Launched laptop and it says it's cleaning the drive

[Ore]

This morning I launched my laptop, then the posted a percentage number, next to it it said along the lines of "Please wait. Cleaning your drive C:", I found it really fishy so then I ran MalwareBytes. It said everything was fine so then I started going through my day. Then this happened. I was playing CS:GO, in the middle of a match then it disconnected me saying something about I couldn't connect to VAC servers because there were files on my system that prevented me? So then I was really suspicious now, so then I ran MalwareBytes Chameleon, but it said there was an error with my anti rootkits. I then tried to launch MalwareBytes again and it says I don't have the appropriate permissions. I relaunched my computer (Windows 8) and it put me on a temporary account because "my files can't be accessed" Help please.

I attached a FRST log, a FRST Additon log, and a Malwarebytes log.

Addition.txt

FRST.txt

Malwarebytes Log.txt

[AdvancedSetup]

Hello @Ore and

 

Please restart the computer first and then run the following steps and post back the logs when ready.

STEP 01
Please download Junkware Removal Tool to your desktop.

• Shutdown your antivirus to avoid any conflicts.
• Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next reply message
• When completed make sure to re-enable your antivirus

STEP 02

Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.

• Right-click on icon and select Run as Administrator to start the tool.
• Accept the Terms of use.
• Wait until the database is updated.
• Click Scan.
• When finished, please click Clean.
• Your PC should reboot now.
• After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

STEP 03
Download Sophos Free Virus Removal Tool and save it to your desktop.
 

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View Log file (bottom left-hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program
• If no threats were found, please confirm that result.

STEP 04
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

• Double-click to run it. When the tool opens, click Yes to disclaimer.
• Press the Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
• Please attach the Additions.txt log to your reply as well.

 

Thanks

[Ore]

@AdvancedSetup this is the JRT file

JRT.txt

[Ore]

ADWcleaner log @AdvancedSetup

# AdwCleaner v6.045 - Logfile created 31/03/2017 at 09:48:24
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-03-30.1 [Server]
# Operating System : Windows 8.1  (X64)
# Username : tnguy_000 - SHANE-PC
# Running from : C:\Users\tnguy_000\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder deleted: C:\ProgramData\{ab5163fd-a766-8056-ab51-163fda768ff6}
[-] Folder deleted: C:\Users\Default User\AppData\Local\Pokki
[#] Folder deleted on reboot: C:\Users\Default\AppData\Local\Pokki

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\33f4cae1-2bda-4285-6364-67c251b188c8
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{2E5FA7B4-61A2-4662-BBCE-62BBB20FC649}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{5D7F05E3-075A-43AF-8BC7-21E2F7F38845}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{617E26CE-E6E1-4C75-A68A-A001F2B98491}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{79FBDBEA-A722-4ABD-BEC0-B7D463F6BA0E}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{8128586C-DF69-4266-873F-CF4C6F705A7C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{C1F9CFCE-A7DC-4072-8B31-1DEA57004C86}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{EA4AD895-2A7F-430E-B973-DEE6C4E743A9}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{EBF4B60F-A863-426F-BE6F-5DFE83BC574F}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{CB6BF8B6-E12B-42FA-A478-91BCCDE475DC}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}
[-] Key deleted: HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key deleted: HKLM\SOFTWARE\VisualDiscovery
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\VISUALDISCOVERY.EXE
[#] Key deleted on reboot: HKLM\SOFTWARE\CLASSES\APPID\VISUALDISCOVERY.EXE
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDWFP

***** [ Web browsers ] *****

[-] [C:\Users\tnguy_000\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\tnguy_000\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: ask.com

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2960 Bytes] - [31/03/2017 09:48:24]
C:\AdwCleaner\AdwCleaner[R0].txt - [4944 Bytes] - [05/01/2015 11:25:02]
C:\AdwCleaner\AdwCleaner[S0].txt - [5095 Bytes] - [05/01/2015 11:30:31]
C:\AdwCleaner\AdwCleaner[S1].txt - [3211 Bytes] - [31/03/2017 09:43:58]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3252 Bytes] ##########
 

[Ore]

Sophos Log @AdvancedSetup

2017-03-31 17:01:06.580    Sophos Virus Removal Tool version 2.5.6
2017-03-31 17:01:06.580    Copyright (c) 2009-2016 Sophos Limited. All rights reserved.

2017-03-31 17:01:06.580    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2017-03-31 17:01:06.580    Windows version 6.2 SP 0.0  build 9200 SM=0x300 PT=0x1 WOW64
2017-03-31 17:01:06.581    Checking for updates...
2017-03-31 17:01:06.955    Update progress: proxy server not available
2017-03-31 17:01:26.740    Downloading updates...
2017-03-31 17:01:26.747    Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2017-03-31 17:01:26.747    Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-03-31 17:01:26.747    Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-03-31 17:01:26.747    Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2017-03-31 17:01:26.747    Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2017-03-31 17:01:26.747    Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2017-03-31 17:01:26.747    Update progress: [I49502] sdds.data0910.xml: found supplement IDE537 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2017-03-31 17:01:26.747    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE537 LATEST path=
2017-03-31 17:01:26.747    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE537 LATEST path=
2017-03-31 17:01:26.747    Update progress: [I49502] sdds.data0910.xml: found supplement IDE538 LATEST path= baseVersion= [included from product IDE537 LATEST path=]
2017-03-31 17:01:26.747    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE538 LATEST path=
2017-03-31 17:01:26.747    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE538 LATEST path=
2017-03-31 17:01:26.747    Update progress: [I49502] sdds.data0910.xml: found supplement IDE539 LATEST path= baseVersion= [included from product IDE538 LATEST path=]
2017-03-31 17:01:26.747    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE539 LATEST path=
2017-03-31 17:01:26.748    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE539 LATEST path=
2017-03-31 17:01:26.748    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-03-31 17:01:27.082    Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2017-03-31 17:01:27.082    Update progress: [I19463] Product download size 158884372 bytes
2017-03-31 17:02:22.500    Update progress: [I19463] Syncing product IDE537 LATEST path=
2017-03-31 17:02:22.500    Update progress: [I19463] Product download size 2537599 bytes
2017-03-31 17:02:25.644    Update progress: [I19463] Syncing product IDE538 LATEST path=
2017-03-31 17:02:25.645    Update progress: [I19463] Product download size 2280148 bytes
2017-03-31 17:02:30.004    Update progress: [I19463] Syncing product IDE539 LATEST path=
2017-03-31 17:02:30.004    Update progress: [I19463] Product download size 2180844 bytes
2017-03-31 17:02:33.623    Installing updates...
2017-03-31 17:02:34.122    Option all = no
2017-03-31 17:02:35.327    Option recurse = yes
2017-03-31 17:02:35.327    Option archive = no
2017-03-31 17:02:35.327    Option service = yes
2017-03-31 17:02:35.327    Option confirm = yes
2017-03-31 17:02:35.327    Option sxl = yes
2017-03-31 17:02:35.327    Option max-data-age = 35
2017-03-31 17:02:35.327    Option vdl-logging = yes
2017-03-31 17:02:35.327    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2017-03-31 17:02:35.329    Machine ID:    0e8263f709074b27a236fec98c1f17ad
2017-03-31 17:02:35.329    Component SVRTcli.exe version 2.5.6
2017-03-31 17:02:35.329    Component control.dll version 2.5.6
2017-03-31 17:02:35.329    Component SVRTservice.exe version 2.5.6
2017-03-31 17:02:35.329    Component engine\osdp.dll version 1.44.1.2280
2017-03-31 17:02:35.329    Component engine\veex.dll version 3.68.0.2280
2017-03-31 17:02:35.329    Component engine\savi.dll version 9.0.7.2280
2017-03-31 17:02:35.329    Component rkdisk.dll version 1.5.31.1
2017-03-31 17:02:35.329    Version info:    Product version    2.5.6
2017-03-31 17:02:35.329    Version info:    Detection engine    3.68.0
2017-03-31 17:02:35.329    Version info:    Detection data    5.36
2017-03-31 17:02:35.330    Version info:    Build date    2/7/2017
2017-03-31 17:02:35.330    Version info:    Data files added    384
2017-03-31 17:02:35.330    Version info:    Last successful update    (not yet updated)
2017-03-31 17:02:35.330    Error level 1
2017-03-31 17:02:51.886    Update successful
2017-03-31 17:03:21.654    Option all = no
2017-03-31 17:03:21.654    Option recurse = yes
2017-03-31 17:03:21.654    Option archive = no
2017-03-31 17:03:21.654    Option service = yes
2017-03-31 17:03:21.654    Option confirm = yes
2017-03-31 17:03:21.654    Option sxl = yes
2017-03-31 17:03:21.657    Option max-data-age = 35
2017-03-31 17:03:21.657    Option vdl-logging = yes
2017-03-31 17:03:21.676    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2017-03-31 17:03:21.676    Machine ID:    0e8263f709074b27a236fec98c1f17ad
2017-03-31 17:03:21.682    Component SVRTcli.exe version 2.5.6
2017-03-31 17:03:21.683    Component control.dll version 2.5.6
2017-03-31 17:03:21.684    Component SVRTservice.exe version 2.5.6
2017-03-31 17:03:21.685    Component engine\osdp.dll version 1.44.1.2280
2017-03-31 17:03:21.688    Component engine\veex.dll version 3.68.0.2280
2017-03-31 17:03:21.689    Component engine\savi.dll version 9.0.7.2280
2017-03-31 17:03:21.691    Component rkdisk.dll version 1.5.31.1
2017-03-31 17:03:21.691    Version info:    Product version    2.5.6
2017-03-31 17:03:21.692    Version info:    Detection engine    3.68.0
2017-03-31 17:03:21.692    Version info:    Detection data    5.36
2017-03-31 17:03:21.692    Version info:    Build date    2/7/2017
2017-03-31 17:03:21.692    Version info:    Data files added    384
2017-03-31 17:03:21.692    Version info:    Last successful update    3/31/2017 10:02:51 AM

2017-03-31 18:32:48.110    >>> Virus 'Troj/Kovter-K' found in file C:\FRST\Quarantine\C\Users\tnguy_000\AppData\Local\{8a967ef8-b49d-2b2f-2054-a34da34e12fe}\{8a967ef8-b49d-2b2f-2054-a34da34e12fe}.exe
2017-03-31 18:33:02.900    Could not open C:\hiberfil.sys
2017-03-31 18:34:05.343    Could not open C:\pagefile.sys
2017-03-31 19:22:10.593    Could not open C:\swapfile.sys
2017-03-31 19:22:12.234    Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-03-31 19:22:12.264    Could not open C:\System Volume Information\{4bba569d-12f5-11e7-8601-0071cc94c154}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-03-31 19:22:12.267    Could not open C:\System Volume Information\{5b56cd08-162c-11e7-8606-0071cc94c154}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-03-31 19:22:12.270    Could not open C:\System Volume Information\{766f084f-0bf8-11e7-85f3-0071cc94c154}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-03-31 19:22:12.275    Could not open C:\System Volume Information\{fef6c664-1631-11e7-8607-0071cc94c154}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-03-31 19:23:13.600    Could not open C:\Users\tnguy_000\AppData\Local\Google\Chrome\User Data\Default\Current Session
2017-03-31 19:23:13.602    Could not open C:\Users\tnguy_000\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
2017-03-31 20:04:08.370    Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2017-03-31 20:04:08.373    Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2017-03-31 20:04:27.828    Could not open C:\Windows\System32\config\BBI
2017-03-31 20:04:28.456    Could not open C:\Windows\System32\config\RegBack\DEFAULT
2017-03-31 20:04:28.509    Could not open C:\Windows\System32\config\RegBack\SAM
2017-03-31 20:04:28.548    Could not open C:\Windows\System32\config\RegBack\SECURITY
2017-03-31 20:04:28.579    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2017-03-31 20:04:28.607    Could not open C:\Windows\System32\config\RegBack\SYSTEM
2017-03-31 20:43:50.821    The following items will be cleaned up:
2017-03-31 20:43:50.821    Troj/Kovter-K
 

[AdvancedSetup]

Thanks, Please attach the FRST and Addition logs when ready.

 

[Ore]

@AdvancedSetup the FRST files

Addition.txt

FRST.txt