[malware in powershell and syswow64/regsrv32]

ok i will check. thats it Aura, we are done. thank you again for all your help. I am a happy camper ?

[malware in powershell and syswow64/regsrv32]

I don't know. how do i check on the license?

[malware in powershell and syswow64/regsrv32]

I have windows defender and it obviously doesn't work well. If i download Avast will it clash? I use it on my desktop and have had no problems. Also, I have the malwarebytes prem on my tablet (which is.what we have been working on). Can i update it on my desktop or will i have to purchase another license?

[malware in powershell and syswow64/regsrv32]

# DelFix v1.013 - Logfile created 03/07/2017 at 10:25:00
# Updated 17/04/2016 by Xplode
# Username : Sherrie - DESKTOP-HR46GJN
# Operating System : Windows 10 Home  (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\Users\Sherrie\Downloads\FRST-OlderVersion
Deleted : C:\Users\Sherrie\Downloads\Addition.txt
Deleted : C:\Users\Sherrie\Downloads\Fixlog.txt
Deleted : C:\Users\Sherrie\Downloads\FRST orig.zip
Deleted : C:\Users\Sherrie\Downloads\FRST.txt
Deleted : C:\Users\Sherrie\Downloads\FRST64(1).exe
Deleted : C:\Users\Sherrie\Downloads\FRST64.exe

~ Creating registry backup ... OK

~ Cleaning system restore ...

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

 

[malware in powershell and syswow64/regsrv32]

done. correct file received by shadowwar. thank you again for all your help Aura and your quick responses. my tablet is still clean so I think it is safe to say we can close this thread now. Again, thank you

 

Sherrie

[malware in powershell and syswow64/regsrv32]

yes to the file if i still have it. missed your name shadowwar and i sent it to Aura. will send ot to you now

[malware in powershell and syswow64/regsrv32]

Thank you Aura! I have been fighting this junk for 6 months so I wanted to be sure it was gone and stayed gone so I spent all day an night on the web to make sure. No more outbound popups, no more powershell windows popping up and all my scans have been clean.

Thank you so much for helping me and without a reinstall!

One question: I purchased malwarebytes premium to stop this and clean it up so why didn't it catch all of this and fix it?

[malware in powershell and syswow64/regsrv32]

haven't seen any since the time i posted about above..

[malware in powershell and syswow64/regsrv32]

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-06-2017
Ran by Sherrie (29-06-2017 20:02:56) Run:5
Running from C:\Users\Sherrie\Downloads
Loaded Profiles: Sherrie (Available Profiles: Sherrie)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\ProgramData\{533CDC9F-E497-6B34-9F92-798BE0FD309A}
CMD: dir C:\ProgramData /a
*****************

C:\ProgramData\{533CDC9F-E497-6B34-9F92-798BE0FD309A} => moved successfully

========= dir C:\ProgramData /a =========

 Volume in drive C is Windows
 Volume Serial Number is 36F8-D7F5

 Directory of C:\ProgramData

06/29/2017  08:02 PM    <DIR>          .
06/29/2017  08:02 PM    <DIR>          ..
05/20/2016  01:26 AM    <DIR>          Adobe
04/19/2016  09:21 PM    <DIR>          Apple
04/19/2016  09:21 PM    <DIR>          Apple Computer
05/29/2017  08:14 AM    <JUNCTION>     Application Data [C:\ProgramData]
09/17/2015  12:29 PM    <DIR>          Broadcom
04/19/2016  08:36 PM    <DIR>          CanonBJ
07/16/2016  04:47 AM    <DIR>          Comms
05/09/2016  10:50 AM    <DIR>          COMODO
02/22/2017  02:30 PM    <DIR>          Conexant
05/29/2017  08:14 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
05/29/2017  08:14 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
05/29/2017  07:51 AM                 0 DP45977C.lfl
05/14/2017  06:53 PM    <DIR>          Malwarebytes
06/03/2017  10:06 AM    <DIR>          Microsoft
05/29/2017  08:24 AM    <DIR>          Microsoft OneDrive
09/17/2015  12:38 PM    <DIR>          Package Cache
06/16/2017  08:59 PM    <DIR>          regid.1991-06.com.microsoft
03/18/2017  02:03 PM    <DIR>          SoftwareDistribution
05/29/2017  08:14 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
05/29/2017  08:14 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
05/29/2017  08:00 AM    <DIR>          USOPrivate
05/29/2017  08:00 AM    <DIR>          USOShared
03/18/2017  07:31 PM    <DIR>          WindowsHolographicDevices
               1 File(s)              0 bytes
              24 Dir(s)  95,864,991,744 bytes free

========= End of CMD: =========

==== End of Fixlog 20:02:57 ====

[malware in powershell and syswow64/regsrv32]

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-06-2017
Ran by Sherrie (29-06-2017 19:56:16) Run:4
Running from C:\Users\Sherrie\Downloads
Loaded Profiles: Sherrie (Available Profiles: Sherrie)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\ProgramData\{0BFC5DA8-BC57-EA03-CFF8-AD1193605861}
C:\ProgramData\{192BCC27-AE80-7B8C-307C-1570674DBCB7}
C:\ProgramData\{1B2D53F8-AC86-E453-241C-32B9A92E7EDC}
C:\ProgramData\{1EC177A1-A96A-C00A-CED4-4DC691B1FDD0}
C:\ProgramData\{533CDC9F-E497-6B34-9F92-798BE0FD309A}]
C:\ProgramData\{970CAD99-20A7-1A32-ACDF-175C4EBE27A1}
C:\ProgramData\{99DCD5DE-2E77-6275-7EFE-D76191B60421}
C:\ProgramData\{B05A259F-07F1-9234-38F2-3222FF43A6A9}
C:\ProgramData\{C941E451-7EEA-53FA-2010-13583537D0D3}
C:\ProgramData\{D06C3411-67C7-83BA-F1ED-2B0E3987EE25}
C:\ProgramData\{E922DC07-5E89-6BAC-E245-669DA75A9D65}
CMD: dir C:\ProgramData /a
*****************

C:\ProgramData\{0BFC5DA8-BC57-EA03-CFF8-AD1193605861} => moved successfully
C:\ProgramData\{192BCC27-AE80-7B8C-307C-1570674DBCB7} => moved successfully
C:\ProgramData\{1B2D53F8-AC86-E453-241C-32B9A92E7EDC} => moved successfully
C:\ProgramData\{1EC177A1-A96A-C00A-CED4-4DC691B1FDD0} => moved successfully
"C:\ProgramData\{533CDC9F-E497-6B34-9F92-798BE0FD309A}]" => not found.
C:\ProgramData\{970CAD99-20A7-1A32-ACDF-175C4EBE27A1} => moved successfully
C:\ProgramData\{99DCD5DE-2E77-6275-7EFE-D76191B60421} => moved successfully
C:\ProgramData\{B05A259F-07F1-9234-38F2-3222FF43A6A9} => moved successfully
C:\ProgramData\{C941E451-7EEA-53FA-2010-13583537D0D3} => moved successfully
C:\ProgramData\{D06C3411-67C7-83BA-F1ED-2B0E3987EE25} => moved successfully
C:\ProgramData\{E922DC07-5E89-6BAC-E245-669DA75A9D65} => moved successfully

========= dir C:\ProgramData /a =========

 Volume in drive C is Windows
 Volume Serial Number is 36F8-D7F5

 Directory of C:\ProgramData

06/29/2017  07:56 PM    <DIR>          .
06/29/2017  07:56 PM    <DIR>          ..
05/20/2016  01:26 AM    <DIR>          Adobe
04/19/2016  09:21 PM    <DIR>          Apple
04/19/2016  09:21 PM    <DIR>          Apple Computer
05/29/2017  08:14 AM    <JUNCTION>     Application Data [C:\ProgramData]
09/17/2015  12:29 PM    <DIR>          Broadcom
04/19/2016  08:36 PM    <DIR>          CanonBJ
07/16/2016  04:47 AM    <DIR>          Comms
05/09/2016  10:50 AM    <DIR>          COMODO
02/22/2017  02:30 PM    <DIR>          Conexant
05/29/2017  08:14 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
05/29/2017  08:14 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
05/29/2017  07:51 AM                 0 DP45977C.lfl
05/14/2017  06:53 PM    <DIR>          Malwarebytes
06/03/2017  10:06 AM    <DIR>          Microsoft
05/29/2017  08:24 AM    <DIR>          Microsoft OneDrive
09/17/2015  12:38 PM    <DIR>          Package Cache
06/16/2017  08:59 PM    <DIR>          regid.1991-06.com.microsoft
03/18/2017  02:03 PM    <DIR>          SoftwareDistribution
05/29/2017  08:14 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
05/29/2017  08:14 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
05/29/2017  08:00 AM    <DIR>          USOPrivate
05/29/2017  08:00 AM    <DIR>          USOShared
03/18/2017  07:31 PM    <DIR>          WindowsHolographicDevices
02/28/2017  11:53 AM    <DIR>          {533CDC9F-E497-6B34-9F92-798BE0FD309A}
               1 File(s)              0 bytes
              25 Dir(s)  95,879,921,664 bytes free

========= End of CMD: =========

==== End of Fixlog 19:56:17 ====

[malware in powershell and syswow64/regsrv32]

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-06-2017
Ran by Sherrie (29-06-2017 19:47:24) Run:3
Running from C:\Users\Sherrie\Downloads
Loaded Profiles: Sherrie (Available Profiles: Sherrie)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Task: {92CE84F7-0253-4DF7-8233-BEF936AA3852} - \{7D7E7F47-0C78-0409-7911-0A7805081178} -> No File <==== ATTENTION
CMD: dir C:\ProgramData /a
*****************

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92CE84F7-0253-4DF7-8233-BEF936AA3852} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92CE84F7-0253-4DF7-8233-BEF936AA3852} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7D7E7F47-0C78-0409-7911-0A7805081178} => key removed successfully

========= dir C:\ProgramData /a =========

 Volume in drive C is Windows
 Volume Serial Number is 36F8-D7F5

 Directory of C:\ProgramData

06/29/2017  05:34 PM    <DIR>          .
06/29/2017  05:34 PM    <DIR>          ..
05/20/2016  01:26 AM    <DIR>          Adobe
04/19/2016  09:21 PM    <DIR>          Apple
04/19/2016  09:21 PM    <DIR>          Apple Computer
05/29/2017  08:14 AM    <JUNCTION>     Application Data [C:\ProgramData]
09/17/2015  12:29 PM    <DIR>          Broadcom
04/19/2016  08:36 PM    <DIR>          CanonBJ
07/16/2016  04:47 AM    <DIR>          Comms
05/09/2016  10:50 AM    <DIR>          COMODO
02/22/2017  02:30 PM    <DIR>          Conexant
05/29/2017  08:14 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
05/29/2017  08:14 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
05/29/2017  07:51 AM                 0 DP45977C.lfl
05/14/2017  06:53 PM    <DIR>          Malwarebytes
06/03/2017  10:06 AM    <DIR>          Microsoft
05/29/2017  08:24 AM    <DIR>          Microsoft OneDrive
09/17/2015  12:38 PM    <DIR>          Package Cache
06/16/2017  08:59 PM    <DIR>          regid.1991-06.com.microsoft
03/18/2017  02:03 PM    <DIR>          SoftwareDistribution
05/29/2017  08:14 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
05/29/2017  08:14 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
05/29/2017  08:00 AM    <DIR>          USOPrivate
05/29/2017  08:00 AM    <DIR>          USOShared
03/18/2017  07:31 PM    <DIR>          WindowsHolographicDevices
01/20/2017  04:21 PM    <DIR>          {0BFC5DA8-BC57-EA03-CFF8-AD1193605861}
01/22/2017  06:26 PM    <DIR>          {192BCC27-AE80-7B8C-307C-1570674DBCB7}
02/27/2017  01:02 PM    <DIR>          {1B2D53F8-AC86-E453-241C-32B9A92E7EDC}
01/20/2017  04:21 PM    <DIR>          {1EC177A1-A96A-C00A-CED4-4DC691B1FDD0}
02/28/2017  11:53 AM    <DIR>          {533CDC9F-E497-6B34-9F92-798BE0FD309A}
01/22/2017  06:26 PM    <DIR>          {970CAD99-20A7-1A32-ACDF-175C4EBE27A1}
02/27/2017  11:53 AM    <DIR>          {99DCD5DE-2E77-6275-7EFE-D76191B60421}
01/22/2017  06:26 PM    <DIR>          {B05A259F-07F1-9234-38F2-3222FF43A6A9}
03/01/2017  08:06 PM    <DIR>          {C941E451-7EEA-53FA-2010-13583537D0D3}
01/25/2017  12:38 PM    <DIR>          {D06C3411-67C7-83BA-F1ED-2B0E3987EE25}
02/28/2017  06:15 PM    <DIR>          {E922DC07-5E89-6BAC-E245-669DA75A9D65}
               1 File(s)              0 bytes
              35 Dir(s)  95,865,946,112 bytes free

========= End of CMD: =========

==== End of Fixlog 19:47:25 ====

[malware in powershell and syswow64/regsrv32]

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-06-2017
Ran by Sherrie (29-06-2017 19:40:21) Run:2
Running from C:\Users\Sherrie\Downloads
Loaded Profiles: Sherrie (Available Profiles: Sherrie)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

Task: {0250BE48-7EBD-4D05-BF1B-576B6EACC218} - System32\Tasks\{062F6779-B184-D0D2-7761-07E8AAC26DE8} => C:\ProgramData\{7B07B554-CCAC-02FF-1803-B66C71B518CD}\4849CA4D-FFE2-7DE6-864B-E4A6892A7278.exe <==== ATTENTION
Task: {04686B27-3611-4EF3-816B-7CEB9FC989E5} - System32\Tasks\{7AA5A9C1-CD0E-1E6A-54D4-047E765121AB} => C:\ProgramData\{BE49568F-09E2-E124-A706-D608C658C75E}\0EA74E16-B90C-F9BD-F140-DE7ED4183BCA.exe <==== ATTENTION
Task: {04E5A362-FFAB-46CA-A884-827BD9BD0090} - System32\Tasks\{77ADB943-C006-0EE8-AAC5-EED036E6083B} => C:\ProgramData\{08933ABF-BF38-8D14-CA19-B419E560D30B}\FFD9B635-4872-019E-EDD8-B43C1F6B875D.exe <==== ATTENTION
Task: {10D60334-CBB7-4B8A-AF8D-354E7DCA8B35} - System32\Tasks\{F36FDF9E-44C4-6835-B209-90749048A487} => C:\ProgramData\{11A9B4DB-A602-0370-2F87-C3BEF4007F9D}\5FCFEB31-E864-5C9A-B19B-7591B2A39974.exe <==== ATTENTION
Task: {330E8310-BD95-4050-BD21-A914CB093389} - System32\Tasks\{E6847500-512F-C2AB-0350-FBDCDB5408F0} => C:\ProgramData\{F57A650C-42D1-D2A7-D940-37F69CEF9A27}\AB26610F-1C8D-D6A4-9391-E91E2FB55668.exe <==== ATTENTION
Task: {47F8F095-FA06-476E-AB07-F5C7B0970CA1} - System32\Tasks\{FA674B4E-4DCC-FCE5-220B-49025B13A701} => C:\ProgramData\{34EB51CB-8340-E660-BC67-2CB1D5B94657}\413A6866-F691-DFCD-F964-3D8C330F6D9C.exe <==== ATTENTION
Task: {4D8B71FD-78C5-4AF0-9134-BA93B17A2529} - System32\Tasks\{CA0A7DC8-7DA1-CA63-2217-FE0E1FCA81D7} => C:\ProgramData\{1B443140-ACEF-86EB-2B61-171965A1AFD4}\DE332718-6998-90B3-90F4-E06D18386487.exe <==== ATTENTION
Task: {60A9DBFA-3726-41CA-BCBF-72AF99B8658C} - System32\Tasks\{8E31A96A-0F20-79F9-204A-DF5716ED5960} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\607e3951\52816ca6.dll" <==== ATTENTION
Task: {775B05E3-4E84-4E89-9E3C-39615154158A} - System32\Tasks\{2D6EC779-9AC5-70D2-C4D7-8DC83DA4B5B5} => C:\ProgramData\{7CEAC050-CB41-77FB-5642-EB3E0D7175FC}\328B4525-8520-F28E-7EB5-C44C779FD0BD.exe <==== ATTENTION
Task: {B99AE31B-DC65-4DA0-98AA-58F1CE66DB89} - System32\Tasks\{58ACE1F0-EF07-565B-553F-2D383704BBBC} => C:\ProgramData\{48EA367A-FF41-81D1-E6F5-5A25766C4EDB}\9196B11D-263D-06B6-21AE-F694E515305A.exe <==== ATTENTION
Task: {C9B191C1-0DAA-4AF8-B73E-C32B40C0B13E} - System32\Tasks\{13024733-A4A9-F098-DEFB-112B10E97792} => C:\ProgramData\{D8E63A2F-6F4D-8D84-E801-D02D92810E66}\67114148-D0BA-F6E3-D018-09A6B69131BD.exe <==== ATTENTION
Task: {CBA1DDF5-E094-433C-8F32-6A6D57007E7A} - System32\Tasks\{B9BC284C-0E17-9FE7-8552-AC6E2F0F4A30} => C:\ProgramData\{DA25AD6A-6D8E-1AC1-78BA-CC962BCC69BD}\2879137F-9FD2-A4D4-0830-86FA5CA31D9D.exe <==== ATTENTION
Task: {CC8E8A41-AADB-4074-8E02-9C59A123F8A5} - System32\Tasks\{DBA8DC9F-6C03-6B34-EB7F-57205AD2D52F} => C:\ProgramData\{AD3C30A4-1A97-870F-9612-8072973E7738}\0D94BE24-BA3F-098F-825B-47AA713C6DAB.exe <==== ATTENTION
Task: {E05EDA89-740E-4DED-BE00-E780EB4E8BB6} - System32\Tasks\{9BDDC726-2C76-708D-9A17-5565ABA1BABF} => C:\ProgramData\{0AA5A07B-BD0E-17D0-CADD-ED49AAE09517}\4B9F965D-FC34-21F6-CC96-2489F49BE5C7.exe <==== ATTENTION

C:\PROGRA~3\607e3951
C:\ProgramData\{7B07B554-CCAC-02FF-1803-B66C71B518CD}
C:\ProgramData\{BE49568F-09E2-E124-A706-D608C658C75E}
C:\ProgramData\{08933ABF-BF38-8D14-CA19-B419E560D30B}
C:\ProgramData\{11A9B4DB-A602-0370-2F87-C3BEF4007F9D}
C:\ProgramData\{F57A650C-42D1-D2A7-D940-37F69CEF9A27}
C:\ProgramData\{34EB51CB-8340-E660-BC67-2CB1D5B94657}
C:\ProgramData\{1B443140-ACEF-86EB-2B61-171965A1AFD4}
C:\ProgramData\{7CEAC050-CB41-77FB-5642-EB3E0D7175FC}
C:\ProgramData\{48EA367A-FF41-81D1-E6F5-5A25766C4EDB}
C:\ProgramData\{D8E63A2F-6F4D-8D84-E801-D02D92810E66}
C:\ProgramData\{DA25AD6A-6D8E-1AC1-78BA-CC962BCC69BD}
C:\ProgramData\{AD3C30A4-1A97-870F-9612-8072973E7738}
C:\ProgramData\{0AA5A07B-BD0E-17D0-CADD-ED49AAE09517}

EmptyTemp:
*****************

Processes closed successfully.
Error: (0) Failed to create a restore point.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0250BE48-7EBD-4D05-BF1B-576B6EACC218} => key not found.
C:\WINDOWS\System32\Tasks\{062F6779-B184-D0D2-7761-07E8AAC26DE8} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{062F6779-B184-D0D2-7761-07E8AAC26DE8} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04686B27-3611-4EF3-816B-7CEB9FC989E5} => key not found.
C:\WINDOWS\System32\Tasks\{7AA5A9C1-CD0E-1E6A-54D4-047E765121AB} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7AA5A9C1-CD0E-1E6A-54D4-047E765121AB} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04E5A362-FFAB-46CA-A884-827BD9BD0090} => key not found.
C:\WINDOWS\System32\Tasks\{77ADB943-C006-0EE8-AAC5-EED036E6083B} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{77ADB943-C006-0EE8-AAC5-EED036E6083B} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10D60334-CBB7-4B8A-AF8D-354E7DCA8B35} => key not found.
C:\WINDOWS\System32\Tasks\{F36FDF9E-44C4-6835-B209-90749048A487} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F36FDF9E-44C4-6835-B209-90749048A487} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{330E8310-BD95-4050-BD21-A914CB093389} => key not found.
C:\WINDOWS\System32\Tasks\{E6847500-512F-C2AB-0350-FBDCDB5408F0} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E6847500-512F-C2AB-0350-FBDCDB5408F0} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47F8F095-FA06-476E-AB07-F5C7B0970CA1} => key not found.
C:\WINDOWS\System32\Tasks\{FA674B4E-4DCC-FCE5-220B-49025B13A701} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FA674B4E-4DCC-FCE5-220B-49025B13A701} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D8B71FD-78C5-4AF0-9134-BA93B17A2529} => key not found.
C:\WINDOWS\System32\Tasks\{CA0A7DC8-7DA1-CA63-2217-FE0E1FCA81D7} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CA0A7DC8-7DA1-CA63-2217-FE0E1FCA81D7} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60A9DBFA-3726-41CA-BCBF-72AF99B8658C} => key not found.
C:\WINDOWS\System32\Tasks\{8E31A96A-0F20-79F9-204A-DF5716ED5960} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8E31A96A-0F20-79F9-204A-DF5716ED5960} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{775B05E3-4E84-4E89-9E3C-39615154158A} => key not found.
C:\WINDOWS\System32\Tasks\{2D6EC779-9AC5-70D2-C4D7-8DC83DA4B5B5} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2D6EC779-9AC5-70D2-C4D7-8DC83DA4B5B5} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B99AE31B-DC65-4DA0-98AA-58F1CE66DB89} => key not found.
C:\WINDOWS\System32\Tasks\{58ACE1F0-EF07-565B-553F-2D383704BBBC} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{58ACE1F0-EF07-565B-553F-2D383704BBBC} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9B191C1-0DAA-4AF8-B73E-C32B40C0B13E} => key not found.
C:\WINDOWS\System32\Tasks\{13024733-A4A9-F098-DEFB-112B10E97792} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{13024733-A4A9-F098-DEFB-112B10E97792} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBA1DDF5-E094-433C-8F32-6A6D57007E7A} => key not found.
C:\WINDOWS\System32\Tasks\{B9BC284C-0E17-9FE7-8552-AC6E2F0F4A30} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B9BC284C-0E17-9FE7-8552-AC6E2F0F4A30} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC8E8A41-AADB-4074-8E02-9C59A123F8A5} => key not found.
C:\WINDOWS\System32\Tasks\{DBA8DC9F-6C03-6B34-EB7F-57205AD2D52F} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DBA8DC9F-6C03-6B34-EB7F-57205AD2D52F} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E05EDA89-740E-4DED-BE00-E780EB4E8BB6} => key not found.
C:\WINDOWS\System32\Tasks\{9BDDC726-2C76-708D-9A17-5565ABA1BABF} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9BDDC726-2C76-708D-9A17-5565ABA1BABF} => key not found.
"C:\PROGRA~3\607e3951" => not found.
"C:\ProgramData\{7B07B554-CCAC-02FF-1803-B66C71B518CD}" => not found.
"C:\ProgramData\{BE49568F-09E2-E124-A706-D608C658C75E}" => not found.
"C:\ProgramData\{08933ABF-BF38-8D14-CA19-B419E560D30B}" => not found.
"C:\ProgramData\{11A9B4DB-A602-0370-2F87-C3BEF4007F9D}" => not found.
"C:\ProgramData\{F57A650C-42D1-D2A7-D940-37F69CEF9A27}" => not found.
"C:\ProgramData\{34EB51CB-8340-E660-BC67-2CB1D5B94657}" => not found.
"C:\ProgramData\{1B443140-ACEF-86EB-2B61-171965A1AFD4}" => not found.
"C:\ProgramData\{7CEAC050-CB41-77FB-5642-EB3E0D7175FC}" => not found.
"C:\ProgramData\{48EA367A-FF41-81D1-E6F5-5A25766C4EDB}" => not found.
"C:\ProgramData\{D8E63A2F-6F4D-8D84-E801-D02D92810E66}" => not found.
"C:\ProgramData\{DA25AD6A-6D8E-1AC1-78BA-CC962BCC69BD}" => not found.
"C:\ProgramData\{AD3C30A4-1A97-870F-9612-8072973E7738}" => not found.
"C:\ProgramData\{0AA5A07B-BD0E-17D0-CADD-ED49AAE09517}" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 6053888 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11640575 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 153308 B
Edge => 23469732 B
Chrome => 0 B
Firefox => 18470014 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 1060 B
Sherrie => 219418 B

RecycleBin => 0 B
EmptyTemp: => 57.2 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 19:40:39 ====

[malware in powershell and syswow64/regsrv32]

Addition.txt

FRST.txt

[malware in powershell and syswow64/regsrv32]

yes i am still getting them. started right after i posted the last file

 

[malware in powershell and syswow64/regsrv32]

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-06-2017
Ran by Sherrie (29-06-2017 17:34:00) Run:1
Running from C:\Users\Sherrie\Downloads
Loaded Profiles: Sherrie (Available Profiles: Sherrie)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

Task: {0250BE48-7EBD-4D05-BF1B-576B6EACC218} - System32\Tasks\{062F6779-B184-D0D2-7761-07E8AAC26DE8} => C:\ProgramData\{7B07B554-CCAC-02FF-1803-B66C71B518CD}\4849CA4D-FFE2-7DE6-864B-E4A6892A7278.exe <==== ATTENTION
Task: {04686B27-3611-4EF3-816B-7CEB9FC989E5} - System32\Tasks\{7AA5A9C1-CD0E-1E6A-54D4-047E765121AB} => C:\ProgramData\{BE49568F-09E2-E124-A706-D608C658C75E}\0EA74E16-B90C-F9BD-F140-DE7ED4183BCA.exe <==== ATTENTION
Task: {04E5A362-FFAB-46CA-A884-827BD9BD0090} - System32\Tasks\{77ADB943-C006-0EE8-AAC5-EED036E6083B} => C:\ProgramData\{08933ABF-BF38-8D14-CA19-B419E560D30B}\FFD9B635-4872-019E-EDD8-B43C1F6B875D.exe <==== ATTENTION
Task: {10D60334-CBB7-4B8A-AF8D-354E7DCA8B35} - System32\Tasks\{F36FDF9E-44C4-6835-B209-90749048A487} => C:\ProgramData\{11A9B4DB-A602-0370-2F87-C3BEF4007F9D}\5FCFEB31-E864-5C9A-B19B-7591B2A39974.exe <==== ATTENTION
Task: {330E8310-BD95-4050-BD21-A914CB093389} - System32\Tasks\{E6847500-512F-C2AB-0350-FBDCDB5408F0} => C:\ProgramData\{F57A650C-42D1-D2A7-D940-37F69CEF9A27}\AB26610F-1C8D-D6A4-9391-E91E2FB55668.exe <==== ATTENTION
Task: {47F8F095-FA06-476E-AB07-F5C7B0970CA1} - System32\Tasks\{FA674B4E-4DCC-FCE5-220B-49025B13A701} => C:\ProgramData\{34EB51CB-8340-E660-BC67-2CB1D5B94657}\413A6866-F691-DFCD-F964-3D8C330F6D9C.exe <==== ATTENTION
Task: {4D8B71FD-78C5-4AF0-9134-BA93B17A2529} - System32\Tasks\{CA0A7DC8-7DA1-CA63-2217-FE0E1FCA81D7} => C:\ProgramData\{1B443140-ACEF-86EB-2B61-171965A1AFD4}\DE332718-6998-90B3-90F4-E06D18386487.exe <==== ATTENTION
Task: {60A9DBFA-3726-41CA-BCBF-72AF99B8658C} - System32\Tasks\{8E31A96A-0F20-79F9-204A-DF5716ED5960} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\607e3951\52816ca6.dll" <==== ATTENTION
Task: {775B05E3-4E84-4E89-9E3C-39615154158A} - System32\Tasks\{2D6EC779-9AC5-70D2-C4D7-8DC83DA4B5B5} => C:\ProgramData\{7CEAC050-CB41-77FB-5642-EB3E0D7175FC}\328B4525-8520-F28E-7EB5-C44C779FD0BD.exe <==== ATTENTION
Task: {B99AE31B-DC65-4DA0-98AA-58F1CE66DB89} - System32\Tasks\{58ACE1F0-EF07-565B-553F-2D383704BBBC} => C:\ProgramData\{48EA367A-FF41-81D1-E6F5-5A25766C4EDB}\9196B11D-263D-06B6-21AE-F694E515305A.exe <==== ATTENTION
Task: {C9B191C1-0DAA-4AF8-B73E-C32B40C0B13E} - System32\Tasks\{13024733-A4A9-F098-DEFB-112B10E97792} => C:\ProgramData\{D8E63A2F-6F4D-8D84-E801-D02D92810E66}\67114148-D0BA-F6E3-D018-09A6B69131BD.exe <==== ATTENTION
Task: {CBA1DDF5-E094-433C-8F32-6A6D57007E7A} - System32\Tasks\{B9BC284C-0E17-9FE7-8552-AC6E2F0F4A30} => C:\ProgramData\{DA25AD6A-6D8E-1AC1-78BA-CC962BCC69BD}\2879137F-9FD2-A4D4-0830-86FA5CA31D9D.exe <==== ATTENTION
Task: {CC8E8A41-AADB-4074-8E02-9C59A123F8A5} - System32\Tasks\{DBA8DC9F-6C03-6B34-EB7F-57205AD2D52F} => C:\ProgramData\{AD3C30A4-1A97-870F-9612-8072973E7738}\0D94BE24-BA3F-098F-825B-47AA713C6DAB.exe <==== ATTENTION
Task: {E05EDA89-740E-4DED-BE00-E780EB4E8BB6} - System32\Tasks\{9BDDC726-2C76-708D-9A17-5565ABA1BABF} => C:\ProgramData\{0AA5A07B-BD0E-17D0-CADD-ED49AAE09517}\4B9F965D-FC34-21F6-CC96-2489F49BE5C7.exe <==== ATTENTION

C:\PROGRA~3\607e3951
C:\ProgramData\{7B07B554-CCAC-02FF-1803-B66C71B518CD}
C:\ProgramData\{BE49568F-09E2-E124-A706-D608C658C75E}
C:\ProgramData\{08933ABF-BF38-8D14-CA19-B419E560D30B}
C:\ProgramData\{11A9B4DB-A602-0370-2F87-C3BEF4007F9D}
C:\ProgramData\{F57A650C-42D1-D2A7-D940-37F69CEF9A27}
C:\ProgramData\{34EB51CB-8340-E660-BC67-2CB1D5B94657}
C:\ProgramData\{1B443140-ACEF-86EB-2B61-171965A1AFD4}
C:\ProgramData\{7CEAC050-CB41-77FB-5642-EB3E0D7175FC}
C:\ProgramData\{48EA367A-FF41-81D1-E6F5-5A25766C4EDB}
C:\ProgramData\{D8E63A2F-6F4D-8D84-E801-D02D92810E66}
C:\ProgramData\{DA25AD6A-6D8E-1AC1-78BA-CC962BCC69BD}
C:\ProgramData\{AD3C30A4-1A97-870F-9612-8072973E7738}
C:\ProgramData\{0AA5A07B-BD0E-17D0-CADD-ED49AAE09517}

EmptyTemp:
*****************

Processes closed successfully.
Error: (0) Failed to create a restore point.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0250BE48-7EBD-4D05-BF1B-576B6EACC218} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0250BE48-7EBD-4D05-BF1B-576B6EACC218} => key removed successfully
C:\WINDOWS\System32\Tasks\{062F6779-B184-D0D2-7761-07E8AAC26DE8} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{062F6779-B184-D0D2-7761-07E8AAC26DE8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04686B27-3611-4EF3-816B-7CEB9FC989E5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04686B27-3611-4EF3-816B-7CEB9FC989E5} => key removed successfully
C:\WINDOWS\System32\Tasks\{7AA5A9C1-CD0E-1E6A-54D4-047E765121AB} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7AA5A9C1-CD0E-1E6A-54D4-047E765121AB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04E5A362-FFAB-46CA-A884-827BD9BD0090} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04E5A362-FFAB-46CA-A884-827BD9BD0090} => key removed successfully
C:\WINDOWS\System32\Tasks\{77ADB943-C006-0EE8-AAC5-EED036E6083B} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{77ADB943-C006-0EE8-AAC5-EED036E6083B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{10D60334-CBB7-4B8A-AF8D-354E7DCA8B35} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10D60334-CBB7-4B8A-AF8D-354E7DCA8B35} => key removed successfully
C:\WINDOWS\System32\Tasks\{F36FDF9E-44C4-6835-B209-90749048A487} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F36FDF9E-44C4-6835-B209-90749048A487} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{330E8310-BD95-4050-BD21-A914CB093389} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{330E8310-BD95-4050-BD21-A914CB093389} => key removed successfully
C:\WINDOWS\System32\Tasks\{E6847500-512F-C2AB-0350-FBDCDB5408F0} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E6847500-512F-C2AB-0350-FBDCDB5408F0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{47F8F095-FA06-476E-AB07-F5C7B0970CA1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47F8F095-FA06-476E-AB07-F5C7B0970CA1} => key removed successfully
C:\WINDOWS\System32\Tasks\{FA674B4E-4DCC-FCE5-220B-49025B13A701} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FA674B4E-4DCC-FCE5-220B-49025B13A701} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D8B71FD-78C5-4AF0-9134-BA93B17A2529} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D8B71FD-78C5-4AF0-9134-BA93B17A2529} => key removed successfully
C:\WINDOWS\System32\Tasks\{CA0A7DC8-7DA1-CA63-2217-FE0E1FCA81D7} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CA0A7DC8-7DA1-CA63-2217-FE0E1FCA81D7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60A9DBFA-3726-41CA-BCBF-72AF99B8658C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60A9DBFA-3726-41CA-BCBF-72AF99B8658C} => key removed successfully
C:\WINDOWS\System32\Tasks\{8E31A96A-0F20-79F9-204A-DF5716ED5960} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8E31A96A-0F20-79F9-204A-DF5716ED5960} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{775B05E3-4E84-4E89-9E3C-39615154158A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{775B05E3-4E84-4E89-9E3C-39615154158A} => key removed successfully
C:\WINDOWS\System32\Tasks\{2D6EC779-9AC5-70D2-C4D7-8DC83DA4B5B5} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2D6EC779-9AC5-70D2-C4D7-8DC83DA4B5B5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B99AE31B-DC65-4DA0-98AA-58F1CE66DB89} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B99AE31B-DC65-4DA0-98AA-58F1CE66DB89} => key removed successfully
C:\WINDOWS\System32\Tasks\{58ACE1F0-EF07-565B-553F-2D383704BBBC} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{58ACE1F0-EF07-565B-553F-2D383704BBBC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C9B191C1-0DAA-4AF8-B73E-C32B40C0B13E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9B191C1-0DAA-4AF8-B73E-C32B40C0B13E} => key removed successfully
C:\WINDOWS\System32\Tasks\{13024733-A4A9-F098-DEFB-112B10E97792} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{13024733-A4A9-F098-DEFB-112B10E97792} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CBA1DDF5-E094-433C-8F32-6A6D57007E7A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBA1DDF5-E094-433C-8F32-6A6D57007E7A} => key removed successfully
C:\WINDOWS\System32\Tasks\{B9BC284C-0E17-9FE7-8552-AC6E2F0F4A30} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B9BC284C-0E17-9FE7-8552-AC6E2F0F4A30} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC8E8A41-AADB-4074-8E02-9C59A123F8A5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC8E8A41-AADB-4074-8E02-9C59A123F8A5} => key removed successfully
C:\WINDOWS\System32\Tasks\{DBA8DC9F-6C03-6B34-EB7F-57205AD2D52F} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DBA8DC9F-6C03-6B34-EB7F-57205AD2D52F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E05EDA89-740E-4DED-BE00-E780EB4E8BB6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E05EDA89-740E-4DED-BE00-E780EB4E8BB6} => key removed successfully
C:\WINDOWS\System32\Tasks\{9BDDC726-2C76-708D-9A17-5565ABA1BABF} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9BDDC726-2C76-708D-9A17-5565ABA1BABF} => key removed successfully
C:\PROGRA~3\607e3951 => moved successfully
"C:\ProgramData\{7B07B554-CCAC-02FF-1803-B66C71B518CD}" => not found.
"C:\ProgramData\{BE49568F-09E2-E124-A706-D608C658C75E}" => not found.
"C:\ProgramData\{08933ABF-BF38-8D14-CA19-B419E560D30B}" => not found.
"C:\ProgramData\{11A9B4DB-A602-0370-2F87-C3BEF4007F9D}" => not found.
"C:\ProgramData\{F57A650C-42D1-D2A7-D940-37F69CEF9A27}" => not found.
"C:\ProgramData\{34EB51CB-8340-E660-BC67-2CB1D5B94657}" => not found.
"C:\ProgramData\{1B443140-ACEF-86EB-2B61-171965A1AFD4}" => not found.
"C:\ProgramData\{7CEAC050-CB41-77FB-5642-EB3E0D7175FC}" => not found.
"C:\ProgramData\{48EA367A-FF41-81D1-E6F5-5A25766C4EDB}" => not found.
"C:\ProgramData\{D8E63A2F-6F4D-8D84-E801-D02D92810E66}" => not found.
"C:\ProgramData\{DA25AD6A-6D8E-1AC1-78BA-CC962BCC69BD}" => not found.
C:\ProgramData\{AD3C30A4-1A97-870F-9612-8072973E7738} => moved successfully
"C:\ProgramData\{0AA5A07B-BD0E-17D0-CADD-ED49AAE09517}" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 6053888 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 44422738 B
Java, Flash, Steam htmlcache => 33753 B
Windows/system/drivers => 14185587 B
Edge => 264596011 B
Chrome => 0 B
Firefox => 389616661 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 4048 B
NetworkService => 1300806 B
Sherrie => 108740350 B

RecycleBin => 11569440869 B
EmptyTemp: => 11.5 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 17:37:01 ====

[malware in powershell and syswow64/regsrv32]

thank you Aura. I have no illegal programs. no new programs since i posted the FRST and Addition texts, and the only thing i am still doing is running mbam and quarantine the malware found.

[malware in powershell and syswow64/regsrv32]

not sure if I was supposed to start a new topic or just add the files to this one

Addition.txt

FRST.txt

[malware in powershell and syswow64/regsrv32]

I had a problem with malware constantly so I updated to malwarebytes premium hoping it would catch the problems. I started getting popup windows telling me it blocked outbound to certain websites. I couldn't figure out how to remove the actual malware so I left it to mbam with no more incoming and only the blocked outbound. Now I am getting inbound pups, Adware.DNS with popup windows from powershell. The outbound is coming from my SysWow64/regsrv32. Mbam locates the powershell junk that it finds in my registry but they keep coming back every day, 2-3 times a day. I cannot reformat and start over as I have a Surface 3 tablet that came with win 7 and updated to win 10. If I reformat I don't know how to reinstall win 10. I only use it for mostly hulu. netflix, overdrive and my libraries mostly. I have a few games downloaded from the windows store.

This all started when I got hit on Hulu with the Microsoft virus scam which froze my browser and I had to reboot to get rid of it. I also used the news sites and I believe I got it from them, the oddball news sites. I have a few reports for the outbound and the mbam scan on the ones in my registry. I have also run Defender with no luck. It didn't find anything.

On another note, I have been leaving my wireless off as much as possible and I still get the powershell window with the malware in my registry.

 

inside system.txt

june192017.txt

outbound.txt

outbound2.txt

outbound3.txt

[exploit protection will not come on]

just reinstalled and it is on now. I will check off and on all day and when I boot up in the morning. Thank you dcollins

[exploit protection will not come on]

I just purchased mbam 3 because I was getting malware everyday and it was hitting my browser (firefox) and my overdrive/libraries. I tried the trial ver and it started blocking viscous websites that are outbound from my windows/syswow64/regserv32 files plus others I can't catch because it moves to fast for me to memorize. it seems to work fine but it will not keep the exploit protection to stay on. I hit the button, it comes on then immediately goes back to off. I have run full scans to find the infected files with no luck. i have run defender and microsoft scan with no luck. i don't know if the infected files are stopping the exploit protection or if it the program itself.

 

mb-check-results.zip

Addition_04-06-2017 11.13.51.txt

FRST_04-06-2017 11.13.51.txt