Lucid_Enemy

That did come back clean and reading over a new frst run it seems to be clean. I'd say mark resolved and if anything I'll just come back. Thank you very much for your help!

should I run FRST again? Fixlog.txt

it didnt find any rootkits mbar-log-2019-06-27 (18-24-43).txt

I saved the log file before hitting the quarintine button sorry. figured it would be easier for me. Either way I will run the anti rootkit in a hour after work is done. Thank you again.

I am grateful for your service I guess I might be frustrated. Sorry.

did the above... to note I did have this scan done when I first posted... now another malware is found and heres the log for that. This doesn't address the fact that it keeps coming back. with different infections. I have attached a screen shot of what im talking about (after having quarantined the malware it detected and rebooted) I did create a dump of that process but its 80mb and the max size here is 58.29MB again.txt

my first post has a log file of malware bytes scanning. it was the free version but after the infection came back I pulled the trigger and bought a home license. I am going to reinstall malware bytes now. but I feel like this is a run around I posted FRST and a malware-bytes log on the first post and then you had me run another tool that did the same thing. mean while I have had regsvr running and doing what made me post this in the first place. I really hope after this reinstall and this log you want me to post you can tell me what is actually happening and not have me run some other tool that we already have done.

mbst-grab-results.zip

Im not sure if this is right but it looks like Task: {37E59ECA-5ABE-420D-A6C7-AC7B21E37456} - System32\Tasks\Reason Antivirus UI => C:\Program [Argument = Files\Reason\Reason Antivirus\ReasonAV.exe MMO] ask: {4E6E490B-AA31-4B93-944A-733AD73DD179} - System32\Tasks\2380C978-D791-BDE8-480C-A83A70A60991 => C:\WINDOWS\SysWOW64\regsvr32.exe /n /s /i:"/178747020981477f /q" "C:\PROGRA~3\137F24~1\{9B0DF~1." Task: {6BDB9221-A9CE-41BA-9C77-9A3C65E6F1D8} - \Adroit System Care_Logon -> No File <==== ATTENTION Task: {A82D3CFE-9BD6-426D-8EAB-D88DE23418C6} - \Adroit System Care_DDelayScheduled -> No File <==== ATTENTION Task: {AA4A5050-2DC0-4197-A5B4-6D7E9FB736AE} - System32\Tasks\C5FF7040-4A71-D20B-40F8-4AD75EA81252 => C:\WINDOWS\SysWOW64\regsvr32.exe /n /s /i:"/15d99afa9c6be140 /q" "C:\PROGRA~3\31FE8C~1\{5AEEF~1." seem to be the culprits do I just copy that into FRST and hit fix? Ive never used FRST before

I have been battling this malware for over a month now. I get rid of it and it keeps coming back. I did a trial with malware-bytes and its kept it from reinstalling but randomly regsvr32 runs and hogs CPU and then I kill it and everything is fine for anywhere from a week to an hour. obviously there is something in the registry causing it to constantly check if the latest malware is installed or not. It was at first triggered by chrome but I uninstalled and reinstalled chrome (clearing left over files so I had a fresh install of chrome, I even switched from chrome to FF but not just for that reason) I have attached my FRST and Malware-bytes logs. I'm pretty good at things like this but for some reason this one has me stumped. If I need to run any other logs let me know (Im used to Hijackthis but it seems that is outdated :P) malwarebytesexport.txt Addition.txt FRST.txt