skullpatch

No, the problem with the pop up has ended entirely. Whatever was causing it seems to have been removed. Thank you for your assistance.

false positive*

Let the program run all night and it finally finished. here is the log. 2016-06-30 18:36:32.441 Sophos Virus Removal Tool version 2.5.5 2016-06-30 18:36:32.441 Copyright (c) 2009-2014 Sophos Limited. All rights reserved. 2016-06-30 18:36:32.442 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them. 2016-06-30 18:36:32.442 Windows version 6.2 SP 0.0 build 9200 SM=0x300 PT=0x1 WOW64 2016-06-30 18:36:32.443 Checking for updates... 2016-06-30 18:36:32.472 Update progress: proxy server not available 2016-06-30 18:36:50.520 Downloading updates... 2016-06-30 18:36:50.527 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0 2016-06-30 18:36:50.527 Update progress: [I49502] Found supplement SAVIW32 LATEST 2016-06-30 18:36:50.527 Update progress: [I49502] Found supplement IDE527 LATEST 2016-06-30 18:36:50.527 Update progress: [I49502] Found supplement IDE528 LATEST 2016-06-30 18:36:50.527 Update progress: [I49502] Found supplement IDE529 LATEST 2016-06-30 18:36:50.527 Update progress: [I49502] Found supplement IDE530 LATEST 2016-06-30 18:36:50.527 Update progress: [I49502] Found supplement IDE531 LATEST 2016-06-30 18:36:50.527 Update progress: [I49502] Found supplement IDE532 LATEST 2016-06-30 18:36:50.527 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1 2016-06-30 18:36:50.528 Update progress: [I19463] Syncing product SAVIW32 70 2016-06-30 18:36:58.506 Option all = no 2016-06-30 18:36:58.506 Option recurse = yes 2016-06-30 18:36:58.506 Option archive = no 2016-06-30 18:36:58.506 Option service = yes 2016-06-30 18:36:58.506 Option confirm = yes 2016-06-30 18:36:58.506 Option sxl = yes 2016-06-30 18:36:58.511 Option max-data-age = 35 2016-06-30 18:36:58.511 Option EnableSafeClean = yes 2016-06-30 18:37:12.389 Option vdl-logging = yes 2016-06-30 18:37:12.445 Customer ID: 094260ca9b3af99f9d4a3909fc47a743 2016-06-30 18:37:12.445 Machine ID: 8c3dd8824d724c109c41d9b4cb4e5974 2016-06-30 18:37:12.447 Component SVRTcli.exe version 2.5.5 2016-06-30 18:37:12.447 Component control.dll version 2.5.5 2016-06-30 18:37:12.447 Component SVRTservice.exe version 2.5.5 2016-06-30 18:37:12.447 Component engine\osdp.dll version 1.44.1.2250 2016-06-30 18:37:12.448 Component engine\veex.dll version 3.65.0.2250 2016-06-30 18:37:12.448 Component engine\savi.dll version 9.0.1.2250 2016-06-30 18:37:12.448 Component rkdisk.dll version 1.5.30.0 2016-06-30 18:37:12.448 Version info: Product version 2.5.5 2016-06-30 18:37:12.451 Version info: Detection engine 3.65.0 2016-06-30 18:37:12.451 Version info: Detection data 5.26 2016-06-30 18:37:12.451 Version info: Build date 4/5/2016 2016-06-30 18:37:12.451 Version info: Data files added 552 2016-06-30 18:37:12.451 Version info: Last successful update (not yet updated) 2016-06-30 18:37:19.937 Update progress: [I19463] Syncing product IDE527 142 2016-06-30 18:37:37.567 Installing updates... 2016-06-30 18:37:38.774 Error level 1 2016-06-30 18:37:38.825 Update progress: [I19463] Syncing product IDE528 127 2016-06-30 18:37:38.825 Update progress: [I19463] Syncing product IDE529 135 2016-06-30 18:37:38.825 Update progress: [I19463] Syncing product IDE530 154 2016-06-30 18:37:38.825 Update progress: [I19463] Syncing product IDE531 1 2016-06-30 18:37:38.825 Update progress: [I19463] Syncing product IDE532 1 2016-06-30 18:38:06.512 Update successful 2016-06-30 18:38:44.341 Option all = no 2016-06-30 18:38:44.342 Option recurse = yes 2016-06-30 18:38:44.342 Option archive = no 2016-06-30 18:38:44.342 Option service = yes 2016-06-30 18:38:44.342 Option confirm = yes 2016-06-30 18:38:44.342 Option sxl = yes 2016-06-30 18:38:44.346 Option max-data-age = 35 2016-06-30 18:38:44.346 Option EnableSafeClean = yes 2016-06-30 18:38:44.826 Option vdl-logging = yes 2016-06-30 18:38:44.850 Customer ID: 094260ca9b3af99f9d4a3909fc47a743 2016-06-30 18:38:44.850 Machine ID: 8c3dd8824d724c109c41d9b4cb4e5974 2016-06-30 18:38:44.851 Component SVRTcli.exe version 2.5.5 2016-06-30 18:38:44.852 Component control.dll version 2.5.5 2016-06-30 18:38:44.852 Component SVRTservice.exe version 2.5.5 2016-06-30 18:38:44.852 Component engine\osdp.dll version 1.44.1.2250 2016-06-30 18:38:44.852 Component engine\veex.dll version 3.65.0.2250 2016-06-30 18:38:44.853 Component engine\savi.dll version 9.0.1.2250 2016-06-30 18:38:44.853 Component rkdisk.dll version 1.5.30.0 2016-06-30 18:38:44.853 Version info: Product version 2.5.5 2016-06-30 18:38:44.856 Version info: Detection engine 3.65.0 2016-06-30 18:38:44.856 Version info: Detection data 5.26 2016-06-30 18:38:44.856 Version info: Build date 4/5/2016 2016-06-30 18:38:44.856 Version info: Data files added 552 2016-06-30 18:38:44.856 Version info: Last successful update 6/30/2016 2:38:06 PM 2016-07-01 00:44:29.591 Could not open C:\hiberfil.sys 2016-07-01 00:44:37.434 Could not open C:\pagefile.sys 2016-07-01 01:47:28.258 Could not open C:\swapfile.sys 2016-07-01 01:47:29.882 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} 2016-07-01 01:47:29.882 Could not open C:\System Volume Information\{4b88cab5-3c93-11e6-beb2-342387401e5c}{3808876b-c176-4e48-b7ae-04046e6cc752} 2016-07-01 01:47:29.882 Could not open C:\System Volume Information\{4b88cabe-3c93-11e6-beb2-342387401e5c}{3808876b-c176-4e48-b7ae-04046e6cc752} 2016-07-01 01:47:29.882 Could not open C:\System Volume Information\{a628a507-3eca-11e6-beb2-342387401e5c}{3808876b-c176-4e48-b7ae-04046e6cc752} 2016-07-01 01:47:29.897 Could not open C:\System Volume Information\{bcad4bbe-3eef-11e6-beb4-342387401e5c}{3808876b-c176-4e48-b7ae-04046e6cc752} 2016-07-01 01:50:15.430 Could not open C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Current Session 2016-07-01 01:50:15.431 Could not open C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Current Tabs 2016-07-01 02:27:57.871 >>> Virus 'Mal/Generic-S' found in file C:\Users\Alex\Downloads\Monster Hunter\ASS\Athenas ASS MH4U 1.10b\Athena's ASS MH4U 1.10b\Athena's ASS MH4U 1.10b.exe 2016-07-01 06:11:42.645 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb 2016-07-01 06:11:42.645 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb 2016-07-01 06:11:54.129 Could not open C:\Windows\System32\config\BBI 2016-07-01 06:11:54.677 Could not open C:\Windows\System32\config\RegBack\DEFAULT 2016-07-01 06:11:54.708 Could not open C:\Windows\System32\config\RegBack\SAM 2016-07-01 06:11:54.740 Could not open C:\Windows\System32\config\RegBack\SECURITY 2016-07-01 06:11:54.755 Could not open C:\Windows\System32\config\RegBack\SOFTWARE 2016-07-01 06:11:54.755 Could not open C:\Windows\System32\config\RegBack\SYSTEM 2016-07-01 07:03:04.850 The following items will be cleaned up: 2016-07-01 07:03:04.850 Mal/Generic-S 2016-07-01 13:54:59.375 Threat 'Mal/Generic-S' has been cleaned up. 2016-07-01 13:54:59.391 File "C:\Users\Alex\Downloads\Monster Hunter\ASS\Athenas ASS MH4U 1.10b\Athena's ASS MH4U 1.10b\Athena's ASS MH4U 1.10b.exe" belongs to malware 'Mal/Generic-S'. 2016-07-01 13:54:59.391 File "C:\Users\Alex\Downloads\Monster Hunter\ASS\Athenas ASS MH4U 1.10b\Athena's ASS MH4U 1.10b\Athena's ASS MH4U 1.10b.exe" has been cleaned up. 2016-07-01 13:54:59.391 Removal successful 2016-07-01 13:54:59.500 Contents of SafeClean bin directory: 2016-07-01 13:54:59.516 { 2016-07-01 13:54:59.516 RecordID : "0000000000000001", 2016-07-01 13:54:59.516 ItemType : "1", 2016-07-01 13:54:59.516 Location : "C:\Users\Alex\Downloads\Monster Hunter\ASS\Athenas ASS MH4U 1.10b\Athena's ASS MH4U 1.10b\", 2016-07-01 13:54:59.516 FileName : "Athena's ASS MH4U 1.10b.exe", 2016-07-01 13:54:59.516 ThreatName : "Mal/Generic-S", 2016-07-01 13:54:59.516 Checksum : "c81cc66257564d133e35f57a74e04675f61077456f9393cf70d0fcc13e7e5757", 2016-07-01 13:54:59.516 TimeStamp : "Fri Jul 01 09:54:50 2016" 2016-07-01 13:54:59.516 } 2016-07-01 13:55:00.328 Error level 0 The "Malware" it found is just a false negative. The file is just a harmless search tool.

I see, my mistake Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 6/30/2016 Scan Time: 1:05 PM Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.06.30.09 Rootkit Database: v2016.05.27.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: Alex Scan Type: Threat Scan Result: Completed Objects Scanned: 344704 Time Elapsed: 41 min, 45 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)

Sorry for taking so long to reply. It seems the sophos scan is going to take a while so I'll copy and paste the results when the process is complete. Attached the fixit log as per instructions Fix result of Farbar Recovery Scan Tool (x64) Version: 29-06-2016 Ran by Alex (2016-06-30 12:22:42) Run:1 Running from C:\Users\Alex\Desktop Loaded Profiles: Alex (Available Profiles: Alex & alex_000) Boot Mode: Normal ============================================== fixlist content: ***************** Start CreateRestorePoint: CloseProcesses: BootExecute: autocheck autochk /m /P \Device\HarddiskVolume9autocheck autochk * ProxyEnable: [S-1-5-21-107058814-2551184098-3884761247-1002] => Proxy is enabled. C:\Windows\Tasks\{5F35F8A8-7B19-9BA1-EC80-416490E6C1CB}.job C:\Users\Alex\AppData\Local\Temp\131099290231409562.exe C:\Users\Alex\AppData\Local\Temp\131099290778443727.exe C:\Users\Alex\AppData\Local\Temp\131115340301685216.exe C:\Users\Alex\AppData\Local\Temp\AAMHelper.exe C:\Users\Alex\AppData\Local\Temp\AdobeApplicationManager.exe C:\Users\Alex\AppData\Local\Temp\AstebreedTrial_up1_12.exe C:\Users\Alex\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprbvvtc.dll C:\Users\Alex\AppData\Local\Temp\HONEYVIEW-SETUP.EXE C:\Users\Alex\AppData\Local\Temp\i4jdel0.exe C:\Users\Alex\AppData\Local\Temp\mirc734.exe C:\Users\Alex\AppData\Local\Temp\ose00001.exe C:\Users\Alex\AppData\Local\Temp\proxy_vole6585020922986589137.dll C:\Users\Alex\AppData\Local\Temp\proxy_vole805607060818253200.dll C:\Users\Alex\AppData\Local\Temp\SkypeSetup.exe C:\Users\Alex\AppData\Local\Temp\xmlUpdater.exe Task: {0A828B18-79CD-4B7D-B034-7EA62FEF935A} - System32\Tasks\{5F35F8A8-7B19-9BA1-EC80-416490E6C1CB} => C:\Users\Alex\AppData\Local\{3CBE0~1\UNINST~1.EXE [2013-04-29] () <==== ATTENTION C:\Users\Alex\AppData\Local\{3CBE0~1 Task: {8ADCC82A-9D17-4263-B69F-C7BCFC271F72} - \AutoKMS -> No File <==== ATTENTION Task: C:\WINDOWS\Tasks\{5F35F8A8-7B19-9BA1-EC80-416490E6C1CB}.job => C:\Users\Alex\AppData\Local\{3CBE0~1\UNINST~1.EXE <==== ATTENTION AlternateDataStreams: C:\Users\Alex\Documents\EXCEL MANA PROJECT.xlsx:com.dropbox.attributes [168] RemoveProxy: CMD: ipconfig /flushdns EmptyTemp: end ***************** Restore point was successfully created. Processes closed successfully. hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully HKU\S-1-5-21-107058814-2551184098-3884761247-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully C:\Windows\Tasks\{5F35F8A8-7B19-9BA1-EC80-416490E6C1CB}.job => moved successfully C:\Users\Alex\AppData\Local\Temp\131099290231409562.exe => moved successfully C:\Users\Alex\AppData\Local\Temp\131099290778443727.exe => moved successfully C:\Users\Alex\AppData\Local\Temp\131115340301685216.exe => moved successfully C:\Users\Alex\AppData\Local\Temp\AAMHelper.exe => moved successfully C:\Users\Alex\AppData\Local\Temp\AdobeApplicationManager.exe => moved successfully C:\Users\Alex\AppData\Local\Temp\AstebreedTrial_up1_12.exe => moved successfully C:\Users\Alex\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprbvvtc.dll => moved successfully C:\Users\Alex\AppData\Local\Temp\HONEYVIEW-SETUP.EXE => moved successfully C:\Users\Alex\AppData\Local\Temp\i4jdel0.exe => moved successfully C:\Users\Alex\AppData\Local\Temp\mirc734.exe => moved successfully C:\Users\Alex\AppData\Local\Temp\ose00001.exe => moved successfully C:\Users\Alex\AppData\Local\Temp\proxy_vole6585020922986589137.dll => moved successfully C:\Users\Alex\AppData\Local\Temp\proxy_vole805607060818253200.dll => moved successfully C:\Users\Alex\AppData\Local\Temp\SkypeSetup.exe => moved successfully C:\Users\Alex\AppData\Local\Temp\xmlUpdater.exe => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0A828B18-79CD-4B7D-B034-7EA62FEF935A}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A828B18-79CD-4B7D-B034-7EA62FEF935A}" => key removed successfully C:\WINDOWS\System32\Tasks\{5F35F8A8-7B19-9BA1-EC80-416490E6C1CB} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5F35F8A8-7B19-9BA1-EC80-416490E6C1CB}" => key removed successfully C:\Users\Alex\AppData\Local\{3CBE0~1 => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{8ADCC82A-9D17-4263-B69F-C7BCFC271F72}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8ADCC82A-9D17-4263-B69F-C7BCFC271F72}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => key removed successfully C:\WINDOWS\Tasks\{5F35F8A8-7B19-9BA1-EC80-416490E6C1CB}.job => not found. C:\Users\Alex\Documents\EXCEL MANA PROJECT.xlsx => ":com.dropbox.attributes" ADS removed successfully. ========= RemoveProxy: ========= HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully HKU\S-1-5-21-107058814-2551184098-3884761247-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-107058814-2551184098-3884761247-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully ========= End of RemoveProxy: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6111554 B Java, Flash, Steam htmlcache => 58680345 B Windows/system/drivers => 519178149 B Edge => 0 B Chrome => 844447682 B Firefox => 381391676 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 258346 B systemprofile32 => 128 B LocalService => 12400 B NetworkService => 5586022 B Alex => 7731083624 B alex_000 => 43332064 B RecycleBin => 1062871441 B EmptyTemp: => 9.9 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 12:36:02 ==== Here is the exported results from the Malware byte scan Malwarebytes Anti-Malware www.malwarebytes.org Update, 6/30/2016 6:01 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Remediation Database, 2016.6.16.1, 2016.6.29.1, Update, 6/30/2016 6:01 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Domain Database, 2016.6.20.7, 2016.6.30.1, Update, 6/30/2016 6:01 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, IP Database, 2016.6.20.1, 2016.6.29.2, Update, 6/30/2016 6:01 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Malware Database, 2016.6.20.7, 2016.6.30.5, Protection, 6/30/2016 6:01 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting, Protection, 6/30/2016 6:01 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success, Scan, 6/30/2016 7:02 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Start:6/30/2016 6:01 AM, Duration:1 hr 0 min 40 sec, Threat Scan, Cancelled, 0 Malware Detections, 1 Non-Malware Detection, Protection, 6/30/2016 7:10 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malware Protection, Starting, Protection, 6/30/2016 7:10 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, Protection, 6/30/2016 7:10 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malware Protection, Started, Protection, 6/30/2016 7:12 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, Scan, 6/30/2016 7:16 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Start:6/30/2016 7:06 AM, Duration:9 min 59 sec, Custom Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, Update, 6/30/2016 7:33 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Malware Database, 2016.6.30.5, 2016.6.30.6, Protection, 6/30/2016 7:33 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting, Protection, 6/30/2016 7:33 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping, Protection, 6/30/2016 7:33 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped, Protection, 6/30/2016 7:41 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success, Protection, 6/30/2016 7:41 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, Protection, 6/30/2016 7:41 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, Scan, 6/30/2016 7:44 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Start:6/30/2016 7:21 AM, Duration:22 min 31 sec, Custom Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, Update, 6/30/2016 8:41 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, IP Database, 2016.6.29.2, 2016.6.30.1, Update, 6/30/2016 8:41 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Domain Database, 2016.6.30.1, 2016.6.30.2, Update, 6/30/2016 8:41 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Malware Database, 2016.6.30.6, 2016.6.30.7, Protection, 6/30/2016 8:41 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting, Protection, 6/30/2016 8:41 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping, Protection, 6/30/2016 8:41 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped, Protection, 6/30/2016 8:57 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success, Protection, 6/30/2016 8:57 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, Protection, 6/30/2016 8:57 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, Scan, 6/30/2016 9:08 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Start:6/30/2016 7:44 AM, Duration:1 hr 24 min 17 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, Update, 6/30/2016 9:32 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, IP Database, 2016.6.30.1, 2016.6.30.2, Update, 6/30/2016 9:32 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Domain Database, 2016.6.30.2, 2016.6.30.3, Protection, 6/30/2016 9:32 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting, Protection, 6/30/2016 9:32 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping, Protection, 6/30/2016 9:32 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped, Protection, 6/30/2016 9:32 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success, Protection, 6/30/2016 9:32 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, Protection, 6/30/2016 9:32 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, Update, 6/30/2016 10:14 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Malware Database, 2016.6.30.7, 2016.6.30.8, Protection, 6/30/2016 10:14 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting, Protection, 6/30/2016 10:14 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping, Protection, 6/30/2016 10:14 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped, Protection, 6/30/2016 10:19 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success, Protection, 6/30/2016 10:19 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, Protection, 6/30/2016 10:19 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, Update, 6/30/2016 10:37 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Domain Database, 2016.6.30.3, 2016.6.30.4, Protection, 6/30/2016 10:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting, Protection, 6/30/2016 10:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping, Protection, 6/30/2016 10:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped, Protection, 6/30/2016 10:38 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success, Protection, 6/30/2016 10:38 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, Protection, 6/30/2016 10:39 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, Update, 6/30/2016 11:27 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Domain Database, 2016.6.30.4, 2016.6.30.6, Protection, 6/30/2016 11:27 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting, Protection, 6/30/2016 11:27 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping, Protection, 6/30/2016 11:27 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped, Update, 6/30/2016 11:31 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Malware Database, 2016.6.30.8, 2016.6.30.9, Protection, 6/30/2016 11:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success, Protection, 6/30/2016 11:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, Protection, 6/30/2016 11:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting, Protection, 6/30/2016 11:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, Protection, 6/30/2016 11:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping, Protection, 6/30/2016 11:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped, Protection, 6/30/2016 11:38 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success, Protection, 6/30/2016 11:38 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, Protection, 6/30/2016 11:38 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, Scan, 6/30/2016 11:46 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Start:6/30/2016 10:14 AM, Duration:1 hr 31 min 34 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, Protection, 6/30/2016 12:28 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malware Protection, Starting, Protection, 6/30/2016 12:28 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malware Protection, Started, Protection, 6/30/2016 12:28 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, Protection, 6/30/2016 12:28 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, Update, 6/30/2016 12:39 PM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Domain Database, 2016.6.30.6, 2016.6.30.7, Protection, 6/30/2016 12:39 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting, Protection, 6/30/2016 12:39 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping, Protection, 6/30/2016 12:39 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped, Protection, 6/30/2016 12:39 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success, Protection, 6/30/2016 12:39 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, Protection, 6/30/2016 12:39 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, Protection, 6/30/2016 12:58 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malware Protection, Starting, Protection, 6/30/2016 12:58 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malware Protection, Started, Protection, 6/30/2016 12:58 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, Protection, 6/30/2016 12:58 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, Update, 6/30/2016 1:36 PM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Malware Database, 2016.6.30.9, 2016.6.30.10, Protection, 6/30/2016 1:36 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting, Protection, 6/30/2016 1:36 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping, Protection, 6/30/2016 1:36 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped, Protection, 6/30/2016 1:41 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success, Protection, 6/30/2016 1:41 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, Protection, 6/30/2016 1:41 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, Scan, 6/30/2016 1:47 PM, SYSTEM, WINDOWS-8JNJDSM, Manual, Start:6/30/2016 1:05 PM, Duration:41 min 45 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, Protection, 6/30/2016 2:24 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malware Protection, Starting, Protection, 6/30/2016 2:24 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malware Protection, Started, Protection, 6/30/2016 2:24 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, Protection, 6/30/2016 2:24 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, Update, 6/30/2016 4:35 PM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Domain Database, 2016.6.30.7, 2016.6.30.8, Update, 6/30/2016 4:35 PM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Malware Database, 2016.6.30.10, 2016.6.30.11, Protection, 6/30/2016 4:35 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting, Protection, 6/30/2016 4:35 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping, Protection, 6/30/2016 4:35 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped, Protection, 6/30/2016 4:41 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success, Protection, 6/30/2016 4:41 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, Protection, 6/30/2016 4:41 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, (end) And here is the AdwCleaner(C*)-Notepad log # AdwCleaner v5.200 - Logfile created 30/06/2016 at 14:22:07 # Updated 14/06/2016 by ToolsLib # Database : 2016-06-30.2 [Server] # Operating system : Windows 8.1 (X64) # Username : Alex - WINDOWS-8JNJDSM # Running from : C:\Users\Alex\Desktop\AdwCleaner.exe # Option : Clean # Support : https://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder Deleted : C:\Users\Alex\AppData\Local\jZip ***** [ Files ] ***** [-] File Deleted : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\bald2n12.default\searchplugins\Search Provided by Bing.xml ***** [ DLLs ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** [-] Value Deleted : HKLM\SOFTWARE\RegisteredApplications [jZip] [-] Key Deleted : HKCU\Software\jZip ***** [ Web browsers ] ***** [-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bahkljhhdeciiaodlkppoonappfnheoi [-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxps://search.yahoo.com/?type=903578&fr=spigot-yhp-ch ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [1305 bytes] - [30/06/2016 14:22:07] C:\AdwCleaner\AdwCleaner[S1].txt - [1409 bytes] - [30/06/2016 14:13:18] ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1451 bytes] ########## Some time before you posted your instructions I used task manager to close the pop up because at that point it became impossible to type up responses. After the multiple reboots I have yet to see it reapear Fixlog.txt AdwCleaner[C1].txt

I think those are the complete files

Addition.txt

FRST.txt

Done. the farbar tool was acting strangely so I restarted it. It would open the txt files and start the process over again. I will post again when it completes.

The Farbar program seems to still be running even after it opened the txt file. So my guess is that it won't truly be complete until the process is over? I'll wait until that finishes and then I'll repost it. How do I locate and stop the illegal hack from running? I don't know what it is.

Here is a picture

I have an very annoying window popping up on my computer asking me to update yahoo and install chromium. I ran malware byte but the scan results show nothing. using task manager I found the program running from a folder called syswow64 purchased the full version of malware byte and did a custom scan on that specific location and still nothing was found. I followed the I'm infected guide on this forum and made the post you see now. Please help as soon as possible the window won't stop appearing over everything i do and it makes it extremely difficult to do anything (it's popping up as i type this message out). Addition.txt FRST.txt