Removing Ads by Keep Now in Chrome

[Chris Pyle]

OH Well I thought all the above was the message so here you go Valid Message.

 

[Chris Pyle]

Adding the logs.

 

[TwinHeadedEagle]

Hi,



Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)

Open FRST, and click Fix. Attach me that report after it is finished.




Please download zoek.zip or zoek.rar by smeenk (

) from here or here and save it to your Desktop.
Unpack the archive...

• Close any open browsers
• Temporarily disable your AntiVirus program. (If necessary)
  If you are unsure how to do this please read this or this Instruction.
  
• Double click on zoek.exe to run the tool .
  Please wait while the tool does not start...
  
• Copy the text present inside the code box below and paste it into the large window in the zoek tool:
  
  

  autoclean;
  emptyalltemp;

• Click on
  
  button.
  Please wait until a logreport will open (this can be after reboot)
  
• Save notepad to your Desktop and attach here zoek-results.log
  Note: It will also create a log in the C:\ directory named "zoek-results.log"

 

[Chris Pyle]

"Open FRST, and click Fix. Attach me that report after it is finished."

Does this take awhile to show anything is happening? I clicked Fix and waiting 5 minutes or so and not seeing anything. There is no longer an option to click Fix. Cursor with no hand. Keep waiting or?

Thank You

 

[TwinHeadedEagle]

That's weird, can you restart your PC, and try again? If it fails again, skip and proceed with Zoek.

 

[Chris Pyle]

OK I hope I have done this right.

It will not let me upload file so copy and paste it here for you.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-02-2014
Ran by Owner at 2014-02-20 12:20:53 Run:1
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKU\S-1-5-21-3164579215-2033947505-1184521271-1001\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-3164579215-2033947505-1184521271-1001\...\MountPoints2: {095ad355-5284-11dc-8a66-00a0d18567a1} - E:\LaunchU3.exe -a
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Owner\AppData\Local\Temp\airE81A.exe
C:\Users\Owner\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Owner\AppData\Roaming\Optimizer Pro
C:\Program Files\Optimizer Pro
2014-01-28 21:34 - 2014-01-28 21:34 - 00001024 _____ () C:\Users\Owner\Desktop\Optimizer Pro.lnk
C:\ProgramData\CouupOnpeeak
Task: {4220F3EA-8066-44D5-A47E-416F783F7F77} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files\Browsersafeguard\uninstall.BrowserSafeguard.exe <==== ATTENTION
C:\Program Files\Browsersafeguard
cmd: ipconfig /flushdns
*****************
HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-3164579215-2033947505-1184521271-1001 => Key not found.
HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{095ad355-5284-11dc-8a66-00a0d18567a1} => Key not found.
HKCR\CLSID\{095ad355-5284-11dc-8a66-00a0d18567a1} => Key not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
C:\Users\Owner\AppData\Local\Temp\airE81A.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\System.Data.SQLite.dll => Moved successfully.
C:\Users\Owner\AppData\Roaming\Optimizer Pro => Moved successfully.
C:\Program Files\Optimizer Pro => Moved successfully.
C:\Users\Owner\Desktop\Optimizer Pro.lnk => Moved successfully.
C:\ProgramData\CouupOnpeeak => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4220F3EA-8066-44D5-A47E-416F783F7F77} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4220F3EA-8066-44D5-A47E-416F783F7F77} => Key deleted successfully.
C:\Windows\System32\Tasks\BrowserSafeguard Update Task => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserSafeguard Update Task => Key deleted successfully.
"C:\Program Files\Browsersafeguard" => File/Directory not found.
========= ipconfig /flushdns =========

 

[Chris Pyle]

Should I go ahead and do the Zoek and start that or wait on information from you on above post?

Thank You.

 

[TwinHeadedEagle]

Proceed with Zoek

 

[Chris Pyle]

ARGH Not sure why it will not let me attach.


Zoek.exe v5.0.0.0 Updated 19-February-2014
Tool run by Owner on Thu 02/20/2014 at 13:05:30.38.
Microsoft Windows 7 Professional 6.1.7600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Owner\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
2/20/2014 1:06:40 PM Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================
C:\Users\Owner\AppData\LocalLow\{C6E35728-3F79-A250-6BE2-A5C18827E6A5} deleted
C:\Users\Owner\AppData\LocalLow\{F631CE58-C2C3-36BD-9AA1-85E313BF7604} deleted
C:\PROGRA~2\4aa68de9b027f615 deleted
C:\PROGRA~2\HTTMlConveortor deleted
C:\PROGRA~2\APN deleted
"C:\PROGRA~2\bbpnpdkhfljbgedbepkjnjopapfiheln\bbpnpdkhfljbgedbepkjnjopapfiheln.crx" deleted
"C:\PROGRA~2\bbpnpdkhfljbgedbepkjnjopapfiheln\update.xml" deleted
"C:\PROGRA~2\bbpnpdkhfljbgedbepkjnjopapfiheln" deleted
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[02/18/2014 06:19 PM]

==== Chrome Fix ======================
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b.scorecardresearch.com_0.localstorage deleted successfully
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b.scorecardresearch.com_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.com/"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.com/"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={sea...startIndex={startIndex?}&startPage={startPage}"
==== Empty IE Cache ======================
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Owner\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=9 folders=7 18559 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Owner\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Owner\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found
==== EOF on Thu 02/20/2014 at 13:17:31.24 ======================

 

[TwinHeadedEagle]

How is the situation now?

 

[Chris Pyle]

I was afraid to try it. Was not sure if we were done. Will do so right now.

Thank you

 

[Chris Pyle]

It appears Chrome is working Happy about this. Thank you!

IE seems to have an issue with web based email I get these two notices. I told Joe not to click on the 2-20-14 Untitled jpg. Second attachment.

And then this window. Clueless. First attachment.

Did we do some thing to IE to make this happen? He usually uses Chrome. Worried DL the Windows Media Player might send us back into the downward spiral of what we just cleared up.

Thank you so much.

 

[Chris Pyle]

OH Sheese DL the same picture twice. This is the other one.

 

[TwinHeadedEagle]

Can you describe more about web based mail, what was its name? About Media Player picture, it's normal...

 

[Chris Pyle]

Our internet provider provides email service on their server. Since win 7 does not have a built in email other than the Live or?? I have been having Joe use the webmail. I use thunderbird for my computer email. I just have not had time to do some thing like this for Joe. He just got this computer last month. Used. It seems to be a nice little machine. So far the problem is only in IE and since he is using Chrome now it is repaired it is not much of an issue.

Thank you so much for the help on the ads problem. I never could have done this on my own. Your directions were great for the total novice =me.

 

[TwinHeadedEagle]

I do not know how to help you. I can suggest you to contact your Internet Provider and to ask them for help. We will now delete used tools:




• The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
[size=8pt]

Remove disinfection tools

Create registry backup

Purge System Restore[/size]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

[size=7pt]The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.[/size]

 

[Chris Pyle]

Thank You I think I have it. The report is attached.