Vualk

thankyou so much.. i am going to get back to some gaming and guitaring now that i am free of nasty malware.. i have been fiending for some days now as i did not want to worsen the infection by letting it just simmer on my system haha.

Is premium An AV also or just All of the inbetweens? I know how i got it... And as soon as i did i said to myself.. "oh FK i am an idiot" I was downloading a program from the internet from a 3rd party site. It came bundled with A thousand things.. All of which i declined.. Trying to cancel the install.. As soon as the last decline went through it installed this malware immediately after in less than 3 seconds.. (not enough time to stop it) .. at that point it was ... okay lets start scanning things... i ended up killing alot of it myself. but i could not fix the rest. I was at a loss.. so i came here.. I am so glad i did

It worked .. thankyou so much again.. Hopefully i won't be back for Malware infections again.. I haven't had an infection i couldn't fix myself in a LONG time.

oh crap aura... i do believe i accidently deleted the log from the del tool... i thought it would actually save to a log... it was just a pop up is it saved somewhere ?

i have not had any issues at all since we got the rootkit beta and the adw removal / jrt to run honestly... But just because there are no symptoms does not mean it isnt there... So i have been here until the End with you and i honestly thank you so much for taking time out of your personal life to assist me with this.. You are a saint.. and i already uploaded the file where requested.

the file worked... Can i delete frst and the folder in c now? Fixlog.txt

Fixlog.txt upon trying to zip the folder it says File not found or no read permission

Fixlog.txt

And the Two new FRST files... And i shall see you in the morning ... "fingers Crossed" it has been a long process but i am extremely happy to save myself losing all of my stuff :D. FRST.txt Addition.txt

JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.4 (07.09.2017) Operating System: Windows 7 Home Premium x64 Ran by Josh Fowler (Administrator) on Wed 08/16/2017 at 21:50:43.21 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 10 Successfully deleted: C:\Windows\system32\Tasks\PCDEventLauncherTask (Task) Successfully deleted: C:\Windows\system32\Tasks\PCDoctorBackgroundMonitorTask (Task) Successfully deleted: C:\Users\Josh Fowler\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8V5PO3KO (Temporary Internet Files Folder) Successfully deleted: C:\Users\Josh Fowler\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NOLEDCSL (Temporary Internet Files Folder) Successfully deleted: C:\Users\Josh Fowler\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NYWO9K5H (Temporary Internet Files Folder) Successfully deleted: C:\Users\Josh Fowler\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q4SIZAJ8 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8V5PO3KO (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NOLEDCSL (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NYWO9K5H (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q4SIZAJ8 (Temporary Internet Files Folder) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 08/16/2017 at 21:55:37.69 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

here is the log that came up after the reboot not sure if it was the same one as before but i got two different logs # AdwCleaner 7.0.1.0 - Logfile created on Thu Aug 17 02:45:29 2017 # Updated on 2017/05/08 by Malwarebytes # Running on Windows 7 Home Premium (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** No malicious folders deleted. ***** [ Files ] ***** Deleted: C:\Users\Josh Fowler\AppData\Roaming\\Installer.dat ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** Deleted: [Key] - HKLM\SOFTWARE\xs ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0

oh nvm it is done haha. # AdwCleaner 7.0.1.0 - Logfile created on Thu Aug 17 02:44:38 2017 # Updated on 2017/05/08 by Malwarebytes # Database: 07-31-2017.1 # Running on Windows 7 Home Premium (X64) # Mode: scan # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** PUP.Optional.Legacy, C:\Users\Josh Fowler\AppData\Roaming\Installer.dat ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\xs ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries. ************************* C:/AdwCleaner/AdwCleaner[C0].txt - [4137 B] - [2016/8/14 2:32:57] C:/AdwCleaner/AdwCleaner[C2].txt - [2073 B] - [2016/8/14 3:25:14] C:/AdwCleaner/AdwCleaner[S0].txt - [4585 B] - [2015/2/21 20:32:28] C:/AdwCleaner/AdwCleaner[S1].txt - [3904 B] - [2016/8/14 2:31:56] C:/AdwCleaner/AdwCleaner[S2].txt - [2628 B] - [2016/8/14 3:24:42] ########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt ##########

will do this step in the morning as it is late for me... Thanks SO much for all of your help i hope to speak with you again in the morning..

Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/16/17 Scan Time: 6:47 PM Log File: Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.160 Update Package Version: 1.0.2604 License: Trial -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: JoshFowler-PC\Josh Fowler -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 351786 Threats Detected: 5 Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 8 min, 2 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 5 Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, No Action By User, [322], [365171],0.0.0 Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, No Action By User, [322], [365171],0.0.0 Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, No Action By User, [322], [365171],0.0.0 Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, No Action By User, [322], [365171],0.0.0 Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, No Action By User, [322], [365171],0.0.0 Physical Sector: 0 (No malicious items detected) (end)

scanning now will post logs when done.. and once again thankyou so much for helping me out . i would have never finished this and had to reinstall the OS.