Constant MB popup blocking outbound connection after malware removal

[ImagoX]

I'm using Win7 64-bit and recently had the misfortune to run across the dread SearchProtect browser hijack. I used Malwarebytes to quarantine about 2 dozen files, all associated with the hijack, then did the following:

 

• Uninstalled SearchProtect, Conduit, and everything else associated with the malware
• Deleted all app files in "C:\Program Files (x86)" associated with SearchProtect
• Deleted the entire contents of the "AppData\Temp" folder (using Safe Mode)
• Reset both installed browsers (IE and Chrome) to remove reset homepage
• Re-ran Malwarebytes scan, which came up clean

Problem is, I'm STILL getting the constant popup that MB is blocking an outbound connection attempt. When I look in AppData\Temp, I can see a newly-created folder that houses the file that's trying to call out. The call out happens even when Chrome and IE are NOT running (verified by using Process Explorer to make sure neither executable is active), so I think it's not using the browser to try and "call home". A screenshot of the popup and the AppData\Temp folder is in the thread's Attachments.

 

 

I then tried the Malwarebytes Root Kit beta (suggested in another thread), but to run it I will have to completely stop MB, which is currently blocking the call out and I don't want that to happen.

 

Next, I followed the advice in other threads, and downloaded then run FarBar as well as TDSSKiller with the suggested add-on configs enabled - all 3 log files are attached to this post. At this point MB is giving me a clean bill of health, but the popup remains so SOMETHING is embedded - I just can't figure out what.

 

What are the next steps please? Thanks a million in advance for assistance!

Addition.txt

FRST.txt

TDSSKiller.3.0.0.41_11.12.2014_11.17.52_log.txt

[ImagoX]

UPDATE:

 

This was being caused by my VPN service (Private Internet Access or PIA)  - for some reason, MB thought PIA was going out to a malicious site after it detected Conduit. To be safe, I uninstalled PIA and reinstalled clean and the popup has gone away. 

[Valinorum]

Has the issue been resolved?

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!