Keep getting sponsored links and popups

I keep getting sponsored links throughout web pages. Also getting popups have ran all the scans and it still continues here's my log any help would be appreciated!

 

Do you know what this is:
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CC911A.local
O17 - HKLM\Software\..\Telephony: DomainName = CC911A.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF629DF8-11EF-4074-A023-49ECB299317B}: NameServer = 192.168.1.4
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CC911A.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = CC911A.local

Download
- Pocket Killbox
- L2MeFix Tool
- ExplorerXP

Please move the L2MeFix Tool to your Desktop and DoubleClick l2mfix.exe.
Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix Folder on your Desktop.

DoubleClick l2mfix.bat and type 2 and ENTER to select option #2 for Run Fix. Then, press any key to Reboot your machine.

Your computer will go crazy for a bit, but just let it run. It should eventually spit out a log in Notepad. Please also attach this log to your message.

Download the following file, after download is complete run the uninstaller. When uninstall is complete reboot to normal mode and procede with the below steps, I would like to check something.

Download Uninstaller


First, please run Panda Online Scan. After the scan attach the log to your next post. Also please follow the below:

1 - Please EXTRACT all files from Qoologic Tool to its own folder - C:\Program Files\QoologicFinder . Then, DoubleClick Find-Qoologic.bat to run the tool. It should produce a log - Please attach that with your next post!

2 - Please EXTRACT all the files form RKFiles Tool to its own folder named C:\Program Files\RKTOOL. Then, Please boot to SAFE MODE and DoubleClick rkfiles.bat to run the tool. Let it run and then, when it finishes, look for a log at C:\Log.txt and please attach that log.


Now come back here and post all three logs as attachments and a fresh HJT log. You will have to do 2 posts to post all 4 logs.

 

Yes that is my domain and dns server address

 

logs

 

other logs

 

Panda scan log

 

In HJT Choose Open the Misc Tools Section choose Process Manager, Highlight:

Choose Kill Process

Now scan and have HJT Fix the following:

Now run Pocket Killbox:
Choose Tools > Delete Temp Files and click OK.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE open Windows Explorer navigate to and DELETE the following:

Reboot post a new HJT log.

 

Here is new HJT log after I did what you asked.

 

Your log looks good. Are you have any more issues.

 

No other problems, thank you for your help.

 

You are Welcome.