Please help me get rid of these Pop-ups on chrome

Please see attached. It opens ads, and it also adds links, which when you have, lead to other ads. I have no extensions, if I use adwcleaner_5.003.exe, it goes away until I reboot. There is nothing in my program files.

I am at my wits end, can someone help?? Thanks!

If it helps, I'll run adwcleaner and tell you what it's finding.
popups.jpg
mel200Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

strungCommented:
Does this happen on all websites or just some particular ones?
0
Thomas Zucker-ScharffSolution GuideCommented:
0
JohnBusiness Consultant (Owner)Commented:
Download, install and run Process Explorer from Microsoft. Look under Explorer for strange (alphanumeric) processes. Look elsewhere for strange processes. Kill strange processes, exit but do NOT restart. Now run Malwarebytes to get rid of the malware.
0
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

mel200Author Commented:
it happens on all websites but only on chrome. I'll look at both the suggestions, thanks!
0
JohnBusiness Consultant (Owner)Commented:
Process Explorer is not browser dependent but will help you find active processes.
0
strungCommented:
Have you tried uninstalling and re-installing Chrome?

Also, it might help if you ran Adcleaner and told us what it is finding, as you suggested earlier.
0
mel200Author Commented:
it happens on all websites but only on chrome. I'll look at both the suggestions, thanks! I did try uninstalling and reinstalling chrome, it didn't help.

Right now I scanning rootkits with malwarebytes, and I'll get back to you! I'll look at all the other suggestions if this one doesn't work.
0
Thomas Zucker-ScharffSolution GuideCommented:
You might try chameleon by MBAM. Run the svchosts file located in the chameleon directory.  This will kill known rogue processes, and then update mbam and run a scan.
0
magodeoz2Commented:
Look at the extensions of Chrome if you have something bad... Otherwise you can test some add blocker like uBlock or Adblock.
0
mel200Author Commented:
Hi, It looks like it actually only happens on ecommerce sites, and only on chrome. Not every site as I stated earlier.
0
strungCommented:
Any messages from Adblocker?
0
mel200Author Commented:
I'm running it now. I'll post them shortly. Yesterday I went to the file, C:/users/ etc and deleted the two files it mentioned, but that didn't help.
0
mel200Author Commented:
I have something in the registry called tiramisu. I can't find anything about it, can you? I'm attaching a screenshot.
Capture.JPG
0
JohnBusiness Consultant (Owner)Commented:
Here is a Bit Defender thread on this virus

http://forum.bitdefender.com/index.php?showtopic=31617

Did you try Process Explorer and then Malwarebytes?
0
mel200Author Commented:
Here's what adclean has, all other tabs were empty.
adclean
0
strungCommented:
You could try deleting those four files.
0
mel200Author Commented:
I did that yesterday, then rebooted. I got the same ads back. On non-ecommerce sites, they will often open new tabs when I click on links.

I have to go to work, so I'll look at all the advice again later, thanks, everyone!
0
Thomas Zucker-ScharffSolution GuideCommented:
Could you post the results from the antirootkit apps you ran?  Did you run Chameleon's svchosts file?
0
mel200Author Commented:
I only ran malwarebytes for rootkit. I'll see if I can find the log file.
0
mel200Author Commented:
It found nothing:
Scan Date: 8/26/2015
Scan Time: 5:00 PM
Logfile: malware.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.08.26.09
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Mel

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 421969
Time Elapsed: 1 hr, 1 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)  I will try that svchost file.
0
JohnBusiness Consultant (Owner)Commented:
For rootkits, I suggest TDS Killer from Kaspersky.
0
mel200Author Commented:
I'm running mbam killer now.
0
mel200Author Commented:
Hi, I ran the highlighted items here, with no change.
Capture.JPG
0
Thomas Zucker-ScharffSolution GuideCommented:
Try John's suggestion - TDSS Killer from Kaspersky.  And try at least 2 others from the article I wrote reviewing antirootkit software.
0
mel200Author Commented:
OK, thanks, will do. :)
0
mel200Author Commented:
OK, I ran TDSS Killer, and it says, "no threat found". I'll try
RootkitRevealer .
0
mel200Author Commented:
I'm using GMER, it is taking hours to do the scan. I'll copy the report when it'd done and upload it here.  http://www.gmer.net/#start
0
mel200Author Commented:
Here's the output of GMER. I had it set to search everything, including ads. I hope it's helpful!
gmer-output.txt
0
JohnBusiness Consultant (Owner)Commented:
At some point, the operating system here is so badly damaged from viruses that it may be faster to back it up, format, and reinstall Windows.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Thomas Zucker-ScharffSolution GuideCommented:
What John said. :-/
0
mel200Author Commented:
Is that because of that output? I don't really see any others, only on that one browser.
0
strungCommented:
Can you send us a URL for some  of the sites that causes the popup? It might be the website and not your browser. Does it happen when you click on a particular link on particular page?
0
mel200Author Commented:
Sure: http://www.magickitchen.com/, https://www.amazon.com/gp/gw/ajax/s.html, (It seems to be what amazon gets redirected to), On macys.com it opens another window to an ad by ecommercelads.com, http://www.ebay.com.

Doesn't sound like all those big sites would have the issue. :)
0
strungCommented:
I agree. Those big sites are not likely to have a problem.
0
mel200Author Commented:
So, is my next step getting someone to wipe my laptop and reinstall windows 7? Wonder if I can even still get windows 7?
0
JohnBusiness Consultant (Owner)Commented:
How did you have Windows 7 in the first place?   Yes, you can still purchase Windows 7 if you need to.
0
mel200Author Commented:
I'll have to have someone do this, I don't have the expertise. I like windows 7! :)
0
JohnBusiness Consultant (Owner)Commented:
Thanks.  Look up a local computer shop or two and see if you can find someone you like.

Get some good counsel from them. If your computer is up to, have them install Windows 10 Pro. I am sure you can adapt to it an like it.
0
Thomas Zucker-ScharffSolution GuideCommented:
Agree, try windows 10 if the computer can handle it.
0
mel200Author Commented:
I think I've discovered the problem. I have an extension, Screen Capture, that says it is "Installed by enterprise policy"-it's greyed out so that I can't disable or delete it.

I found this page and followed the instructions: https://www.pcrisk.com/computer-technician-blog/general-information/7734-remove-chrome-extension-installed-by-enterprise-policy

And that extension is gone. So far, no ads!
2
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Spyware

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.