Unwanted advertisements in browser

I keep getting advertisements even after running programs: rkill, malwarebytes, adwcleaner, malware junk removal tool, hitmanpro. Here is the FRST:

 

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

ATTENTION: System Restore is disabled
Turn System Restore On for Drives in Windows 10
http://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html
===

Press the windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 

start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-583132838-3792314683-1425707835-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shdefault1&prd=smw&pid=s&shr=d&q={searchTerms}&s=g8szftpbl0cshmobu,5bf8b142-b597-491a-bc07-b1bd1d2fed9b,
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Extension: (Chrome Web Store Payments) - C:\Users\lukew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-15]
Task: {1846F701-73E7-4028-AD11-FD29DD42DD82} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\lukew\Downloads\FRST64.exe:BDU [0]
FirewallRules: [{E112962A-3272-4A57-A469-D0656C8ABB12}] => (Allow) C:\Users\lukew\AppData\Local\ddnowyes4.exe
FirewallRules: [{92CE08BC-8238-4E9C-B969-2D24A80643FC}] => (Allow) C:\Users\lukew\AppData\Local\Temp\installer1.exe
FirewallRules: [{A812039A-8073-4AFA-AEA0-07BA0ED51151}] => (Allow) C:\Users\lukew\AppData\Local\58574597.exe
FirewallRules: [{867E126E-D852-4CA7-A911-F67D26CF322E}] => (Allow) C:\Users\lukew\AppData\Local\tinstall4.exe
C:\Users\lukew\AppData\Local\ddnowyes4.exe
C:\Users\lukew\AppData\Local\Temp\installer1.exe
C:\Users\lukew\AppData\Local\58574597.exe
C:\Users\lukew\AppData\Local\tinstall4.exe

End

Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

CHR dev: Chrome dev build detected! <======= ATTENTION

Your copy of Chrome has been compromised

Re-install Chrome

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants.

Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

Re-install Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>


Please post the Fixlog.txt log and let me knoiw what problem persists.

Hi,

 

I ran the fixlog and reinstalled chrome. I am still having advertisements pop up. Thanks for your help!

 

--RogueKiller--

• Download & SAVE to your Desktop Download RogueKiller
• Quit all programs that you may have started.
• Please disconnect any USB or external drives from the computer before you run this scan!
• For Vista or above, right-click the program file and select "Run as Administrator"
• Accept the user agreements.
• Execute the scan and wait until it has finished.
• If a Windows opens to explain what [PUM's] are, read about it.
• Click the RoguKiller icon on your taksbar to return to the report.
• Click open the Report
• Click Export TXT button
• Save the file as ReportRogue.txt
• Click the Remove button to delete the items in RED
• Click Finish and close the program.
• Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.

=======

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:

createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b

Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

Looking good.

The hosts file is ok.

Read about the hosts file.
http://winhelp2002.mvps.org/hosts.htm

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.