sherrieesta

ok i will check. thats it Aura, we are done. thank you again for all your help. I am a happy camper ?

I don't know. how do i check on the license?

I have windows defender and it obviously doesn't work well. If i download Avast will it clash? I use it on my desktop and have had no problems. Also, I have the malwarebytes prem on my tablet (which is.what we have been working on). Can i update it on my desktop or will i have to purchase another license?

# DelFix v1.013 - Logfile created 03/07/2017 at 10:25:00 # Updated 17/04/2016 by Xplode # Username : Sherrie - DESKTOP-HR46GJN # Operating System : Windows 10 Home (64 bits) ~ Activating UAC ... OK ~ Removing disinfection tools ... Deleted : C:\FRST Deleted : C:\Users\Sherrie\Downloads\FRST-OlderVersion Deleted : C:\Users\Sherrie\Downloads\Addition.txt Deleted : C:\Users\Sherrie\Downloads\Fixlog.txt Deleted : C:\Users\Sherrie\Downloads\FRST orig.zip Deleted : C:\Users\Sherrie\Downloads\FRST.txt Deleted : C:\Users\Sherrie\Downloads\FRST64(1).exe Deleted : C:\Users\Sherrie\Downloads\FRST64.exe ~ Creating registry backup ... OK ~ Cleaning system restore ... New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ##########

done. correct file received by shadowwar. thank you again for all your help Aura and your quick responses. my tablet is still clean so I think it is safe to say we can close this thread now. Again, thank you Sherrie

yes to the file if i still have it. missed your name shadowwar and i sent it to Aura. will send ot to you now

Thank you Aura! I have been fighting this junk for 6 months so I wanted to be sure it was gone and stayed gone so I spent all day an night on the web to make sure. No more outbound popups, no more powershell windows popping up and all my scans have been clean. Thank you so much for helping me and without a reinstall! One question: I purchased malwarebytes premium to stop this and clean it up so why didn't it catch all of this and fix it?

haven't seen any since the time i posted about above..

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-06-2017 Ran by Sherrie (29-06-2017 20:02:56) Run:5 Running from C:\Users\Sherrie\Downloads Loaded Profiles: Sherrie (Available Profiles: Sherrie) Boot Mode: Normal ============================================== fixlist content: ***************** C:\ProgramData\{533CDC9F-E497-6B34-9F92-798BE0FD309A} CMD: dir C:\ProgramData /a ***************** C:\ProgramData\{533CDC9F-E497-6B34-9F92-798BE0FD309A} => moved successfully ========= dir C:\ProgramData /a ========= Volume in drive C is Windows Volume Serial Number is 36F8-D7F5 Directory of C:\ProgramData 06/29/2017 08:02 PM <DIR> . 06/29/2017 08:02 PM <DIR> .. 05/20/2016 01:26 AM <DIR> Adobe 04/19/2016 09:21 PM <DIR> Apple 04/19/2016 09:21 PM <DIR> Apple Computer 05/29/2017 08:14 AM <JUNCTION> Application Data [C:\ProgramData] 09/17/2015 12:29 PM <DIR> Broadcom 04/19/2016 08:36 PM <DIR> CanonBJ 07/16/2016 04:47 AM <DIR> Comms 05/09/2016 10:50 AM <DIR> COMODO 02/22/2017 02:30 PM <DIR> Conexant 05/29/2017 08:14 AM <JUNCTION> Desktop [C:\Users\Public\Desktop] 05/29/2017 08:14 AM <JUNCTION> Documents [C:\Users\Public\Documents] 05/29/2017 07:51 AM 0 DP45977C.lfl 05/14/2017 06:53 PM <DIR> Malwarebytes 06/03/2017 10:06 AM <DIR> Microsoft 05/29/2017 08:24 AM <DIR> Microsoft OneDrive 09/17/2015 12:38 PM <DIR> Package Cache 06/16/2017 08:59 PM <DIR> regid.1991-06.com.microsoft 03/18/2017 02:03 PM <DIR> SoftwareDistribution 05/29/2017 08:14 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 05/29/2017 08:14 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates] 05/29/2017 08:00 AM <DIR> USOPrivate 05/29/2017 08:00 AM <DIR> USOShared 03/18/2017 07:31 PM <DIR> WindowsHolographicDevices 1 File(s) 0 bytes 24 Dir(s) 95,864,991,744 bytes free ========= End of CMD: ========= ==== End of Fixlog 20:02:57 ====

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-06-2017 Ran by Sherrie (29-06-2017 19:56:16) Run:4 Running from C:\Users\Sherrie\Downloads Loaded Profiles: Sherrie (Available Profiles: Sherrie) Boot Mode: Normal ============================================== fixlist content: ***************** C:\ProgramData\{0BFC5DA8-BC57-EA03-CFF8-AD1193605861} C:\ProgramData\{192BCC27-AE80-7B8C-307C-1570674DBCB7} C:\ProgramData\{1B2D53F8-AC86-E453-241C-32B9A92E7EDC} C:\ProgramData\{1EC177A1-A96A-C00A-CED4-4DC691B1FDD0} C:\ProgramData\{533CDC9F-E497-6B34-9F92-798BE0FD309A}] C:\ProgramData\{970CAD99-20A7-1A32-ACDF-175C4EBE27A1} C:\ProgramData\{99DCD5DE-2E77-6275-7EFE-D76191B60421} C:\ProgramData\{B05A259F-07F1-9234-38F2-3222FF43A6A9} C:\ProgramData\{C941E451-7EEA-53FA-2010-13583537D0D3} C:\ProgramData\{D06C3411-67C7-83BA-F1ED-2B0E3987EE25} C:\ProgramData\{E922DC07-5E89-6BAC-E245-669DA75A9D65} CMD: dir C:\ProgramData /a ***************** C:\ProgramData\{0BFC5DA8-BC57-EA03-CFF8-AD1193605861} => moved successfully C:\ProgramData\{192BCC27-AE80-7B8C-307C-1570674DBCB7} => moved successfully C:\ProgramData\{1B2D53F8-AC86-E453-241C-32B9A92E7EDC} => moved successfully C:\ProgramData\{1EC177A1-A96A-C00A-CED4-4DC691B1FDD0} => moved successfully "C:\ProgramData\{533CDC9F-E497-6B34-9F92-798BE0FD309A}]" => not found. C:\ProgramData\{970CAD99-20A7-1A32-ACDF-175C4EBE27A1} => moved successfully C:\ProgramData\{99DCD5DE-2E77-6275-7EFE-D76191B60421} => moved successfully C:\ProgramData\{B05A259F-07F1-9234-38F2-3222FF43A6A9} => moved successfully C:\ProgramData\{C941E451-7EEA-53FA-2010-13583537D0D3} => moved successfully C:\ProgramData\{D06C3411-67C7-83BA-F1ED-2B0E3987EE25} => moved successfully C:\ProgramData\{E922DC07-5E89-6BAC-E245-669DA75A9D65} => moved successfully ========= dir C:\ProgramData /a ========= Volume in drive C is Windows Volume Serial Number is 36F8-D7F5 Directory of C:\ProgramData 06/29/2017 07:56 PM <DIR> . 06/29/2017 07:56 PM <DIR> .. 05/20/2016 01:26 AM <DIR> Adobe 04/19/2016 09:21 PM <DIR> Apple 04/19/2016 09:21 PM <DIR> Apple Computer 05/29/2017 08:14 AM <JUNCTION> Application Data [C:\ProgramData] 09/17/2015 12:29 PM <DIR> Broadcom 04/19/2016 08:36 PM <DIR> CanonBJ 07/16/2016 04:47 AM <DIR> Comms 05/09/2016 10:50 AM <DIR> COMODO 02/22/2017 02:30 PM <DIR> Conexant 05/29/2017 08:14 AM <JUNCTION> Desktop [C:\Users\Public\Desktop] 05/29/2017 08:14 AM <JUNCTION> Documents [C:\Users\Public\Documents] 05/29/2017 07:51 AM 0 DP45977C.lfl 05/14/2017 06:53 PM <DIR> Malwarebytes 06/03/2017 10:06 AM <DIR> Microsoft 05/29/2017 08:24 AM <DIR> Microsoft OneDrive 09/17/2015 12:38 PM <DIR> Package Cache 06/16/2017 08:59 PM <DIR> regid.1991-06.com.microsoft 03/18/2017 02:03 PM <DIR> SoftwareDistribution 05/29/2017 08:14 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 05/29/2017 08:14 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates] 05/29/2017 08:00 AM <DIR> USOPrivate 05/29/2017 08:00 AM <DIR> USOShared 03/18/2017 07:31 PM <DIR> WindowsHolographicDevices 02/28/2017 11:53 AM <DIR> {533CDC9F-E497-6B34-9F92-798BE0FD309A} 1 File(s) 0 bytes 25 Dir(s) 95,879,921,664 bytes free ========= End of CMD: ========= ==== End of Fixlog 19:56:17 ====

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-06-2017 Ran by Sherrie (29-06-2017 19:47:24) Run:3 Running from C:\Users\Sherrie\Downloads Loaded Profiles: Sherrie (Available Profiles: Sherrie) Boot Mode: Normal ============================================== fixlist content: ***************** Task: {92CE84F7-0253-4DF7-8233-BEF936AA3852} - \{7D7E7F47-0C78-0409-7911-0A7805081178} -> No File <==== ATTENTION CMD: dir C:\ProgramData /a ***************** HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92CE84F7-0253-4DF7-8233-BEF936AA3852} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92CE84F7-0253-4DF7-8233-BEF936AA3852} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7D7E7F47-0C78-0409-7911-0A7805081178} => key removed successfully ========= dir C:\ProgramData /a ========= Volume in drive C is Windows Volume Serial Number is 36F8-D7F5 Directory of C:\ProgramData 06/29/2017 05:34 PM <DIR> . 06/29/2017 05:34 PM <DIR> .. 05/20/2016 01:26 AM <DIR> Adobe 04/19/2016 09:21 PM <DIR> Apple 04/19/2016 09:21 PM <DIR> Apple Computer 05/29/2017 08:14 AM <JUNCTION> Application Data [C:\ProgramData] 09/17/2015 12:29 PM <DIR> Broadcom 04/19/2016 08:36 PM <DIR> CanonBJ 07/16/2016 04:47 AM <DIR> Comms 05/09/2016 10:50 AM <DIR> COMODO 02/22/2017 02:30 PM <DIR> Conexant 05/29/2017 08:14 AM <JUNCTION> Desktop [C:\Users\Public\Desktop] 05/29/2017 08:14 AM <JUNCTION> Documents [C:\Users\Public\Documents] 05/29/2017 07:51 AM 0 DP45977C.lfl 05/14/2017 06:53 PM <DIR> Malwarebytes 06/03/2017 10:06 AM <DIR> Microsoft 05/29/2017 08:24 AM <DIR> Microsoft OneDrive 09/17/2015 12:38 PM <DIR> Package Cache 06/16/2017 08:59 PM <DIR> regid.1991-06.com.microsoft 03/18/2017 02:03 PM <DIR> SoftwareDistribution 05/29/2017 08:14 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 05/29/2017 08:14 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates] 05/29/2017 08:00 AM <DIR> USOPrivate 05/29/2017 08:00 AM <DIR> USOShared 03/18/2017 07:31 PM <DIR> WindowsHolographicDevices 01/20/2017 04:21 PM <DIR> {0BFC5DA8-BC57-EA03-CFF8-AD1193605861} 01/22/2017 06:26 PM <DIR> {192BCC27-AE80-7B8C-307C-1570674DBCB7} 02/27/2017 01:02 PM <DIR> {1B2D53F8-AC86-E453-241C-32B9A92E7EDC} 01/20/2017 04:21 PM <DIR> {1EC177A1-A96A-C00A-CED4-4DC691B1FDD0} 02/28/2017 11:53 AM <DIR> {533CDC9F-E497-6B34-9F92-798BE0FD309A} 01/22/2017 06:26 PM <DIR> {970CAD99-20A7-1A32-ACDF-175C4EBE27A1} 02/27/2017 11:53 AM <DIR> {99DCD5DE-2E77-6275-7EFE-D76191B60421} 01/22/2017 06:26 PM <DIR> {B05A259F-07F1-9234-38F2-3222FF43A6A9} 03/01/2017 08:06 PM <DIR> {C941E451-7EEA-53FA-2010-13583537D0D3} 01/25/2017 12:38 PM <DIR> {D06C3411-67C7-83BA-F1ED-2B0E3987EE25} 02/28/2017 06:15 PM <DIR> {E922DC07-5E89-6BAC-E245-669DA75A9D65} 1 File(s) 0 bytes 35 Dir(s) 95,865,946,112 bytes free ========= End of CMD: ========= ==== End of Fixlog 19:47:25 ====

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-06-2017 Ran by Sherrie (29-06-2017 19:40:21) Run:2 Running from C:\Users\Sherrie\Downloads Loaded Profiles: Sherrie (Available Profiles: Sherrie) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: Task: {0250BE48-7EBD-4D05-BF1B-576B6EACC218} - System32\Tasks\{062F6779-B184-D0D2-7761-07E8AAC26DE8} => C:\ProgramData\{7B07B554-CCAC-02FF-1803-B66C71B518CD}\4849CA4D-FFE2-7DE6-864B-E4A6892A7278.exe <==== ATTENTION Task: {04686B27-3611-4EF3-816B-7CEB9FC989E5} - System32\Tasks\{7AA5A9C1-CD0E-1E6A-54D4-047E765121AB} => C:\ProgramData\{BE49568F-09E2-E124-A706-D608C658C75E}\0EA74E16-B90C-F9BD-F140-DE7ED4183BCA.exe <==== ATTENTION Task: {04E5A362-FFAB-46CA-A884-827BD9BD0090} - System32\Tasks\{77ADB943-C006-0EE8-AAC5-EED036E6083B} => C:\ProgramData\{08933ABF-BF38-8D14-CA19-B419E560D30B}\FFD9B635-4872-019E-EDD8-B43C1F6B875D.exe <==== ATTENTION Task: {10D60334-CBB7-4B8A-AF8D-354E7DCA8B35} - System32\Tasks\{F36FDF9E-44C4-6835-B209-90749048A487} => C:\ProgramData\{11A9B4DB-A602-0370-2F87-C3BEF4007F9D}\5FCFEB31-E864-5C9A-B19B-7591B2A39974.exe <==== ATTENTION Task: {330E8310-BD95-4050-BD21-A914CB093389} - System32\Tasks\{E6847500-512F-C2AB-0350-FBDCDB5408F0} => C:\ProgramData\{F57A650C-42D1-D2A7-D940-37F69CEF9A27}\AB26610F-1C8D-D6A4-9391-E91E2FB55668.exe <==== ATTENTION Task: {47F8F095-FA06-476E-AB07-F5C7B0970CA1} - System32\Tasks\{FA674B4E-4DCC-FCE5-220B-49025B13A701} => C:\ProgramData\{34EB51CB-8340-E660-BC67-2CB1D5B94657}\413A6866-F691-DFCD-F964-3D8C330F6D9C.exe <==== ATTENTION Task: {4D8B71FD-78C5-4AF0-9134-BA93B17A2529} - System32\Tasks\{CA0A7DC8-7DA1-CA63-2217-FE0E1FCA81D7} => C:\ProgramData\{1B443140-ACEF-86EB-2B61-171965A1AFD4}\DE332718-6998-90B3-90F4-E06D18386487.exe <==== ATTENTION Task: {60A9DBFA-3726-41CA-BCBF-72AF99B8658C} - System32\Tasks\{8E31A96A-0F20-79F9-204A-DF5716ED5960} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\607e3951\52816ca6.dll" <==== ATTENTION Task: {775B05E3-4E84-4E89-9E3C-39615154158A} - System32\Tasks\{2D6EC779-9AC5-70D2-C4D7-8DC83DA4B5B5} => C:\ProgramData\{7CEAC050-CB41-77FB-5642-EB3E0D7175FC}\328B4525-8520-F28E-7EB5-C44C779FD0BD.exe <==== ATTENTION Task: {B99AE31B-DC65-4DA0-98AA-58F1CE66DB89} - System32\Tasks\{58ACE1F0-EF07-565B-553F-2D383704BBBC} => C:\ProgramData\{48EA367A-FF41-81D1-E6F5-5A25766C4EDB}\9196B11D-263D-06B6-21AE-F694E515305A.exe <==== ATTENTION Task: {C9B191C1-0DAA-4AF8-B73E-C32B40C0B13E} - System32\Tasks\{13024733-A4A9-F098-DEFB-112B10E97792} => C:\ProgramData\{D8E63A2F-6F4D-8D84-E801-D02D92810E66}\67114148-D0BA-F6E3-D018-09A6B69131BD.exe <==== ATTENTION Task: {CBA1DDF5-E094-433C-8F32-6A6D57007E7A} - System32\Tasks\{B9BC284C-0E17-9FE7-8552-AC6E2F0F4A30} => C:\ProgramData\{DA25AD6A-6D8E-1AC1-78BA-CC962BCC69BD}\2879137F-9FD2-A4D4-0830-86FA5CA31D9D.exe <==== ATTENTION Task: {CC8E8A41-AADB-4074-8E02-9C59A123F8A5} - System32\Tasks\{DBA8DC9F-6C03-6B34-EB7F-57205AD2D52F} => C:\ProgramData\{AD3C30A4-1A97-870F-9612-8072973E7738}\0D94BE24-BA3F-098F-825B-47AA713C6DAB.exe <==== ATTENTION Task: {E05EDA89-740E-4DED-BE00-E780EB4E8BB6} - System32\Tasks\{9BDDC726-2C76-708D-9A17-5565ABA1BABF} => C:\ProgramData\{0AA5A07B-BD0E-17D0-CADD-ED49AAE09517}\4B9F965D-FC34-21F6-CC96-2489F49BE5C7.exe <==== ATTENTION C:\PROGRA~3\607e3951 C:\ProgramData\{7B07B554-CCAC-02FF-1803-B66C71B518CD} C:\ProgramData\{BE49568F-09E2-E124-A706-D608C658C75E} C:\ProgramData\{08933ABF-BF38-8D14-CA19-B419E560D30B} C:\ProgramData\{11A9B4DB-A602-0370-2F87-C3BEF4007F9D} C:\ProgramData\{F57A650C-42D1-D2A7-D940-37F69CEF9A27} C:\ProgramData\{34EB51CB-8340-E660-BC67-2CB1D5B94657} C:\ProgramData\{1B443140-ACEF-86EB-2B61-171965A1AFD4} C:\ProgramData\{7CEAC050-CB41-77FB-5642-EB3E0D7175FC} C:\ProgramData\{48EA367A-FF41-81D1-E6F5-5A25766C4EDB} C:\ProgramData\{D8E63A2F-6F4D-8D84-E801-D02D92810E66} C:\ProgramData\{DA25AD6A-6D8E-1AC1-78BA-CC962BCC69BD} C:\ProgramData\{AD3C30A4-1A97-870F-9612-8072973E7738} C:\ProgramData\{0AA5A07B-BD0E-17D0-CADD-ED49AAE09517} EmptyTemp: ***************** Processes closed successfully. Error: (0) Failed to create a restore point. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0250BE48-7EBD-4D05-BF1B-576B6EACC218} => key not found. C:\WINDOWS\System32\Tasks\{062F6779-B184-D0D2-7761-07E8AAC26DE8} => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{062F6779-B184-D0D2-7761-07E8AAC26DE8} => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04686B27-3611-4EF3-816B-7CEB9FC989E5} => key not found. C:\WINDOWS\System32\Tasks\{7AA5A9C1-CD0E-1E6A-54D4-047E765121AB} => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7AA5A9C1-CD0E-1E6A-54D4-047E765121AB} => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04E5A362-FFAB-46CA-A884-827BD9BD0090} => key not found. C:\WINDOWS\System32\Tasks\{77ADB943-C006-0EE8-AAC5-EED036E6083B} => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{77ADB943-C006-0EE8-AAC5-EED036E6083B} => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10D60334-CBB7-4B8A-AF8D-354E7DCA8B35} => key not found. C:\WINDOWS\System32\Tasks\{F36FDF9E-44C4-6835-B209-90749048A487} => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F36FDF9E-44C4-6835-B209-90749048A487} => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{330E8310-BD95-4050-BD21-A914CB093389} => key not found. C:\WINDOWS\System32\Tasks\{E6847500-512F-C2AB-0350-FBDCDB5408F0} => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E6847500-512F-C2AB-0350-FBDCDB5408F0} => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47F8F095-FA06-476E-AB07-F5C7B0970CA1} => key not found. C:\WINDOWS\System32\Tasks\{FA674B4E-4DCC-FCE5-220B-49025B13A701} => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FA674B4E-4DCC-FCE5-220B-49025B13A701} => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D8B71FD-78C5-4AF0-9134-BA93B17A2529} => key not found. C:\WINDOWS\System32\Tasks\{CA0A7DC8-7DA1-CA63-2217-FE0E1FCA81D7} => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CA0A7DC8-7DA1-CA63-2217-FE0E1FCA81D7} => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60A9DBFA-3726-41CA-BCBF-72AF99B8658C} => key not found. C:\WINDOWS\System32\Tasks\{8E31A96A-0F20-79F9-204A-DF5716ED5960} => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8E31A96A-0F20-79F9-204A-DF5716ED5960} => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{775B05E3-4E84-4E89-9E3C-39615154158A} => key not found. C:\WINDOWS\System32\Tasks\{2D6EC779-9AC5-70D2-C4D7-8DC83DA4B5B5} => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2D6EC779-9AC5-70D2-C4D7-8DC83DA4B5B5} => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B99AE31B-DC65-4DA0-98AA-58F1CE66DB89} => key not found. C:\WINDOWS\System32\Tasks\{58ACE1F0-EF07-565B-553F-2D383704BBBC} => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{58ACE1F0-EF07-565B-553F-2D383704BBBC} => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9B191C1-0DAA-4AF8-B73E-C32B40C0B13E} => key not found. C:\WINDOWS\System32\Tasks\{13024733-A4A9-F098-DEFB-112B10E97792} => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{13024733-A4A9-F098-DEFB-112B10E97792} => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBA1DDF5-E094-433C-8F32-6A6D57007E7A} => key not found. C:\WINDOWS\System32\Tasks\{B9BC284C-0E17-9FE7-8552-AC6E2F0F4A30} => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B9BC284C-0E17-9FE7-8552-AC6E2F0F4A30} => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC8E8A41-AADB-4074-8E02-9C59A123F8A5} => key not found. C:\WINDOWS\System32\Tasks\{DBA8DC9F-6C03-6B34-EB7F-57205AD2D52F} => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DBA8DC9F-6C03-6B34-EB7F-57205AD2D52F} => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E05EDA89-740E-4DED-BE00-E780EB4E8BB6} => key not found. C:\WINDOWS\System32\Tasks\{9BDDC726-2C76-708D-9A17-5565ABA1BABF} => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9BDDC726-2C76-708D-9A17-5565ABA1BABF} => key not found. "C:\PROGRA~3\607e3951" => not found. "C:\ProgramData\{7B07B554-CCAC-02FF-1803-B66C71B518CD}" => not found. "C:\ProgramData\{BE49568F-09E2-E124-A706-D608C658C75E}" => not found. "C:\ProgramData\{08933ABF-BF38-8D14-CA19-B419E560D30B}" => not found. "C:\ProgramData\{11A9B4DB-A602-0370-2F87-C3BEF4007F9D}" => not found. "C:\ProgramData\{F57A650C-42D1-D2A7-D940-37F69CEF9A27}" => not found. "C:\ProgramData\{34EB51CB-8340-E660-BC67-2CB1D5B94657}" => not found. "C:\ProgramData\{1B443140-ACEF-86EB-2B61-171965A1AFD4}" => not found. "C:\ProgramData\{7CEAC050-CB41-77FB-5642-EB3E0D7175FC}" => not found. "C:\ProgramData\{48EA367A-FF41-81D1-E6F5-5A25766C4EDB}" => not found. "C:\ProgramData\{D8E63A2F-6F4D-8D84-E801-D02D92810E66}" => not found. "C:\ProgramData\{DA25AD6A-6D8E-1AC1-78BA-CC962BCC69BD}" => not found. "C:\ProgramData\{AD3C30A4-1A97-870F-9612-8072973E7738}" => not found. "C:\ProgramData\{0AA5A07B-BD0E-17D0-CADD-ED49AAE09517}" => not found. =========== EmptyTemp: ========== BITS transfer queue => 6053888 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11640575 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 153308 B Edge => 23469732 B Chrome => 0 B Firefox => 18470014 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 128 B systemprofile32 => 0 B LocalService => 0 B NetworkService => 1060 B Sherrie => 219418 B RecycleBin => 0 B EmptyTemp: => 57.2 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 19:40:39 ====

Addition.txt FRST.txt

yes i am still getting them. started right after i posted the last file

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-06-2017 Ran by Sherrie (29-06-2017 17:34:00) Run:1 Running from C:\Users\Sherrie\Downloads Loaded Profiles: Sherrie (Available Profiles: Sherrie) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: Task: {0250BE48-7EBD-4D05-BF1B-576B6EACC218} - System32\Tasks\{062F6779-B184-D0D2-7761-07E8AAC26DE8} => C:\ProgramData\{7B07B554-CCAC-02FF-1803-B66C71B518CD}\4849CA4D-FFE2-7DE6-864B-E4A6892A7278.exe <==== ATTENTION Task: {04686B27-3611-4EF3-816B-7CEB9FC989E5} - System32\Tasks\{7AA5A9C1-CD0E-1E6A-54D4-047E765121AB} => C:\ProgramData\{BE49568F-09E2-E124-A706-D608C658C75E}\0EA74E16-B90C-F9BD-F140-DE7ED4183BCA.exe <==== ATTENTION Task: {04E5A362-FFAB-46CA-A884-827BD9BD0090} - System32\Tasks\{77ADB943-C006-0EE8-AAC5-EED036E6083B} => C:\ProgramData\{08933ABF-BF38-8D14-CA19-B419E560D30B}\FFD9B635-4872-019E-EDD8-B43C1F6B875D.exe <==== ATTENTION Task: {10D60334-CBB7-4B8A-AF8D-354E7DCA8B35} - System32\Tasks\{F36FDF9E-44C4-6835-B209-90749048A487} => C:\ProgramData\{11A9B4DB-A602-0370-2F87-C3BEF4007F9D}\5FCFEB31-E864-5C9A-B19B-7591B2A39974.exe <==== ATTENTION Task: {330E8310-BD95-4050-BD21-A914CB093389} - System32\Tasks\{E6847500-512F-C2AB-0350-FBDCDB5408F0} => C:\ProgramData\{F57A650C-42D1-D2A7-D940-37F69CEF9A27}\AB26610F-1C8D-D6A4-9391-E91E2FB55668.exe <==== ATTENTION Task: {47F8F095-FA06-476E-AB07-F5C7B0970CA1} - System32\Tasks\{FA674B4E-4DCC-FCE5-220B-49025B13A701} => C:\ProgramData\{34EB51CB-8340-E660-BC67-2CB1D5B94657}\413A6866-F691-DFCD-F964-3D8C330F6D9C.exe <==== ATTENTION Task: {4D8B71FD-78C5-4AF0-9134-BA93B17A2529} - System32\Tasks\{CA0A7DC8-7DA1-CA63-2217-FE0E1FCA81D7} => C:\ProgramData\{1B443140-ACEF-86EB-2B61-171965A1AFD4}\DE332718-6998-90B3-90F4-E06D18386487.exe <==== ATTENTION Task: {60A9DBFA-3726-41CA-BCBF-72AF99B8658C} - System32\Tasks\{8E31A96A-0F20-79F9-204A-DF5716ED5960} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\607e3951\52816ca6.dll" <==== ATTENTION Task: {775B05E3-4E84-4E89-9E3C-39615154158A} - System32\Tasks\{2D6EC779-9AC5-70D2-C4D7-8DC83DA4B5B5} => C:\ProgramData\{7CEAC050-CB41-77FB-5642-EB3E0D7175FC}\328B4525-8520-F28E-7EB5-C44C779FD0BD.exe <==== ATTENTION Task: {B99AE31B-DC65-4DA0-98AA-58F1CE66DB89} - System32\Tasks\{58ACE1F0-EF07-565B-553F-2D383704BBBC} => C:\ProgramData\{48EA367A-FF41-81D1-E6F5-5A25766C4EDB}\9196B11D-263D-06B6-21AE-F694E515305A.exe <==== ATTENTION Task: {C9B191C1-0DAA-4AF8-B73E-C32B40C0B13E} - System32\Tasks\{13024733-A4A9-F098-DEFB-112B10E97792} => C:\ProgramData\{D8E63A2F-6F4D-8D84-E801-D02D92810E66}\67114148-D0BA-F6E3-D018-09A6B69131BD.exe <==== ATTENTION Task: {CBA1DDF5-E094-433C-8F32-6A6D57007E7A} - System32\Tasks\{B9BC284C-0E17-9FE7-8552-AC6E2F0F4A30} => C:\ProgramData\{DA25AD6A-6D8E-1AC1-78BA-CC962BCC69BD}\2879137F-9FD2-A4D4-0830-86FA5CA31D9D.exe <==== ATTENTION Task: {CC8E8A41-AADB-4074-8E02-9C59A123F8A5} - System32\Tasks\{DBA8DC9F-6C03-6B34-EB7F-57205AD2D52F} => C:\ProgramData\{AD3C30A4-1A97-870F-9612-8072973E7738}\0D94BE24-BA3F-098F-825B-47AA713C6DAB.exe <==== ATTENTION Task: {E05EDA89-740E-4DED-BE00-E780EB4E8BB6} - System32\Tasks\{9BDDC726-2C76-708D-9A17-5565ABA1BABF} => C:\ProgramData\{0AA5A07B-BD0E-17D0-CADD-ED49AAE09517}\4B9F965D-FC34-21F6-CC96-2489F49BE5C7.exe <==== ATTENTION C:\PROGRA~3\607e3951 C:\ProgramData\{7B07B554-CCAC-02FF-1803-B66C71B518CD} C:\ProgramData\{BE49568F-09E2-E124-A706-D608C658C75E} C:\ProgramData\{08933ABF-BF38-8D14-CA19-B419E560D30B} C:\ProgramData\{11A9B4DB-A602-0370-2F87-C3BEF4007F9D} C:\ProgramData\{F57A650C-42D1-D2A7-D940-37F69CEF9A27} C:\ProgramData\{34EB51CB-8340-E660-BC67-2CB1D5B94657} C:\ProgramData\{1B443140-ACEF-86EB-2B61-171965A1AFD4} C:\ProgramData\{7CEAC050-CB41-77FB-5642-EB3E0D7175FC} C:\ProgramData\{48EA367A-FF41-81D1-E6F5-5A25766C4EDB} C:\ProgramData\{D8E63A2F-6F4D-8D84-E801-D02D92810E66} C:\ProgramData\{DA25AD6A-6D8E-1AC1-78BA-CC962BCC69BD} C:\ProgramData\{AD3C30A4-1A97-870F-9612-8072973E7738} C:\ProgramData\{0AA5A07B-BD0E-17D0-CADD-ED49AAE09517} EmptyTemp: ***************** Processes closed successfully. Error: (0) Failed to create a restore point. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0250BE48-7EBD-4D05-BF1B-576B6EACC218} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0250BE48-7EBD-4D05-BF1B-576B6EACC218} => key removed successfully C:\WINDOWS\System32\Tasks\{062F6779-B184-D0D2-7761-07E8AAC26DE8} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{062F6779-B184-D0D2-7761-07E8AAC26DE8} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04686B27-3611-4EF3-816B-7CEB9FC989E5} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04686B27-3611-4EF3-816B-7CEB9FC989E5} => key removed successfully C:\WINDOWS\System32\Tasks\{7AA5A9C1-CD0E-1E6A-54D4-047E765121AB} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7AA5A9C1-CD0E-1E6A-54D4-047E765121AB} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04E5A362-FFAB-46CA-A884-827BD9BD0090} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04E5A362-FFAB-46CA-A884-827BD9BD0090} => key removed successfully C:\WINDOWS\System32\Tasks\{77ADB943-C006-0EE8-AAC5-EED036E6083B} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{77ADB943-C006-0EE8-AAC5-EED036E6083B} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{10D60334-CBB7-4B8A-AF8D-354E7DCA8B35} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10D60334-CBB7-4B8A-AF8D-354E7DCA8B35} => key removed successfully C:\WINDOWS\System32\Tasks\{F36FDF9E-44C4-6835-B209-90749048A487} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F36FDF9E-44C4-6835-B209-90749048A487} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{330E8310-BD95-4050-BD21-A914CB093389} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{330E8310-BD95-4050-BD21-A914CB093389} => key removed successfully C:\WINDOWS\System32\Tasks\{E6847500-512F-C2AB-0350-FBDCDB5408F0} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E6847500-512F-C2AB-0350-FBDCDB5408F0} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{47F8F095-FA06-476E-AB07-F5C7B0970CA1} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47F8F095-FA06-476E-AB07-F5C7B0970CA1} => key removed successfully C:\WINDOWS\System32\Tasks\{FA674B4E-4DCC-FCE5-220B-49025B13A701} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FA674B4E-4DCC-FCE5-220B-49025B13A701} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D8B71FD-78C5-4AF0-9134-BA93B17A2529} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D8B71FD-78C5-4AF0-9134-BA93B17A2529} => key removed successfully C:\WINDOWS\System32\Tasks\{CA0A7DC8-7DA1-CA63-2217-FE0E1FCA81D7} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CA0A7DC8-7DA1-CA63-2217-FE0E1FCA81D7} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60A9DBFA-3726-41CA-BCBF-72AF99B8658C} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60A9DBFA-3726-41CA-BCBF-72AF99B8658C} => key removed successfully C:\WINDOWS\System32\Tasks\{8E31A96A-0F20-79F9-204A-DF5716ED5960} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8E31A96A-0F20-79F9-204A-DF5716ED5960} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{775B05E3-4E84-4E89-9E3C-39615154158A} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{775B05E3-4E84-4E89-9E3C-39615154158A} => key removed successfully C:\WINDOWS\System32\Tasks\{2D6EC779-9AC5-70D2-C4D7-8DC83DA4B5B5} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2D6EC779-9AC5-70D2-C4D7-8DC83DA4B5B5} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B99AE31B-DC65-4DA0-98AA-58F1CE66DB89} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B99AE31B-DC65-4DA0-98AA-58F1CE66DB89} => key removed successfully C:\WINDOWS\System32\Tasks\{58ACE1F0-EF07-565B-553F-2D383704BBBC} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{58ACE1F0-EF07-565B-553F-2D383704BBBC} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C9B191C1-0DAA-4AF8-B73E-C32B40C0B13E} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9B191C1-0DAA-4AF8-B73E-C32B40C0B13E} => key removed successfully C:\WINDOWS\System32\Tasks\{13024733-A4A9-F098-DEFB-112B10E97792} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{13024733-A4A9-F098-DEFB-112B10E97792} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CBA1DDF5-E094-433C-8F32-6A6D57007E7A} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBA1DDF5-E094-433C-8F32-6A6D57007E7A} => key removed successfully C:\WINDOWS\System32\Tasks\{B9BC284C-0E17-9FE7-8552-AC6E2F0F4A30} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B9BC284C-0E17-9FE7-8552-AC6E2F0F4A30} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC8E8A41-AADB-4074-8E02-9C59A123F8A5} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC8E8A41-AADB-4074-8E02-9C59A123F8A5} => key removed successfully C:\WINDOWS\System32\Tasks\{DBA8DC9F-6C03-6B34-EB7F-57205AD2D52F} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DBA8DC9F-6C03-6B34-EB7F-57205AD2D52F} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E05EDA89-740E-4DED-BE00-E780EB4E8BB6} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E05EDA89-740E-4DED-BE00-E780EB4E8BB6} => key removed successfully C:\WINDOWS\System32\Tasks\{9BDDC726-2C76-708D-9A17-5565ABA1BABF} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9BDDC726-2C76-708D-9A17-5565ABA1BABF} => key removed successfully C:\PROGRA~3\607e3951 => moved successfully "C:\ProgramData\{7B07B554-CCAC-02FF-1803-B66C71B518CD}" => not found. "C:\ProgramData\{BE49568F-09E2-E124-A706-D608C658C75E}" => not found. "C:\ProgramData\{08933ABF-BF38-8D14-CA19-B419E560D30B}" => not found. "C:\ProgramData\{11A9B4DB-A602-0370-2F87-C3BEF4007F9D}" => not found. "C:\ProgramData\{F57A650C-42D1-D2A7-D940-37F69CEF9A27}" => not found. "C:\ProgramData\{34EB51CB-8340-E660-BC67-2CB1D5B94657}" => not found. "C:\ProgramData\{1B443140-ACEF-86EB-2B61-171965A1AFD4}" => not found. "C:\ProgramData\{7CEAC050-CB41-77FB-5642-EB3E0D7175FC}" => not found. "C:\ProgramData\{48EA367A-FF41-81D1-E6F5-5A25766C4EDB}" => not found. "C:\ProgramData\{D8E63A2F-6F4D-8D84-E801-D02D92810E66}" => not found. "C:\ProgramData\{DA25AD6A-6D8E-1AC1-78BA-CC962BCC69BD}" => not found. C:\ProgramData\{AD3C30A4-1A97-870F-9612-8072973E7738} => moved successfully "C:\ProgramData\{0AA5A07B-BD0E-17D0-CADD-ED49AAE09517}" => not found. =========== EmptyTemp: ========== BITS transfer queue => 6053888 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 44422738 B Java, Flash, Steam htmlcache => 33753 B Windows/system/drivers => 14185587 B Edge => 264596011 B Chrome => 0 B Firefox => 389616661 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 128 B LocalService => 4048 B NetworkService => 1300806 B Sherrie => 108740350 B RecycleBin => 11569440869 B EmptyTemp: => 11.5 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 17:37:01 ====

thank you Aura. I have no illegal programs. no new programs since i posted the FRST and Addition texts, and the only thing i am still doing is running mbam and quarantine the malware found.

not sure if I was supposed to start a new topic or just add the files to this one Addition.txt FRST.txt

I had a problem with malware constantly so I updated to malwarebytes premium hoping it would catch the problems. I started getting popup windows telling me it blocked outbound to certain websites. I couldn't figure out how to remove the actual malware so I left it to mbam with no more incoming and only the blocked outbound. Now I am getting inbound pups, Adware.DNS with popup windows from powershell. The outbound is coming from my SysWow64/regsrv32. Mbam locates the powershell junk that it finds in my registry but they keep coming back every day, 2-3 times a day. I cannot reformat and start over as I have a Surface 3 tablet that came with win 7 and updated to win 10. If I reformat I don't know how to reinstall win 10. I only use it for mostly hulu. netflix, overdrive and my libraries mostly. I have a few games downloaded from the windows store. This all started when I got hit on Hulu with the Microsoft virus scam which froze my browser and I had to reboot to get rid of it. I also used the news sites and I believe I got it from them, the oddball news sites. I have a few reports for the outbound and the mbam scan on the ones in my registry. I have also run Defender with no luck. It didn't find anything. On another note, I have been leaving my wireless off as much as possible and I still get the powershell window with the malware in my registry. inside system.txt june192017.txt outbound.txt outbound2.txt outbound3.txt

just reinstalled and it is on now. I will check off and on all day and when I boot up in the morning. Thank you dcollins

I just purchased mbam 3 because I was getting malware everyday and it was hitting my browser (firefox) and my overdrive/libraries. I tried the trial ver and it started blocking viscous websites that are outbound from my windows/syswow64/regserv32 files plus others I can't catch because it moves to fast for me to memorize. it seems to work fine but it will not keep the exploit protection to stay on. I hit the button, it comes on then immediately goes back to off. I have run full scans to find the infected files with no luck. i have run defender and microsoft scan with no luck. i don't know if the infected files are stopping the exploit protection or if it the program itself. mb-check-results.zip Addition_04-06-2017 11.13.51.txt FRST_04-06-2017 11.13.51.txt