Chrome extension will not go away

[REDACTED]

Here is a better screenshot of the Error at boot.

[essexboy]

Sounds like a hard drive problem that nay be cured by running chkdsk

But first

Could you now run AdwCleaner

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
  
• Click on Scan.
  
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S0].txt as well.
  

[REDACTED]

I'm sending her log from my computer because I can not get online with hers now.
Please advise.  Thank you.

[essexboy]

Hmm a lot of snake oil programmes there

Run this fix as it will reset the network connections

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKU\S-1-5-21-2446882483-999373319-3632143801-1003\...\Winlogon: [Shell] - <==== ATTENTION
ProxyServer: [S-1-5-21-2446882483-999373319-3632143801-1003] => localhost:21320
SearchScopes: HKU\.DEFAULT -> {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} URL = hxxp://www.dnsbasic.com/?prt=DNSBASIC111&sp=&keywords={searchTerms}
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
CHR Extension: (Dealz) - C:\Users\Eraina Smith\AppData\Local\Google\Chrome\User Data\Default\Extensions\bghejdcdajlenjngcknlkkoakmmjfanb [2015-10-27]
CHR Extension: (Dealz) - C:\Users\Eraina Smith\AppData\Local\Google\Chrome\User Data\Default\Extensions\manaobgbdfpjjjnheogfghmjbikhjnlf [2015-10-28]
Task: {42E66589-B926-4B06-959B-089E4C255826} - System32\Tasks\{BD12E89E-CEC1-40B7-8446-B4C2D721D5D5} => pcalua.exe -a "C:\Users\Eraina.Eraina-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CMKV1ETG\setupconsumerc2rolw.exe" -d C:\Users\Eraina.Eraina-PC\Desktop
Task: {72C41E91-5F66-4DCB-BF6F-B72ACF50864C} - \GoogleUpdateTaskUserS-1-5-21-2446882483-999373319-3632143801-1000Core -> No File <==== ATTENTION
Task: {8EB2C692-DAE3-4C17-9417-D5F18FF501E0} - \AmiUpdXp -> No File <==== ATTENTION
Task: {8EEC855C-B7D1-42F5-9193-E37B3CCD93B2} - System32\Tasks\{CB0991F9-094D-4148-AB85-904EC17DDF89} => pcalua.exe -a "C:\Users\Eraina Smith\Downloads\setupconsumerc2rolw.exe" -d "C:\Users\Eraina Smith\Downloads"
Task: {A0A88DD2-ECE9-4A70-8CBD-6FC9B523C5C8} - \GoogleUpdateTaskUserS-1-5-21-2446882483-999373319-3632143801-1000UA -> No File <==== ATTENTION
Task: {AF4AB1B6-DCD7-45ED-B53E-A47BEF157920} - System32\Tasks\DPCPHH1 => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: {CB4A2CA0-F58F-4647-8611-6AB7B5862A19} - System32\Tasks\4788 => Wscript.exe C:\Users\ERAINA~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {DD24C05E-9B3D-4E8A-A1C3-B2D2535452A4} - \Test TimeTrigger -> No File <==== ATTENTION
Task: C:\Windows\Tasks\DPCPHH1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
C:\ProgramData\FlashBeat
R2 vseamps; C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe [121696 2012-08-24] (Commtouch, Inc.)
R2 vsedsps; C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe [119136 2012-08-24] (Commtouch, Inc.)
S3 vseqrts; C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe [181600 2012-08-24] (Commtouch, Inc.)
R2 AMP; C:\Windows\system32\Drivers\amp.sys [173408 2012-08-24] (Commtouch, Inc.)
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

[REDACTED]

Thank you, I am running the fix now, hope it doesn't not respond like before.  I will post the log when it is finished.  Yes, she has grandchildren at her house.  I told her to change her password so they can not get on her computer and to NEVER LET THEM DOWNLOAD things again. 

[REDACTED]

Attached is the fixlog file.  Would you like me to reboot her machine now?

[essexboy]

It does not appear to have done the net reset, are the temp folders really full ?  As that would stop FRST from completing

We will just do the network reset this time, reboot on completion 

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

[REDACTED]

Fixlog.txt attached.

[REDACTED]

When she reboots after we did the last FRST (log already attached) this comes up and asks if we want to allow the net-session client.  I wasn't sure so I canceled and she is still unable to get onto the internet although her network says it is working and connected. Error says remote is not set up to accept the connection.  See attachments please.  Once again, thank you so much for helping.

[essexboy]

Looks to be the router that is denying the connection for some reason

Run this fix and reboot then temporarily allow akami and see if that allows a connection

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AMP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AMPSE => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventSystem => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseamps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vsedsps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseqrts => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AMP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AMPSE => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell => "DisplayName"="Dell Tech Concierge"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell => "ErrorControl"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell => "ImagePath"="C:\Program Files (x86)\Dell\Tech Concierge\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell => "Start"="2"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell => "Type"="272"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell\Parameters => "Application"="C:\Program Files (x86)\Dell\Tech Concierge\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell\Parameters => "AppParameters"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Tech Concierge => "DisplayName"="Dell"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Tech Concierge => "ErrorControl"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Tech Concierge => "ImagePath"="C:\Program Files\Dell\Tech Concierge\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Tech Concierge => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Tech Concierge => "Start"="2"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Tech Concierge => "Type"="272"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Tech Concierge\Parameters => "Application"="C:\Program Files\Dell\Tech Concierge\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Tech Concierge\Parameters => "AppParameters"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DTCSVC => "DisplayName"="Dell"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DTCSVC => "ErrorControl"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DTCSVC => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DTCSVC => "Start"="2"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DTCSVC => "Type"="272"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DTCSVC\Parameters => "AppParameters"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventSystem => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HandsFree Client => "DisplayName"="HandsFree Client"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HandsFree Client => "ErrorControl"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HandsFree Client => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HandsFree Client => "Start"="2"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HandsFree Client => "Type"="272"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HandsFree Client\Parameters => "AppParameters"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vseamps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsedsps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vseqrts => ""="Service"
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

[REDACTED]

Should I turn on her antivirus now and try to get online?  Do I need to run the AdwClean again?  Will wait for your reply.  I appreciate all your help.  You are wonderful and thank you.

[essexboy]

Yep turn it all on and see if you can get online

[REDACTED]

Yes she is back online but the Dealz extension is still there and I'm getting a threat has been detected as in the screenshot attached.

[essexboy]

Is chrome set to synch ?  If so then everytime you go on line it will return

Re-run adwcleaner please and then follow with this second shot

Please download Junkware Removal Tool to your desktop.

• Right-mouse click JRT.exe and select "Run as Administrator" the tool will open and start scanning your system
• please be patient as this can take a while to complete depending on your system's specifications
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• post the contents of JRT.txt into your next message.

[REDACTED]

How do I turn sync off for Chrome?