Can't get rid of this virus...

[Centuri89]

I've been running scans for hours and every scan returns results and proceeds to "remove" the threats. Yet every scan I perform returns results. To make matters worse my computer keeps randomly playing the Windows error sound and login sound for no reason. This sound familiar to anyone? For the record I'm using Malware Bytes and Super Antispyware to scan.

 

[HEXiT]

your using antimalware to kill a virus. try using an antivirus.
kaspersky do a free trial that will sort you.
if you cant get that then try http://www.emsisoft.com/en/software/eek/?scan=1

 

[Centuri89]

Will do. I'll report back once I give Kaspersky a go. Thanks in advance!

 

[Dark Lord of Tech]

Try Hitman Pro.
http://www.surfright.nl/en/hitmanpro

 

[Centuri89]

Well kaspersky hasn't done anything....will try hitman pro though

 

[Rabmac]

You should be running these scans in safe mode. I would advise using TDSSKiller first to scan for bootkits and rootkits and remove any that it finds.

 

[aldan]

first we dont know if this is a malware,adware,or virus.download and run adwcleaner from bleeping computer.after scan select clean to get rid of what it finds.next download and run junkware removal tool from bleeping computer.it will automatically get rid of any infections it finds.third,download and run a scan with malwarebytes and select quarantine for anything it comes up with.post the logfiles from all three in your next post.also what antivirus do you use?you cant just throw programs at this until you know what you have.hopefully this will tell us what kind of malware you have.

 

[Centuri89]

first we dont know if this is a malware,adware,or virus.download and run adwcleaner from bleeping computer.after scan select clean to get rid of what it finds.next download and run junkware removal tool from bleeping computer.it will automatically get rid of any infections it finds.third,download and run a scan with malwarebytes and select quarantine for anything it comes up with.post the logfiles from all three in your next post.also what antivirus do you use?you cant just throw programs at this until you know what you have.hopefully this will tell us what kind of malware you have.

Ok...the last scan I ran took over an hour, so that's why it's taken me this long to respond. I'm gonna try what you say right now. Hopefully we'll be able to narrow it down.

 

[Centuri89]

# AdwCleaner v5.026 - Logfile created 29/12/2015 at 18:10:06
# Updated 21/12/2015 by Xplode
# Database : 2015-12-29.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Enzo - ENZO-PC
# Running from : C:\Users\Enzo\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****

[-] File Deleted : C:\ProgramData\MSchedExe_64.dll
[-] File Deleted : C:\Users\Enzo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_toolbar.avg.com_0.localstorage-journal
[-] File Deleted : C:\Users\Enzo\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.lyricsmode.com_0.localstorage
[-] File Deleted : C:\Users\Enzo\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.lyricsmode.com_0.localstorage-journal
[-] File Deleted : C:\Users\Enzo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_animeshow.tv_0.localstorage
[-] File Deleted : C:\Users\Enzo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_animeshow.tv_0.localstorage-journal
[-] File Deleted : C:\Users\Enzo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_bandicam.en.softonic.com_0.localstorage
[-] File Deleted : C:\Users\Enzo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_bandicam.en.softonic.com_0.localstorage-journal
[-] File Deleted : C:\Users\Enzo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_plarium.com_0.localstorage
[-] File Deleted : C:\Users\Enzo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_plarium.com_0.localstorage-journal
[-] File Deleted : C:\Users\Enzo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\Enzo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
[-] File Deleted : C:\Users\Enzo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
[-] File Deleted : C:\Users\Enzo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\Enzo\AppData\Roaming\Mozilla\Firefox\Profiles\dn0evhnd.default\user.js

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
[-] Key Deleted : HKCU\Software\OCS
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\autopcbackup.dl.tb.ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\smsfrombrowser.dl.tb.ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\televisionfanatic.dl.tb.ask.com

***** [ Web browsers ] *****

[-] [C:\Users\Enzo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=M214AE99F-57C5-4A23-8030-F5345952D10A&SearchSource=58&CUI=&UM=5&UP=SPF24BCE2C-A4A0-4B27-8105-198830B0C30B&q={searchTerms}&SSPV=
[-] [C:\Users\Enzo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Users\Enzo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : flpcjncodpafbgdpnkljologafpionhb
[-] [C:\Users\Enzo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ndibdjnfmopecpmkdieinmbadjfpblof

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5938 bytes] ##########

So that's the report from adwcleaner

 

[Centuri89]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Home Premium x64
Ran by Enzo (Administrator) on Tue 12/29/2015 at 18:19:11.88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 11

Successfully deleted: C:\ProgramData\free youtube downloader (Folder)
Successfully deleted: C:\Users\Enzo\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\Enzo\AppData\Local\free youtube downloader (Folder)
Successfully deleted: C:\Users\Enzo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal (File)
Successfully deleted: C:\Users\Enzo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage (File)
Successfully deleted: C:\Users\Enzo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal (File)
Successfully deleted: C:\Users\Enzo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage (File)
Successfully deleted: C:\Users\Enzo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_toolbar.avg.com_0.localstorage (File)
Successfully deleted: C:\Users\Enzo\AppData\Roaming\new version available (Folder)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Program Files (x86)\free youtube downloader (Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 12/29/2015 at 18:25:06.57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
That's Junkware removal tool

 

[Centuri89]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/29/2015
Scan Time: 6:27 PM
Logfile: malware bytes results.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.12.29.07
Rootkit Database: v2015.12.26.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Enzo

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 390354
Time Elapsed: 23 min, 54 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


finally malwarebytes.....let me know if you guys see anything

 

[aldan]

adwware removed a couple.conduit is a particular pain in the ass.how is your computer running now?

 

[Centuri89]

The computer runs fine but I'm still getting these noises. Last night though it seemed to stop until just a few minutes ago. It's completely random.

 

[Rabmac]

If you think you have got rid of all the malware you should run Windows Repair tool in safe mode: http://www.tweaking.com/content/page/windows_repair_all_in_one.html

 

[Centuri89]

If you think you have got rid of all the malware you should run Windows Repair tool in safe mode: http://www.tweaking.com/content/page/windows_repair_all_in_one.html

Will do, hopefully this fixes the problem. I use this computer for my work and I'm going out of my mind

 

[aldan]

what os are you running?