Malware on computer isn't being detected by Malware byte

[skullpatch]

I have an very annoying window popping up on my computer asking me to update yahoo and install chromium. I ran malware byte but the scan results show nothing. using task manager I found the program running from a folder called syswow64 purchased the full version of malware byte and did a custom scan on that specific location and still nothing was found. I followed the I'm infected guide on this forum and made the post you see now. Please help as soon as possible the window won't stop appearing over everything i do and it makes it extremely difficult to do anything (it's popping up as i type this message out).

Addition.txt

FRST.txt

[skullpatch]

Here is a picture

[kevinf80]

The main log FRST.txt is not complete, can you re-post. Also there is an illegal hack running, please ensure all illegal entries are removed from your system or you will be in breach of forum protocol....

Please read forum policy with regard to Piracy Thank you, Kevin

 

[skullpatch]

The Farbar program seems to still be running even after it opened the txt file. So my guess is that it won't truly be complete until the process is over? I'll wait until that finishes and then I'll repost it.

How do I locate and stop  the illegal hack from running? I don't know what it is.

[kevinf80]

The hack is running from the Hosts file, you will need to reset that to default...

[skullpatch]

Done.

the farbar tool was acting strangely so I restarted it. It would open the txt files and start the process over again. I will post again when it completes.

[skullpatch]

FRST.txt

[skullpatch]

Addition.txt

[skullpatch]

I think those are the complete files

[kevinf80]

Thanks for the logs, continue as follows: Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Please open Malwarebytes Anti-Malware.   On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits". Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button. A Threat Scan will begin. When the scan is complete Apply Actions to any found entries. Wait for the prompt to restart the computer to appear (if applicable), then click on Yes. After the restart once you are back at your desktop, open MBAM once more. To get the log from Malwarebytes do the following:   Click on the History tab > Application Logs. Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have three options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply   Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Next, Download AdwCleaner by Xplode onto your Desktop.   Double click on Adwcleaner.exe to run the tool. Click on the Scan in the Actions box Please wait fot the scan to finish.. When "Waiting for action.Please uncheck elements you want to keep" shows in top line.. Click on the Cleaning box. Next click OK on the "Closing Programs" pop up box. Click OK on the Information box & again OK to allow the necessary reboot After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed... Next, Download Sophos Free Virus Removal Tool and save it to your desktop.   Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result.... Let me see those logs, also give an update on any remaining issues or concerns... Thank you, Kevin....

Fixlist.txt

[skullpatch]

Sorry for taking so long to reply. It seems the sophos scan is going to take a while so I'll copy and paste the results when the process is complete.

Attached the fixit log as per instructions

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-06-2016
Ran by Alex (2016-06-30 12:22:42) Run:1
Running from C:\Users\Alex\Desktop
Loaded Profiles: Alex (Available Profiles: Alex & alex_000)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
BootExecute: autocheck autochk /m /P \Device\HarddiskVolume9autocheck autochk * 
ProxyEnable: [S-1-5-21-107058814-2551184098-3884761247-1002] => Proxy is enabled.
C:\Windows\Tasks\{5F35F8A8-7B19-9BA1-EC80-416490E6C1CB}.job
C:\Users\Alex\AppData\Local\Temp\131099290231409562.exe
C:\Users\Alex\AppData\Local\Temp\131099290778443727.exe
C:\Users\Alex\AppData\Local\Temp\131115340301685216.exe
C:\Users\Alex\AppData\Local\Temp\AAMHelper.exe
C:\Users\Alex\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\Alex\AppData\Local\Temp\AstebreedTrial_up1_12.exe
C:\Users\Alex\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprbvvtc.dll
C:\Users\Alex\AppData\Local\Temp\HONEYVIEW-SETUP.EXE
C:\Users\Alex\AppData\Local\Temp\i4jdel0.exe
C:\Users\Alex\AppData\Local\Temp\mirc734.exe
C:\Users\Alex\AppData\Local\Temp\ose00001.exe
C:\Users\Alex\AppData\Local\Temp\proxy_vole6585020922986589137.dll
C:\Users\Alex\AppData\Local\Temp\proxy_vole805607060818253200.dll
C:\Users\Alex\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Alex\AppData\Local\Temp\xmlUpdater.exe
Task: {0A828B18-79CD-4B7D-B034-7EA62FEF935A} - System32\Tasks\{5F35F8A8-7B19-9BA1-EC80-416490E6C1CB} => C:\Users\Alex\AppData\Local\{3CBE0~1\UNINST~1.EXE [2013-04-29] () <==== ATTENTION
C:\Users\Alex\AppData\Local\{3CBE0~1
Task: {8ADCC82A-9D17-4263-B69F-C7BCFC271F72} - \AutoKMS -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\{5F35F8A8-7B19-9BA1-EC80-416490E6C1CB}.job => C:\Users\Alex\AppData\Local\{3CBE0~1\UNINST~1.EXE <==== ATTENTION
AlternateDataStreams: C:\Users\Alex\Documents\EXCEL MANA PROJECT.xlsx:com.dropbox.attributes [168]
RemoveProxy:
CMD: ipconfig /flushdns
EmptyTemp:
end

*****************

Restore point was successfully created.
Processes closed successfully.
hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
HKU\S-1-5-21-107058814-2551184098-3884761247-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
C:\Windows\Tasks\{5F35F8A8-7B19-9BA1-EC80-416490E6C1CB}.job => moved successfully
C:\Users\Alex\AppData\Local\Temp\131099290231409562.exe => moved successfully
C:\Users\Alex\AppData\Local\Temp\131099290778443727.exe => moved successfully
C:\Users\Alex\AppData\Local\Temp\131115340301685216.exe => moved successfully
C:\Users\Alex\AppData\Local\Temp\AAMHelper.exe => moved successfully
C:\Users\Alex\AppData\Local\Temp\AdobeApplicationManager.exe => moved successfully
C:\Users\Alex\AppData\Local\Temp\AstebreedTrial_up1_12.exe => moved successfully
C:\Users\Alex\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprbvvtc.dll => moved successfully
C:\Users\Alex\AppData\Local\Temp\HONEYVIEW-SETUP.EXE => moved successfully
C:\Users\Alex\AppData\Local\Temp\i4jdel0.exe => moved successfully
C:\Users\Alex\AppData\Local\Temp\mirc734.exe => moved successfully
C:\Users\Alex\AppData\Local\Temp\ose00001.exe => moved successfully
C:\Users\Alex\AppData\Local\Temp\proxy_vole6585020922986589137.dll => moved successfully
C:\Users\Alex\AppData\Local\Temp\proxy_vole805607060818253200.dll => moved successfully
C:\Users\Alex\AppData\Local\Temp\SkypeSetup.exe => moved successfully
C:\Users\Alex\AppData\Local\Temp\xmlUpdater.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0A828B18-79CD-4B7D-B034-7EA62FEF935A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A828B18-79CD-4B7D-B034-7EA62FEF935A}" => key removed successfully
C:\WINDOWS\System32\Tasks\{5F35F8A8-7B19-9BA1-EC80-416490E6C1CB} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5F35F8A8-7B19-9BA1-EC80-416490E6C1CB}" => key removed successfully
C:\Users\Alex\AppData\Local\{3CBE0~1 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{8ADCC82A-9D17-4263-B69F-C7BCFC271F72}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8ADCC82A-9D17-4263-B69F-C7BCFC271F72}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => key removed successfully
C:\WINDOWS\Tasks\{5F35F8A8-7B19-9BA1-EC80-416490E6C1CB}.job => not found.
C:\Users\Alex\Documents\EXCEL MANA PROJECT.xlsx => ":com.dropbox.attributes" ADS removed successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-107058814-2551184098-3884761247-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-107058814-2551184098-3884761247-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6111554 B
Java, Flash, Steam htmlcache => 58680345 B
Windows/system/drivers => 519178149 B
Edge => 0 B
Chrome => 844447682 B
Firefox => 381391676 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 258346 B
systemprofile32 => 128 B
LocalService => 12400 B
NetworkService => 5586022 B
Alex => 7731083624 B
alex_000 => 43332064 B

RecycleBin => 1062871441 B
EmptyTemp: => 9.9 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 12:36:02 ====

 

Here is the exported results from the Malware byte scan 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Update, 6/30/2016 6:01 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Remediation Database, 2016.6.16.1, 2016.6.29.1, 
Update, 6/30/2016 6:01 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Domain Database, 2016.6.20.7, 2016.6.30.1, 
Update, 6/30/2016 6:01 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, IP Database, 2016.6.20.1, 2016.6.29.2, 
Update, 6/30/2016 6:01 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Malware Database, 2016.6.20.7, 2016.6.30.5, 
Protection, 6/30/2016 6:01 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting, 
Protection, 6/30/2016 6:01 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success, 
Scan, 6/30/2016 7:02 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Start:6/30/2016 6:01 AM, Duration:1 hr 0 min 40 sec, Threat Scan, Cancelled, 0 Malware Detections, 1 Non-Malware Detection, 
Protection, 6/30/2016 7:10 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malware Protection, Starting, 
Protection, 6/30/2016 7:10 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, 
Protection, 6/30/2016 7:10 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malware Protection, Started, 
Protection, 6/30/2016 7:12 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, 
Scan, 6/30/2016 7:16 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Start:6/30/2016 7:06 AM, Duration:9 min 59 sec, Custom Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 
Update, 6/30/2016 7:33 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Malware Database, 2016.6.30.5, 2016.6.30.6, 
Protection, 6/30/2016 7:33 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting, 
Protection, 6/30/2016 7:33 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping, 
Protection, 6/30/2016 7:33 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped, 
Protection, 6/30/2016 7:41 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success, 
Protection, 6/30/2016 7:41 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, 
Protection, 6/30/2016 7:41 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, 
Scan, 6/30/2016 7:44 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Start:6/30/2016 7:21 AM, Duration:22 min 31 sec, Custom Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 
Update, 6/30/2016 8:41 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, IP Database, 2016.6.29.2, 2016.6.30.1, 
Update, 6/30/2016 8:41 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Domain Database, 2016.6.30.1, 2016.6.30.2, 
Update, 6/30/2016 8:41 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Malware Database, 2016.6.30.6, 2016.6.30.7, 
Protection, 6/30/2016 8:41 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting, 
Protection, 6/30/2016 8:41 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping, 
Protection, 6/30/2016 8:41 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped, 
Protection, 6/30/2016 8:57 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success, 
Protection, 6/30/2016 8:57 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, 
Protection, 6/30/2016 8:57 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, 
Scan, 6/30/2016 9:08 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Start:6/30/2016 7:44 AM, Duration:1 hr 24 min 17 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 
Update, 6/30/2016 9:32 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, IP Database, 2016.6.30.1, 2016.6.30.2, 
Update, 6/30/2016 9:32 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Domain Database, 2016.6.30.2, 2016.6.30.3, 
Protection, 6/30/2016 9:32 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting, 
Protection, 6/30/2016 9:32 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping, 
Protection, 6/30/2016 9:32 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped, 
Protection, 6/30/2016 9:32 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success, 
Protection, 6/30/2016 9:32 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, 
Protection, 6/30/2016 9:32 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, 
Update, 6/30/2016 10:14 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Malware Database, 2016.6.30.7, 2016.6.30.8, 
Protection, 6/30/2016 10:14 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting, 
Protection, 6/30/2016 10:14 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping, 
Protection, 6/30/2016 10:14 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped, 
Protection, 6/30/2016 10:19 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success, 
Protection, 6/30/2016 10:19 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, 
Protection, 6/30/2016 10:19 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, 
Update, 6/30/2016 10:37 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Domain Database, 2016.6.30.3, 2016.6.30.4, 
Protection, 6/30/2016 10:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting, 
Protection, 6/30/2016 10:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping, 
Protection, 6/30/2016 10:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped, 
Protection, 6/30/2016 10:38 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success, 
Protection, 6/30/2016 10:38 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, 
Protection, 6/30/2016 10:39 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, 
Update, 6/30/2016 11:27 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Domain Database, 2016.6.30.4, 2016.6.30.6, 
Protection, 6/30/2016 11:27 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting, 
Protection, 6/30/2016 11:27 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping, 
Protection, 6/30/2016 11:27 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped, 
Update, 6/30/2016 11:31 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Malware Database, 2016.6.30.8, 2016.6.30.9, 
Protection, 6/30/2016 11:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success, 
Protection, 6/30/2016 11:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, 
Protection, 6/30/2016 11:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting, 
Protection, 6/30/2016 11:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, 
Protection, 6/30/2016 11:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping, 
Protection, 6/30/2016 11:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped, 
Protection, 6/30/2016 11:38 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success, 
Protection, 6/30/2016 11:38 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, 
Protection, 6/30/2016 11:38 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, 
Scan, 6/30/2016 11:46 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Start:6/30/2016 10:14 AM, Duration:1 hr 31 min 34 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 
Protection, 6/30/2016 12:28 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malware Protection, Starting, 
Protection, 6/30/2016 12:28 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malware Protection, Started, 
Protection, 6/30/2016 12:28 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, 
Protection, 6/30/2016 12:28 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, 
Update, 6/30/2016 12:39 PM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Domain Database, 2016.6.30.6, 2016.6.30.7, 
Protection, 6/30/2016 12:39 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting, 
Protection, 6/30/2016 12:39 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping, 
Protection, 6/30/2016 12:39 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped, 
Protection, 6/30/2016 12:39 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success, 
Protection, 6/30/2016 12:39 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, 
Protection, 6/30/2016 12:39 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, 
Protection, 6/30/2016 12:58 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malware Protection, Starting, 
Protection, 6/30/2016 12:58 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malware Protection, Started, 
Protection, 6/30/2016 12:58 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, 
Protection, 6/30/2016 12:58 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, 
Update, 6/30/2016 1:36 PM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Malware Database, 2016.6.30.9, 2016.6.30.10, 
Protection, 6/30/2016 1:36 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting, 
Protection, 6/30/2016 1:36 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping, 
Protection, 6/30/2016 1:36 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped, 
Protection, 6/30/2016 1:41 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success, 
Protection, 6/30/2016 1:41 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, 
Protection, 6/30/2016 1:41 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, 
Scan, 6/30/2016 1:47 PM, SYSTEM, WINDOWS-8JNJDSM, Manual, Start:6/30/2016 1:05 PM, Duration:41 min 45 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 
Protection, 6/30/2016 2:24 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malware Protection, Starting, 
Protection, 6/30/2016 2:24 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malware Protection, Started, 
Protection, 6/30/2016 2:24 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, 
Protection, 6/30/2016 2:24 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, 
Update, 6/30/2016 4:35 PM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Domain Database, 2016.6.30.7, 2016.6.30.8, 
Update, 6/30/2016 4:35 PM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Malware Database, 2016.6.30.10, 2016.6.30.11, 
Protection, 6/30/2016 4:35 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting, 
Protection, 6/30/2016 4:35 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping, 
Protection, 6/30/2016 4:35 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped, 
Protection, 6/30/2016 4:41 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success, 
Protection, 6/30/2016 4:41 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, 
Protection, 6/30/2016 4:41 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, 

(end)

 

And here is the AdwCleaner(C*)-Notepad log

 

 

# AdwCleaner v5.200 - Logfile created 30/06/2016 at 14:22:07
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-30.2 [Server]
# Operating system : Windows 8.1  (X64)
# Username : Alex - WINDOWS-8JNJDSM
# Running from : C:\Users\Alex\Desktop\AdwCleaner.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Alex\AppData\Local\jZip

***** [ Files ] *****

[-] File Deleted : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\bald2n12.default\searchplugins\Search Provided by Bing.xml

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Value Deleted : HKLM\SOFTWARE\RegisteredApplications [jZip]
[-] Key Deleted : HKCU\Software\jZip

***** [ Web browsers ] *****

[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bahkljhhdeciiaodlkppoonappfnheoi
[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxps://search.yahoo.com/?type=903578&fr=spigot-yhp-ch

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1305 bytes] - [30/06/2016 14:22:07]
C:\AdwCleaner\AdwCleaner[S1].txt - [1409 bytes] - [30/06/2016 14:13:18]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1451 bytes] ##########

 

Some time before you posted your instructions I used task manager to close the pop up because at that point it became impossible to type up responses. After the multiple reboots I have yet to see it reapear 
 

 

Fixlog.txt

AdwCleaner[C1].txt

[kevinf80]

The log you post from Malwarebytes is a "Protection" log, not a "Scan" log as requested...

[skullpatch]

I see, my mistake

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/30/2016
Scan Time: 1:05 PM
Logfile: 
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.06.30.09
Rootkit Database: v2016.05.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Alex

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 344704
Time Elapsed: 41 min, 45 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

[kevinf80]

Its a clean log and all settings were correct... Just wait for Sophos log....

[skullpatch]

Let the program run all night and it finally finished.

here is the log.

2016-06-30 18:36:32.441    Sophos Virus Removal Tool version 2.5.5
2016-06-30 18:36:32.441    Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2016-06-30 18:36:32.442    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-06-30 18:36:32.442    Windows version 6.2 SP 0.0  build 9200 SM=0x300 PT=0x1 WOW64
2016-06-30 18:36:32.443    Checking for updates...
2016-06-30 18:36:32.472    Update progress: proxy server not available
2016-06-30 18:36:50.520    Downloading updates...
2016-06-30 18:36:50.527    Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0 
2016-06-30 18:36:50.527    Update progress: [I49502] Found supplement SAVIW32 LATEST 
2016-06-30 18:36:50.527    Update progress: [I49502] Found supplement IDE527 LATEST 
2016-06-30 18:36:50.527    Update progress: [I49502] Found supplement IDE528 LATEST 
2016-06-30 18:36:50.527    Update progress: [I49502] Found supplement IDE529 LATEST 
2016-06-30 18:36:50.527    Update progress: [I49502] Found supplement IDE530 LATEST 
2016-06-30 18:36:50.527    Update progress: [I49502] Found supplement IDE531 LATEST 
2016-06-30 18:36:50.527    Update progress: [I49502] Found supplement IDE532 LATEST 
2016-06-30 18:36:50.527    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2016-06-30 18:36:50.528    Update progress: [I19463] Syncing product SAVIW32 70
2016-06-30 18:36:58.506    Option all = no
2016-06-30 18:36:58.506    Option recurse = yes
2016-06-30 18:36:58.506    Option archive = no
2016-06-30 18:36:58.506    Option service = yes
2016-06-30 18:36:58.506    Option confirm = yes
2016-06-30 18:36:58.506    Option sxl = yes
2016-06-30 18:36:58.511    Option max-data-age = 35
2016-06-30 18:36:58.511    Option EnableSafeClean = yes
2016-06-30 18:37:12.389    Option vdl-logging = yes
2016-06-30 18:37:12.445    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-06-30 18:37:12.445    Machine ID:    8c3dd8824d724c109c41d9b4cb4e5974
2016-06-30 18:37:12.447    Component SVRTcli.exe version 2.5.5
2016-06-30 18:37:12.447    Component control.dll version 2.5.5
2016-06-30 18:37:12.447    Component SVRTservice.exe version 2.5.5
2016-06-30 18:37:12.447    Component engine\osdp.dll version 1.44.1.2250
2016-06-30 18:37:12.448    Component engine\veex.dll version 3.65.0.2250
2016-06-30 18:37:12.448    Component engine\savi.dll version 9.0.1.2250
2016-06-30 18:37:12.448    Component rkdisk.dll version 1.5.30.0
2016-06-30 18:37:12.448    Version info:    Product version    2.5.5
2016-06-30 18:37:12.451    Version info:    Detection engine    3.65.0
2016-06-30 18:37:12.451    Version info:    Detection data    5.26
2016-06-30 18:37:12.451    Version info:    Build date    4/5/2016
2016-06-30 18:37:12.451    Version info:    Data files added    552
2016-06-30 18:37:12.451    Version info:    Last successful update    (not yet updated)
2016-06-30 18:37:19.937    Update progress: [I19463] Syncing product IDE527 142
2016-06-30 18:37:37.567    Installing updates...
2016-06-30 18:37:38.774    Error level 1
2016-06-30 18:37:38.825    Update progress: [I19463] Syncing product IDE528 127
2016-06-30 18:37:38.825    Update progress: [I19463] Syncing product IDE529 135
2016-06-30 18:37:38.825    Update progress: [I19463] Syncing product IDE530 154
2016-06-30 18:37:38.825    Update progress: [I19463] Syncing product IDE531 1
2016-06-30 18:37:38.825    Update progress: [I19463] Syncing product IDE532 1
2016-06-30 18:38:06.512    Update successful
2016-06-30 18:38:44.341    Option all = no
2016-06-30 18:38:44.342    Option recurse = yes
2016-06-30 18:38:44.342    Option archive = no
2016-06-30 18:38:44.342    Option service = yes
2016-06-30 18:38:44.342    Option confirm = yes
2016-06-30 18:38:44.342    Option sxl = yes
2016-06-30 18:38:44.346    Option max-data-age = 35
2016-06-30 18:38:44.346    Option EnableSafeClean = yes
2016-06-30 18:38:44.826    Option vdl-logging = yes
2016-06-30 18:38:44.850    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-06-30 18:38:44.850    Machine ID:    8c3dd8824d724c109c41d9b4cb4e5974
2016-06-30 18:38:44.851    Component SVRTcli.exe version 2.5.5
2016-06-30 18:38:44.852    Component control.dll version 2.5.5
2016-06-30 18:38:44.852    Component SVRTservice.exe version 2.5.5
2016-06-30 18:38:44.852    Component engine\osdp.dll version 1.44.1.2250
2016-06-30 18:38:44.852    Component engine\veex.dll version 3.65.0.2250
2016-06-30 18:38:44.853    Component engine\savi.dll version 9.0.1.2250
2016-06-30 18:38:44.853    Component rkdisk.dll version 1.5.30.0
2016-06-30 18:38:44.853    Version info:    Product version    2.5.5
2016-06-30 18:38:44.856    Version info:    Detection engine    3.65.0
2016-06-30 18:38:44.856    Version info:    Detection data    5.26
2016-06-30 18:38:44.856    Version info:    Build date    4/5/2016
2016-06-30 18:38:44.856    Version info:    Data files added    552
2016-06-30 18:38:44.856    Version info:    Last successful update    6/30/2016 2:38:06 PM

2016-07-01 00:44:29.591    Could not open C:\hiberfil.sys
2016-07-01 00:44:37.434    Could not open C:\pagefile.sys
2016-07-01 01:47:28.258    Could not open C:\swapfile.sys
2016-07-01 01:47:29.882    Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-07-01 01:47:29.882    Could not open C:\System Volume Information\{4b88cab5-3c93-11e6-beb2-342387401e5c}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-07-01 01:47:29.882    Could not open C:\System Volume Information\{4b88cabe-3c93-11e6-beb2-342387401e5c}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-07-01 01:47:29.882    Could not open C:\System Volume Information\{a628a507-3eca-11e6-beb2-342387401e5c}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-07-01 01:47:29.897    Could not open C:\System Volume Information\{bcad4bbe-3eef-11e6-beb4-342387401e5c}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-07-01 01:50:15.430    Could not open C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Current Session
2016-07-01 01:50:15.431    Could not open C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
2016-07-01 02:27:57.871    >>> Virus 'Mal/Generic-S' found in file C:\Users\Alex\Downloads\Monster Hunter\ASS\Athenas ASS MH4U 1.10b\Athena's ASS MH4U 1.10b\Athena's ASS MH4U 1.10b.exe
2016-07-01 06:11:42.645    Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2016-07-01 06:11:42.645    Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2016-07-01 06:11:54.129    Could not open C:\Windows\System32\config\BBI
2016-07-01 06:11:54.677    Could not open C:\Windows\System32\config\RegBack\DEFAULT
2016-07-01 06:11:54.708    Could not open C:\Windows\System32\config\RegBack\SAM
2016-07-01 06:11:54.740    Could not open C:\Windows\System32\config\RegBack\SECURITY
2016-07-01 06:11:54.755    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2016-07-01 06:11:54.755    Could not open C:\Windows\System32\config\RegBack\SYSTEM
2016-07-01 07:03:04.850    The following items will be cleaned up:
2016-07-01 07:03:04.850    Mal/Generic-S
2016-07-01 13:54:59.375    Threat 'Mal/Generic-S' has been cleaned up.
2016-07-01 13:54:59.391    File "C:\Users\Alex\Downloads\Monster Hunter\ASS\Athenas ASS MH4U 1.10b\Athena's ASS MH4U 1.10b\Athena's ASS MH4U 1.10b.exe" belongs to malware 'Mal/Generic-S'.
2016-07-01 13:54:59.391    File "C:\Users\Alex\Downloads\Monster Hunter\ASS\Athenas ASS MH4U 1.10b\Athena's ASS MH4U 1.10b\Athena's ASS MH4U 1.10b.exe" has been cleaned up.
2016-07-01 13:54:59.391    Removal successful
2016-07-01 13:54:59.500    Contents of SafeClean bin directory:
2016-07-01 13:54:59.516    {
2016-07-01 13:54:59.516        RecordID   : "0000000000000001",
2016-07-01 13:54:59.516        ItemType   : "1",
2016-07-01 13:54:59.516        Location   : "C:\Users\Alex\Downloads\Monster Hunter\ASS\Athenas ASS MH4U 1.10b\Athena's ASS MH4U 1.10b\",
2016-07-01 13:54:59.516        FileName   : "Athena's ASS MH4U 1.10b.exe",
2016-07-01 13:54:59.516        ThreatName : "Mal/Generic-S",
2016-07-01 13:54:59.516        Checksum   : "c81cc66257564d133e35f57a74e04675f61077456f9393cf70d0fcc13e7e5757",
2016-07-01 13:54:59.516        TimeStamp  : "Fri Jul 01 09:54:50 2016"
2016-07-01 13:54:59.516    }
2016-07-01 13:55:00.328    Error level 0
 

The "Malware" it found is just a false negative. The file is just a harmless search tool.

[skullpatch]

false positive*

 

[kevinf80]

Do you have any remaining issues or concerns...

[skullpatch]

18 minutes ago, kevinf80 said:

Do you have any remaining issues or concerns...

No, the problem with the pop up has ended entirely. Whatever was causing it seems to have been removed.

Thank you for your assistance.

[kevinf80]

Thanks for the update, we still need to clean up to complete... Uninstall Sophos AV via Programs and Features....

Next,

Download "Delfix by Xplode" and save it to your desktop. Or use the following if first link is down: "Delfix link mirror" If your security program alerts to Delfix either, accept the alert or turn your security off. Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator Make Sure the following items are checked:   Remove disinfection tools Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created. Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection Now click on "Run" and wait patiently until the tool has completed. The tool will create a log when it has completed. We don't need you to post this. Any remnant files/logs from tools we have used can be deleted… Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful.... Answers to Common Security Questions and best Practices Do I need a Registry Cleaner? Take care and surf safe Kevin...

 

[AdvancedSetup]

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!