Advice: Windows 10 malware/adware not found by tools

TL;DR: What do you do when you've still got funny behavior and suspect files when Malwarebytes and Windows Defender run but report no issues?

What does one do when Google isn't getting you what you need? Ask GRM...

I have nieces, and they have laptops, and I have tech support. There is a certain amount of head-scratching going on in terms of how to really educate eighth graders on what constitutes reasonable computer hygiene and skepticism about resources, but that's a larger battle...

In the meantime, one of them has picked up some sort of adware/malware which does a lot of redirection and tab-opening kind of stuff. Also, I'm learning as I go here; GRM has been my source for recently updating my own stuff to use Microsoft's own firewall and antivirus in combination with basic Malwarebytes.

Malwarebytes certainly found and quarantined some stuff on the girls' computers, but neither it, nor Microsoft's malicious software removal tool has identified everything. The scans run, but we still have a "Bing Search" application in "add/remove", which is clearly nothing to do with the actual Bing; it's publisher is "Unavailable". I haven't been able to locate anything in Program Files or the x86 Program Files. I haven't identified a related service (which presumably wouldn't name itself something as obvious), and the only related stuff I've found are an uninst.exe and Sqlite3.dll in a GUID-named directory in AppData/Local which relate to the registry entry resulting in its listing in Add/remove programs. It doesn't show up in the start menu.

Of course, it could be that Malwarebytes already quarantined the rest of this thing, and I just need to remove its registry entry to get it out of the add/remove menu and delete the related files in AppData, and that any remaining funny behavior is actually something else which is also not being detected...

At what point do you just do a total reinstallation?

I haven't been anything approaching an expert since I was doing antivirus tech support for Windows 98, and, well, I'm not sure I was really an expert then, but at least I was more familiar with what was going on.

you could try one of those online scanners maybe, like Trend Micro Housecall if they still have it ?  you go to their website, run some little package and it scans your computer over the web.  Not sure if it's better or worse than anything else, but a possible option.

Download Rkill into another computer and put it on a USB stick. Then copy it into the computer in question, and set it to run at boot. 

It won't fix everything, but it's a script that freezes most active malware so Windows defender and malwarebytes can actually remove it.

I've not tested it on Windows 10 yet, but I've been using it with every other flavor of Windows since XP and it's always helped. 

One other thing to check would be the browsers' homepages and search providers. If they're set to some skeezy adware service, that's where popups and redirects could come from, and that wouldn't show up as malware (although some malware scanning tools check those for known-bad values).

In reply to GameboyRMH :

Indeed; had to clear out some stuff in a previous go-round, and this one had another adware extension added since last time (which I didn't even think to go back and check, since this was a continuation of a cursory attempt a little while back). I wonder whether that's actually it; I haven't gotten any more odd redirects, and it got rid of a bunch of inserted add results on google search results...

I did try the Trend Micro thing, and it found nothing, either. I have not tried Rkill, as I'm still working up to faith in bleepingcomputer... My impression is that that sort of thing helps with problems of being unable to remove more than unable to locate/identify?

Rkill is more of a specialized rootkit remover, it can identify and remove malware on its own.

Way back when I was still using Windows, I often relied on a program called HiJackThis.  It was very good at identifying browser hijacks like those you describe.  Officially an inactive project, but still obtainable, and probably still better at what it does than most of the stuff out there.  Not for those who don't qualify as computer geeks, though.

https://sourceforge.net/projects/hjt/

The suspect behavior seems to have been undone by removing the newly added Chrome extension.

Facepalm to me for not thinking that a 13-year-old might manage to acquire a new version of the same problem given a week to use the computer... My sister says they're showing signs of getting the point about critical thinking about where stuff comes from and the amount of attention needed when something asks for permission. They've also recently gotten on board with Steam and Origin for getting games, so hopefully not too much of a battle to get them to stay away from gamesgamesgames dot com or whatever utterly iffy sites they'd been visiting.

Thanks for the other tips, everyone. I have no specific reason to think there's a rootkit involved, but I'm happy to have that in my back pocket for future use.