[Malware on computer isn't being detected by Malware byte]

18 minutes ago, kevinf80 said:

Do you have any remaining issues or concerns...

No, the problem with the pop up has ended entirely. Whatever was causing it seems to have been removed.

Thank you for your assistance.

[Malware on computer isn't being detected by Malware byte]

false positive*

 

[Malware on computer isn't being detected by Malware byte]

Let the program run all night and it finally finished.

here is the log.

2016-06-30 18:36:32.441    Sophos Virus Removal Tool version 2.5.5
2016-06-30 18:36:32.441    Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2016-06-30 18:36:32.442    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-06-30 18:36:32.442    Windows version 6.2 SP 0.0  build 9200 SM=0x300 PT=0x1 WOW64
2016-06-30 18:36:32.443    Checking for updates...
2016-06-30 18:36:32.472    Update progress: proxy server not available
2016-06-30 18:36:50.520    Downloading updates...
2016-06-30 18:36:50.527    Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0 
2016-06-30 18:36:50.527    Update progress: [I49502] Found supplement SAVIW32 LATEST 
2016-06-30 18:36:50.527    Update progress: [I49502] Found supplement IDE527 LATEST 
2016-06-30 18:36:50.527    Update progress: [I49502] Found supplement IDE528 LATEST 
2016-06-30 18:36:50.527    Update progress: [I49502] Found supplement IDE529 LATEST 
2016-06-30 18:36:50.527    Update progress: [I49502] Found supplement IDE530 LATEST 
2016-06-30 18:36:50.527    Update progress: [I49502] Found supplement IDE531 LATEST 
2016-06-30 18:36:50.527    Update progress: [I49502] Found supplement IDE532 LATEST 
2016-06-30 18:36:50.527    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2016-06-30 18:36:50.528    Update progress: [I19463] Syncing product SAVIW32 70
2016-06-30 18:36:58.506    Option all = no
2016-06-30 18:36:58.506    Option recurse = yes
2016-06-30 18:36:58.506    Option archive = no
2016-06-30 18:36:58.506    Option service = yes
2016-06-30 18:36:58.506    Option confirm = yes
2016-06-30 18:36:58.506    Option sxl = yes
2016-06-30 18:36:58.511    Option max-data-age = 35
2016-06-30 18:36:58.511    Option EnableSafeClean = yes
2016-06-30 18:37:12.389    Option vdl-logging = yes
2016-06-30 18:37:12.445    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-06-30 18:37:12.445    Machine ID:    8c3dd8824d724c109c41d9b4cb4e5974
2016-06-30 18:37:12.447    Component SVRTcli.exe version 2.5.5
2016-06-30 18:37:12.447    Component control.dll version 2.5.5
2016-06-30 18:37:12.447    Component SVRTservice.exe version 2.5.5
2016-06-30 18:37:12.447    Component engine\osdp.dll version 1.44.1.2250
2016-06-30 18:37:12.448    Component engine\veex.dll version 3.65.0.2250
2016-06-30 18:37:12.448    Component engine\savi.dll version 9.0.1.2250
2016-06-30 18:37:12.448    Component rkdisk.dll version 1.5.30.0
2016-06-30 18:37:12.448    Version info:    Product version    2.5.5
2016-06-30 18:37:12.451    Version info:    Detection engine    3.65.0
2016-06-30 18:37:12.451    Version info:    Detection data    5.26
2016-06-30 18:37:12.451    Version info:    Build date    4/5/2016
2016-06-30 18:37:12.451    Version info:    Data files added    552
2016-06-30 18:37:12.451    Version info:    Last successful update    (not yet updated)
2016-06-30 18:37:19.937    Update progress: [I19463] Syncing product IDE527 142
2016-06-30 18:37:37.567    Installing updates...
2016-06-30 18:37:38.774    Error level 1
2016-06-30 18:37:38.825    Update progress: [I19463] Syncing product IDE528 127
2016-06-30 18:37:38.825    Update progress: [I19463] Syncing product IDE529 135
2016-06-30 18:37:38.825    Update progress: [I19463] Syncing product IDE530 154
2016-06-30 18:37:38.825    Update progress: [I19463] Syncing product IDE531 1
2016-06-30 18:37:38.825    Update progress: [I19463] Syncing product IDE532 1
2016-06-30 18:38:06.512    Update successful
2016-06-30 18:38:44.341    Option all = no
2016-06-30 18:38:44.342    Option recurse = yes
2016-06-30 18:38:44.342    Option archive = no
2016-06-30 18:38:44.342    Option service = yes
2016-06-30 18:38:44.342    Option confirm = yes
2016-06-30 18:38:44.342    Option sxl = yes
2016-06-30 18:38:44.346    Option max-data-age = 35
2016-06-30 18:38:44.346    Option EnableSafeClean = yes
2016-06-30 18:38:44.826    Option vdl-logging = yes
2016-06-30 18:38:44.850    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-06-30 18:38:44.850    Machine ID:    8c3dd8824d724c109c41d9b4cb4e5974
2016-06-30 18:38:44.851    Component SVRTcli.exe version 2.5.5
2016-06-30 18:38:44.852    Component control.dll version 2.5.5
2016-06-30 18:38:44.852    Component SVRTservice.exe version 2.5.5
2016-06-30 18:38:44.852    Component engine\osdp.dll version 1.44.1.2250
2016-06-30 18:38:44.852    Component engine\veex.dll version 3.65.0.2250
2016-06-30 18:38:44.853    Component engine\savi.dll version 9.0.1.2250
2016-06-30 18:38:44.853    Component rkdisk.dll version 1.5.30.0
2016-06-30 18:38:44.853    Version info:    Product version    2.5.5
2016-06-30 18:38:44.856    Version info:    Detection engine    3.65.0
2016-06-30 18:38:44.856    Version info:    Detection data    5.26
2016-06-30 18:38:44.856    Version info:    Build date    4/5/2016
2016-06-30 18:38:44.856    Version info:    Data files added    552
2016-06-30 18:38:44.856    Version info:    Last successful update    6/30/2016 2:38:06 PM

2016-07-01 00:44:29.591    Could not open C:\hiberfil.sys
2016-07-01 00:44:37.434    Could not open C:\pagefile.sys
2016-07-01 01:47:28.258    Could not open C:\swapfile.sys
2016-07-01 01:47:29.882    Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-07-01 01:47:29.882    Could not open C:\System Volume Information\{4b88cab5-3c93-11e6-beb2-342387401e5c}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-07-01 01:47:29.882    Could not open C:\System Volume Information\{4b88cabe-3c93-11e6-beb2-342387401e5c}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-07-01 01:47:29.882    Could not open C:\System Volume Information\{a628a507-3eca-11e6-beb2-342387401e5c}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-07-01 01:47:29.897    Could not open C:\System Volume Information\{bcad4bbe-3eef-11e6-beb4-342387401e5c}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-07-01 01:50:15.430    Could not open C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Current Session
2016-07-01 01:50:15.431    Could not open C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
2016-07-01 02:27:57.871    >>> Virus 'Mal/Generic-S' found in file C:\Users\Alex\Downloads\Monster Hunter\ASS\Athenas ASS MH4U 1.10b\Athena's ASS MH4U 1.10b\Athena's ASS MH4U 1.10b.exe
2016-07-01 06:11:42.645    Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2016-07-01 06:11:42.645    Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2016-07-01 06:11:54.129    Could not open C:\Windows\System32\config\BBI
2016-07-01 06:11:54.677    Could not open C:\Windows\System32\config\RegBack\DEFAULT
2016-07-01 06:11:54.708    Could not open C:\Windows\System32\config\RegBack\SAM
2016-07-01 06:11:54.740    Could not open C:\Windows\System32\config\RegBack\SECURITY
2016-07-01 06:11:54.755    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2016-07-01 06:11:54.755    Could not open C:\Windows\System32\config\RegBack\SYSTEM
2016-07-01 07:03:04.850    The following items will be cleaned up:
2016-07-01 07:03:04.850    Mal/Generic-S
2016-07-01 13:54:59.375    Threat 'Mal/Generic-S' has been cleaned up.
2016-07-01 13:54:59.391    File "C:\Users\Alex\Downloads\Monster Hunter\ASS\Athenas ASS MH4U 1.10b\Athena's ASS MH4U 1.10b\Athena's ASS MH4U 1.10b.exe" belongs to malware 'Mal/Generic-S'.
2016-07-01 13:54:59.391    File "C:\Users\Alex\Downloads\Monster Hunter\ASS\Athenas ASS MH4U 1.10b\Athena's ASS MH4U 1.10b\Athena's ASS MH4U 1.10b.exe" has been cleaned up.
2016-07-01 13:54:59.391    Removal successful
2016-07-01 13:54:59.500    Contents of SafeClean bin directory:
2016-07-01 13:54:59.516    {
2016-07-01 13:54:59.516        RecordID   : "0000000000000001",
2016-07-01 13:54:59.516        ItemType   : "1",
2016-07-01 13:54:59.516        Location   : "C:\Users\Alex\Downloads\Monster Hunter\ASS\Athenas ASS MH4U 1.10b\Athena's ASS MH4U 1.10b\",
2016-07-01 13:54:59.516        FileName   : "Athena's ASS MH4U 1.10b.exe",
2016-07-01 13:54:59.516        ThreatName : "Mal/Generic-S",
2016-07-01 13:54:59.516        Checksum   : "c81cc66257564d133e35f57a74e04675f61077456f9393cf70d0fcc13e7e5757",
2016-07-01 13:54:59.516        TimeStamp  : "Fri Jul 01 09:54:50 2016"
2016-07-01 13:54:59.516    }
2016-07-01 13:55:00.328    Error level 0
 

The "Malware" it found is just a false negative. The file is just a harmless search tool.

[Malware on computer isn't being detected by Malware byte]

I see, my mistake

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/30/2016
Scan Time: 1:05 PM
Logfile: 
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.06.30.09
Rootkit Database: v2016.05.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Alex

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 344704
Time Elapsed: 41 min, 45 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

[Malware on computer isn't being detected by Malware byte]

Sorry for taking so long to reply. It seems the sophos scan is going to take a while so I'll copy and paste the results when the process is complete.

Attached the fixit log as per instructions

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-06-2016
Ran by Alex (2016-06-30 12:22:42) Run:1
Running from C:\Users\Alex\Desktop
Loaded Profiles: Alex (Available Profiles: Alex & alex_000)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
BootExecute: autocheck autochk /m /P \Device\HarddiskVolume9autocheck autochk * 
ProxyEnable: [S-1-5-21-107058814-2551184098-3884761247-1002] => Proxy is enabled.
C:\Windows\Tasks\{5F35F8A8-7B19-9BA1-EC80-416490E6C1CB}.job
C:\Users\Alex\AppData\Local\Temp\131099290231409562.exe
C:\Users\Alex\AppData\Local\Temp\131099290778443727.exe
C:\Users\Alex\AppData\Local\Temp\131115340301685216.exe
C:\Users\Alex\AppData\Local\Temp\AAMHelper.exe
C:\Users\Alex\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\Alex\AppData\Local\Temp\AstebreedTrial_up1_12.exe
C:\Users\Alex\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprbvvtc.dll
C:\Users\Alex\AppData\Local\Temp\HONEYVIEW-SETUP.EXE
C:\Users\Alex\AppData\Local\Temp\i4jdel0.exe
C:\Users\Alex\AppData\Local\Temp\mirc734.exe
C:\Users\Alex\AppData\Local\Temp\ose00001.exe
C:\Users\Alex\AppData\Local\Temp\proxy_vole6585020922986589137.dll
C:\Users\Alex\AppData\Local\Temp\proxy_vole805607060818253200.dll
C:\Users\Alex\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Alex\AppData\Local\Temp\xmlUpdater.exe
Task: {0A828B18-79CD-4B7D-B034-7EA62FEF935A} - System32\Tasks\{5F35F8A8-7B19-9BA1-EC80-416490E6C1CB} => C:\Users\Alex\AppData\Local\{3CBE0~1\UNINST~1.EXE [2013-04-29] () <==== ATTENTION
C:\Users\Alex\AppData\Local\{3CBE0~1
Task: {8ADCC82A-9D17-4263-B69F-C7BCFC271F72} - \AutoKMS -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\{5F35F8A8-7B19-9BA1-EC80-416490E6C1CB}.job => C:\Users\Alex\AppData\Local\{3CBE0~1\UNINST~1.EXE <==== ATTENTION
AlternateDataStreams: C:\Users\Alex\Documents\EXCEL MANA PROJECT.xlsx:com.dropbox.attributes [168]
RemoveProxy:
CMD: ipconfig /flushdns
EmptyTemp:
end

*****************

Restore point was successfully created.
Processes closed successfully.
hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
HKU\S-1-5-21-107058814-2551184098-3884761247-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
C:\Windows\Tasks\{5F35F8A8-7B19-9BA1-EC80-416490E6C1CB}.job => moved successfully
C:\Users\Alex\AppData\Local\Temp\131099290231409562.exe => moved successfully
C:\Users\Alex\AppData\Local\Temp\131099290778443727.exe => moved successfully
C:\Users\Alex\AppData\Local\Temp\131115340301685216.exe => moved successfully
C:\Users\Alex\AppData\Local\Temp\AAMHelper.exe => moved successfully
C:\Users\Alex\AppData\Local\Temp\AdobeApplicationManager.exe => moved successfully
C:\Users\Alex\AppData\Local\Temp\AstebreedTrial_up1_12.exe => moved successfully
C:\Users\Alex\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprbvvtc.dll => moved successfully
C:\Users\Alex\AppData\Local\Temp\HONEYVIEW-SETUP.EXE => moved successfully
C:\Users\Alex\AppData\Local\Temp\i4jdel0.exe => moved successfully
C:\Users\Alex\AppData\Local\Temp\mirc734.exe => moved successfully
C:\Users\Alex\AppData\Local\Temp\ose00001.exe => moved successfully
C:\Users\Alex\AppData\Local\Temp\proxy_vole6585020922986589137.dll => moved successfully
C:\Users\Alex\AppData\Local\Temp\proxy_vole805607060818253200.dll => moved successfully
C:\Users\Alex\AppData\Local\Temp\SkypeSetup.exe => moved successfully
C:\Users\Alex\AppData\Local\Temp\xmlUpdater.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0A828B18-79CD-4B7D-B034-7EA62FEF935A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A828B18-79CD-4B7D-B034-7EA62FEF935A}" => key removed successfully
C:\WINDOWS\System32\Tasks\{5F35F8A8-7B19-9BA1-EC80-416490E6C1CB} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5F35F8A8-7B19-9BA1-EC80-416490E6C1CB}" => key removed successfully
C:\Users\Alex\AppData\Local\{3CBE0~1 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{8ADCC82A-9D17-4263-B69F-C7BCFC271F72}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8ADCC82A-9D17-4263-B69F-C7BCFC271F72}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => key removed successfully
C:\WINDOWS\Tasks\{5F35F8A8-7B19-9BA1-EC80-416490E6C1CB}.job => not found.
C:\Users\Alex\Documents\EXCEL MANA PROJECT.xlsx => ":com.dropbox.attributes" ADS removed successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-107058814-2551184098-3884761247-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-107058814-2551184098-3884761247-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6111554 B
Java, Flash, Steam htmlcache => 58680345 B
Windows/system/drivers => 519178149 B
Edge => 0 B
Chrome => 844447682 B
Firefox => 381391676 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 258346 B
systemprofile32 => 128 B
LocalService => 12400 B
NetworkService => 5586022 B
Alex => 7731083624 B
alex_000 => 43332064 B

RecycleBin => 1062871441 B
EmptyTemp: => 9.9 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 12:36:02 ====

 

Here is the exported results from the Malware byte scan 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Update, 6/30/2016 6:01 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Remediation Database, 2016.6.16.1, 2016.6.29.1, 
Update, 6/30/2016 6:01 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Domain Database, 2016.6.20.7, 2016.6.30.1, 
Update, 6/30/2016 6:01 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, IP Database, 2016.6.20.1, 2016.6.29.2, 
Update, 6/30/2016 6:01 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Malware Database, 2016.6.20.7, 2016.6.30.5, 
Protection, 6/30/2016 6:01 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting, 
Protection, 6/30/2016 6:01 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success, 
Scan, 6/30/2016 7:02 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Start:6/30/2016 6:01 AM, Duration:1 hr 0 min 40 sec, Threat Scan, Cancelled, 0 Malware Detections, 1 Non-Malware Detection, 
Protection, 6/30/2016 7:10 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malware Protection, Starting, 
Protection, 6/30/2016 7:10 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, 
Protection, 6/30/2016 7:10 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malware Protection, Started, 
Protection, 6/30/2016 7:12 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, 
Scan, 6/30/2016 7:16 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Start:6/30/2016 7:06 AM, Duration:9 min 59 sec, Custom Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 
Update, 6/30/2016 7:33 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Malware Database, 2016.6.30.5, 2016.6.30.6, 
Protection, 6/30/2016 7:33 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting, 
Protection, 6/30/2016 7:33 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping, 
Protection, 6/30/2016 7:33 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped, 
Protection, 6/30/2016 7:41 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success, 
Protection, 6/30/2016 7:41 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, 
Protection, 6/30/2016 7:41 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, 
Scan, 6/30/2016 7:44 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Start:6/30/2016 7:21 AM, Duration:22 min 31 sec, Custom Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 
Update, 6/30/2016 8:41 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, IP Database, 2016.6.29.2, 2016.6.30.1, 
Update, 6/30/2016 8:41 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Domain Database, 2016.6.30.1, 2016.6.30.2, 
Update, 6/30/2016 8:41 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Malware Database, 2016.6.30.6, 2016.6.30.7, 
Protection, 6/30/2016 8:41 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting, 
Protection, 6/30/2016 8:41 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping, 
Protection, 6/30/2016 8:41 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped, 
Protection, 6/30/2016 8:57 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success, 
Protection, 6/30/2016 8:57 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, 
Protection, 6/30/2016 8:57 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, 
Scan, 6/30/2016 9:08 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Start:6/30/2016 7:44 AM, Duration:1 hr 24 min 17 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 
Update, 6/30/2016 9:32 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, IP Database, 2016.6.30.1, 2016.6.30.2, 
Update, 6/30/2016 9:32 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Domain Database, 2016.6.30.2, 2016.6.30.3, 
Protection, 6/30/2016 9:32 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting, 
Protection, 6/30/2016 9:32 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping, 
Protection, 6/30/2016 9:32 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped, 
Protection, 6/30/2016 9:32 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success, 
Protection, 6/30/2016 9:32 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, 
Protection, 6/30/2016 9:32 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, 
Update, 6/30/2016 10:14 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Malware Database, 2016.6.30.7, 2016.6.30.8, 
Protection, 6/30/2016 10:14 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting, 
Protection, 6/30/2016 10:14 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping, 
Protection, 6/30/2016 10:14 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped, 
Protection, 6/30/2016 10:19 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success, 
Protection, 6/30/2016 10:19 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, 
Protection, 6/30/2016 10:19 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, 
Update, 6/30/2016 10:37 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Domain Database, 2016.6.30.3, 2016.6.30.4, 
Protection, 6/30/2016 10:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting, 
Protection, 6/30/2016 10:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping, 
Protection, 6/30/2016 10:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped, 
Protection, 6/30/2016 10:38 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success, 
Protection, 6/30/2016 10:38 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, 
Protection, 6/30/2016 10:39 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, 
Update, 6/30/2016 11:27 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Domain Database, 2016.6.30.4, 2016.6.30.6, 
Protection, 6/30/2016 11:27 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting, 
Protection, 6/30/2016 11:27 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping, 
Protection, 6/30/2016 11:27 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped, 
Update, 6/30/2016 11:31 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Malware Database, 2016.6.30.8, 2016.6.30.9, 
Protection, 6/30/2016 11:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success, 
Protection, 6/30/2016 11:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, 
Protection, 6/30/2016 11:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting, 
Protection, 6/30/2016 11:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, 
Protection, 6/30/2016 11:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping, 
Protection, 6/30/2016 11:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped, 
Protection, 6/30/2016 11:38 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success, 
Protection, 6/30/2016 11:38 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, 
Protection, 6/30/2016 11:38 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, 
Scan, 6/30/2016 11:46 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Start:6/30/2016 10:14 AM, Duration:1 hr 31 min 34 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 
Protection, 6/30/2016 12:28 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malware Protection, Starting, 
Protection, 6/30/2016 12:28 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malware Protection, Started, 
Protection, 6/30/2016 12:28 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, 
Protection, 6/30/2016 12:28 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, 
Update, 6/30/2016 12:39 PM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Domain Database, 2016.6.30.6, 2016.6.30.7, 
Protection, 6/30/2016 12:39 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting, 
Protection, 6/30/2016 12:39 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping, 
Protection, 6/30/2016 12:39 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped, 
Protection, 6/30/2016 12:39 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success, 
Protection, 6/30/2016 12:39 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, 
Protection, 6/30/2016 12:39 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, 
Protection, 6/30/2016 12:58 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malware Protection, Starting, 
Protection, 6/30/2016 12:58 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malware Protection, Started, 
Protection, 6/30/2016 12:58 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, 
Protection, 6/30/2016 12:58 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, 
Update, 6/30/2016 1:36 PM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Malware Database, 2016.6.30.9, 2016.6.30.10, 
Protection, 6/30/2016 1:36 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting, 
Protection, 6/30/2016 1:36 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping, 
Protection, 6/30/2016 1:36 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped, 
Protection, 6/30/2016 1:41 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success, 
Protection, 6/30/2016 1:41 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, 
Protection, 6/30/2016 1:41 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, 
Scan, 6/30/2016 1:47 PM, SYSTEM, WINDOWS-8JNJDSM, Manual, Start:6/30/2016 1:05 PM, Duration:41 min 45 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 
Protection, 6/30/2016 2:24 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malware Protection, Starting, 
Protection, 6/30/2016 2:24 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malware Protection, Started, 
Protection, 6/30/2016 2:24 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, 
Protection, 6/30/2016 2:24 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, 
Update, 6/30/2016 4:35 PM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Domain Database, 2016.6.30.7, 2016.6.30.8, 
Update, 6/30/2016 4:35 PM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Malware Database, 2016.6.30.10, 2016.6.30.11, 
Protection, 6/30/2016 4:35 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting, 
Protection, 6/30/2016 4:35 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping, 
Protection, 6/30/2016 4:35 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped, 
Protection, 6/30/2016 4:41 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success, 
Protection, 6/30/2016 4:41 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, 
Protection, 6/30/2016 4:41 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, 

(end)

 

And here is the AdwCleaner(C*)-Notepad log

 

 

# AdwCleaner v5.200 - Logfile created 30/06/2016 at 14:22:07
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-30.2 [Server]
# Operating system : Windows 8.1  (X64)
# Username : Alex - WINDOWS-8JNJDSM
# Running from : C:\Users\Alex\Desktop\AdwCleaner.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Alex\AppData\Local\jZip

***** [ Files ] *****

[-] File Deleted : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\bald2n12.default\searchplugins\Search Provided by Bing.xml

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Value Deleted : HKLM\SOFTWARE\RegisteredApplications [jZip]
[-] Key Deleted : HKCU\Software\jZip

***** [ Web browsers ] *****

[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bahkljhhdeciiaodlkppoonappfnheoi
[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxps://search.yahoo.com/?type=903578&fr=spigot-yhp-ch

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1305 bytes] - [30/06/2016 14:22:07]
C:\AdwCleaner\AdwCleaner[S1].txt - [1409 bytes] - [30/06/2016 14:13:18]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1451 bytes] ##########

 

Some time before you posted your instructions I used task manager to close the pop up because at that point it became impossible to type up responses. After the multiple reboots I have yet to see it reapear 
 

 

Fixlog.txt

AdwCleaner[C1].txt

[Malware on computer isn't being detected by Malware byte]

I think those are the complete files

[Malware on computer isn't being detected by Malware byte]

Addition.txt

[Malware on computer isn't being detected by Malware byte]

FRST.txt

[Malware on computer isn't being detected by Malware byte]

Done.

the farbar tool was acting strangely so I restarted it. It would open the txt files and start the process over again. I will post again when it completes.

[Malware on computer isn't being detected by Malware byte]

The Farbar program seems to still be running even after it opened the txt file. So my guess is that it won't truly be complete until the process is over? I'll wait until that finishes and then I'll repost it.

How do I locate and stop  the illegal hack from running? I don't know what it is.

[Malware on computer isn't being detected by Malware byte]

Here is a picture

[Malware on computer isn't being detected by Malware byte]

I have an very annoying window popping up on my computer asking me to update yahoo and install chromium. I ran malware byte but the scan results show nothing. using task manager I found the program running from a folder called syswow64 purchased the full version of malware byte and did a custom scan on that specific location and still nothing was found. I followed the I'm infected guide on this forum and made the post you see now. Please help as soon as possible the window won't stop appearing over everything i do and it makes it extremely difficult to do anything (it's popping up as i type this message out).

Addition.txt

FRST.txt