/browser/desktop/


Reset your router.

 

[TheTurkeyBaster]

I haven't seen the false flash update popups but the cloud scout ads and hyperlinked words are still on both chrome and steam

 

[argus]

Did you reset the router?

 

[TheTurkeyBaster]

Yes

 

[argus]

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Follow the prompts and click Scan.
• When finished, please click Clean.
• Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.

Please include the contents of that file in your reply.

 

[TheTurkeyBaster]

I redid the uninstallation of google and resetting my router because I realised I had forgotten to delete google's localappdata folder, nothing changed. I ran JRT and adwcleaner, nothing has changed although I can confirm the fake flash update alerts are still happening.

 

[TheTurkeyBaster]

I redid the google step (forgot to delete google's localappdata folder), nothing happened. I ran JRT and adwcleaner and nothing changed. However I can, unfortunately, confirm that the fake flash update popups still exist.

 

[argus]

try this
https://support.google.com/chrome/answer/3296214?hl=en

 

[TheTurkeyBaster]

I tried that before coming to MT forums, it didn't have any effect. Before we go any farther I would like to say that there is very little data on my 2 hard drives and none of it is irreplaceable so if I do need to wipe either of them (the c drive I will need help with) I don't have a problem with that

 

[argus]

If you can format the C drive, it would be best.

 

[TheTurkeyBaster]

I can, would that delete my OS? if so, how would I reinstall it? Windows 8.1 is something I'd rather not repurchase. Thanks so much for all your help!

 

[argus]

Windows 8.1: Reset To Factory Settings