Please help me get rid of these Pop-ups on chrome

Please see attached. It opens ads, and it also adds links, which when you have, lead to other ads. I have no extensions, if I use adwcleaner_5.003.exe, it goes away until I reboot. There is nothing in my program files.

I am at my wits end, can someone help?? Thanks!

If it helps, I'll run adwcleaner and tell you what it's finding.
popups.jpg
Melody ScottAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

strungCommented:
Does this happen on all websites or just some particular ones?
Thomas Zucker-ScharffSolution GuideCommented:
JohnBusiness Consultant (Owner)Commented:
Download, install and run Process Explorer from Microsoft. Look under Explorer for strange (alphanumeric) processes. Look elsewhere for strange processes. Kill strange processes, exit but do NOT restart. Now run Malwarebytes to get rid of the malware.
Need More Insight Into What’s Killing Your Network

Flow data analysis from SolarWinds NetFlow Traffic Analyzer (NTA), along with Network Performance Monitor (NPM), can give you deeper visibility into your network’s traffic.

Melody ScottAuthor Commented:
it happens on all websites but only on chrome. I'll look at both the suggestions, thanks!
JohnBusiness Consultant (Owner)Commented:
Process Explorer is not browser dependent but will help you find active processes.
strungCommented:
Have you tried uninstalling and re-installing Chrome?

Also, it might help if you ran Adcleaner and told us what it is finding, as you suggested earlier.
Melody ScottAuthor Commented:
it happens on all websites but only on chrome. I'll look at both the suggestions, thanks! I did try uninstalling and reinstalling chrome, it didn't help.

Right now I scanning rootkits with malwarebytes, and I'll get back to you! I'll look at all the other suggestions if this one doesn't work.
Thomas Zucker-ScharffSolution GuideCommented:
You might try chameleon by MBAM. Run the svchosts file located in the chameleon directory.  This will kill known rogue processes, and then update mbam and run a scan.
magodeoz2Sys AdminCommented:
Look at the extensions of Chrome if you have something bad... Otherwise you can test some add blocker like uBlock or Adblock.
Melody ScottAuthor Commented:
Hi, It looks like it actually only happens on ecommerce sites, and only on chrome. Not every site as I stated earlier.
strungCommented:
Any messages from Adblocker?
Melody ScottAuthor Commented:
I'm running it now. I'll post them shortly. Yesterday I went to the file, C:/users/ etc and deleted the two files it mentioned, but that didn't help.
Melody ScottAuthor Commented:
I have something in the registry called tiramisu. I can't find anything about it, can you? I'm attaching a screenshot.
Capture.JPG
JohnBusiness Consultant (Owner)Commented:
Here is a Bit Defender thread on this virus

http://forum.bitdefender.com/index.php?showtopic=31617

Did you try Process Explorer and then Malwarebytes?
Melody ScottAuthor Commented:
Here's what adclean has, all other tabs were empty.
adclean
strungCommented:
You could try deleting those four files.
Melody ScottAuthor Commented:
I did that yesterday, then rebooted. I got the same ads back. On non-ecommerce sites, they will often open new tabs when I click on links.

I have to go to work, so I'll look at all the advice again later, thanks, everyone!
Thomas Zucker-ScharffSolution GuideCommented:
Could you post the results from the antirootkit apps you ran?  Did you run Chameleon's svchosts file?
Melody ScottAuthor Commented:
I only ran malwarebytes for rootkit. I'll see if I can find the log file.
Melody ScottAuthor Commented:
It found nothing:
Scan Date: 8/26/2015
Scan Time: 5:00 PM
Logfile: malware.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.08.26.09
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Mel

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 421969
Time Elapsed: 1 hr, 1 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)  I will try that svchost file.
JohnBusiness Consultant (Owner)Commented:
For rootkits, I suggest TDS Killer from Kaspersky.
Melody ScottAuthor Commented:
I'm running mbam killer now.
Melody ScottAuthor Commented:
Hi, I ran the highlighted items here, with no change.
Capture.JPG
Thomas Zucker-ScharffSolution GuideCommented:
Try John's suggestion - TDSS Killer from Kaspersky.  And try at least 2 others from the article I wrote reviewing antirootkit software.
Melody ScottAuthor Commented:
OK, thanks, will do. :)
Melody ScottAuthor Commented:
OK, I ran TDSS Killer, and it says, "no threat found". I'll try
RootkitRevealer .
Melody ScottAuthor Commented:
I'm using GMER, it is taking hours to do the scan. I'll copy the report when it'd done and upload it here.  http://www.gmer.net/#start
Melody ScottAuthor Commented:
Here's the output of GMER. I had it set to search everything, including ads. I hope it's helpful!
gmer-output.txt
JohnBusiness Consultant (Owner)Commented:
At some point, the operating system here is so badly damaged from viruses that it may be faster to back it up, format, and reinstall Windows.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Thomas Zucker-ScharffSolution GuideCommented:
What John said. :-/
Melody ScottAuthor Commented:
Is that because of that output? I don't really see any others, only on that one browser.
strungCommented:
Can you send us a URL for some  of the sites that causes the popup? It might be the website and not your browser. Does it happen when you click on a particular link on particular page?
Melody ScottAuthor Commented:
Sure: http://www.magickitchen.com/, https://www.amazon.com/gp/gw/ajax/s.html, (It seems to be what amazon gets redirected to), On macys.com it opens another window to an ad by ecommercelads.com, http://www.ebay.com.

Doesn't sound like all those big sites would have the issue. :)
strungCommented:
I agree. Those big sites are not likely to have a problem.
Melody ScottAuthor Commented:
So, is my next step getting someone to wipe my laptop and reinstall windows 7? Wonder if I can even still get windows 7?
JohnBusiness Consultant (Owner)Commented:
How did you have Windows 7 in the first place?   Yes, you can still purchase Windows 7 if you need to.
Melody ScottAuthor Commented:
I'll have to have someone do this, I don't have the expertise. I like windows 7! :)
JohnBusiness Consultant (Owner)Commented:
Thanks.  Look up a local computer shop or two and see if you can find someone you like.

Get some good counsel from them. If your computer is up to, have them install Windows 10 Pro. I am sure you can adapt to it an like it.
Thomas Zucker-ScharffSolution GuideCommented:
Agree, try windows 10 if the computer can handle it.
Melody ScottAuthor Commented:
I think I've discovered the problem. I have an extension, Screen Capture, that says it is "Installed by enterprise policy"-it's greyed out so that I can't disable or delete it.

I found this page and followed the instructions: https://www.pcrisk.com/computer-technician-blog/general-information/7734-remove-chrome-extension-installed-by-enterprise-policy

And that extension is gone. So far, no ads!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Spyware

From novice to tech pro — start learning today.