'Offers4U' banners have come back

Sorry but I will need fresh FRST logs to see what is going on.  This particular piece of adware is still being modified as the removalists work to clean it out of the Internet.

Please download Farbar Recovery Scan Tool 64bit and save it to your Desktop.

Place FRST64.exe onto your desktop from where ever it downloaded to. IF IT IS NOT ON THE DESKTOP (YOU DID NOT DOWNLOAD DIRECTLY TO DESKTOP), THEN RIGHT CLICK ON THE DOWNLOADED FILE AND SELECT CUT. FIND A BLANK SPOT ON YOUR DESKTOP AND RIGHT CLICK ON IT, SELECT PASTE AND THE FILE WILL BE ON THE DESKTOP. Thank You (this is very important later on)!

Start FRST64 that is on your Desktop by right clicking on it and selecting "Run as Administrator..." .

The tool will start to run.
When the tool opens click Yes to disclaimer. (if it does)
Press Scan button.

It will make two logs (FRST.txt and addition.txt) on your Desktop. Please attach the logs in your reply back. Or open the logs in notepad and copy the logs and paste back in a message as a reply. (Ask if you don't know how to do either of these).

Notes:

If your Security software blocks the running or download of FRST / FRST64, please disable the security software or make an exception for this file. FRST is updated very frequently and is safe to run but because of the frequent changes (to keep up with newest malware techniques) most Security Software does not approve of the unknown file.

Right now the forum will not allow one to attach the Addition.txt file so please use wikisend.com or pastebin.com to upload the file and then post the download link here in your reply post.

You got to get rid of Pokki. They get part of their income from ads and other things. I would suggest ClassicShell ; it is free and actually adds some features back that MS removed from Win8 / 8.1 menus.


Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Pokki Start Menu

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.

Never hesitate to ask questions until you understand. Only way to learn new information.

Yes, your system can operate without Pokki or ClassicShell but you will have the native Win8.1 Start Menu and a lot of people found that Menu so different from the XP / Vista / Win7 Start Menu that it really hindered their ability to use their system. The choice is up to you.

Let's skip the Pokki thing for now and see if we can fix the adware first.

Download zoek.exe from here: Zoek.exe at Bleepingcomputer

[/font][/b][/a] or here you can read a manual how to disable your security applications.)
Doubleclick zoek.exe to start the program.
Copy and paste the following script in the code box:
Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar :!:


createsrpoint;
autoclean;
chrdefaults;
FFdefaults;
bitsadmin /reset /allusers >>"%temp%\log.txt";b
emptyalltemp;
resetIEproxy;
ipconfig /flushdns >>"%temp%\log.txt";b


Close any open browsers.
Click the "Run script" button and wait patiently.
When finished the logfile will be opened in notepad.
If a reboot is needed the logfile will be opened after reboot.
The zoek-results.log can also be found on your system drive.
Please post the logfile for further review in your next comment.[/ul]