Suspected Matrix Ransomware. Need help in removing it.

You could also try and use Shadow Explorer to see if there are any intact files…

I will try restoring my files later, I don’t need them urgently. Could you please confirm whether my system has got rid of the malware?

Please follow the last set of instructions, to remove the remaining elements…

--------------- QuickScript | g3n-h@ckm@n | V3_31.01.17.1 ---------------

----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 20/03/2017 23:48:12

Updated 31/01/2017 | 13.00 by g3n-h@ckm@n
Contact : http://www.sosvirus.net/

Time Zone : (UTC+05:30) Chennai, Kolkata, Mumbai, New Delhi
[183-k (Administrator)] - [HP] (S-1-5-21-1605944295-1278072363-3366277582-1005)

System: Microsoft Windows 8.1 Single Language - - (6.3.9600) - BuildType: Multiprocessor Free - OSLanguage: 1033 (4009)
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 8.1 Single Language|C:\Windows|\Device\Harddisk0\Partition4
Boot : Normal boot
PC: HP Pavilion 15 Notebook PC - Hewlett-Packard - IdNumber: 5CD42147XD - UUID: 34444335-3132-3734-5844-A02BB859A5C2
Processor : X64 - 1896 Mhz - Intel(R) Core™ i3-4030U CPU @ 1.90GHz
F.02 - en|US|iso8859-1 - Insyde - S/N: 5CD42147XD - F.02 - HPQOEM - 1
CoreTemp : 56 Celsius

----------| Script

Key : [HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Chromium] Deleted Successfully
Key : [HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\clCI75RGsstX0Gr] Deleted Successfully
Key : [HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\McAfee] Deleted Successfully
Key : [HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\SystemQQX] Deleted Successfully
Key : [HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\Bitdefender] Deleted Successfully
Key : [HKU\S-1-5-21-1605944295-1278072363-3366277582-1005\Software\clCI75RGsstX0Gr] Deleted Successfully
Key : [HKU\S-1-5-21-1605944295-1278072363-3366277582-1001\Software\Locky] Deleted Successfully
Key : [HKLM\Software\McAfee] Deleted Successfully
Key : [HKLM\Software\WOW6432Node\AVAST Software] Deleted Successfully
Key : [HKLM\Software\WOW6432Node\DDD5473C62677ECE24054A6D 47DD272F] Deleted Successfully
Key : [HKLM\Software\WOW6432Node\Eset] Deleted Successfully
Key : [HKLM\Software\WOW6432Node\McAfee] Not Found !
C:\Users\183-k\AppData\Local\GWX Moved Successfully
C:\Users\HP-PC\AppData\Local\GWX Moved Successfully
C:\Users\shrey\AppData\Local\GWX Moved Successfully
C:\ProgramData\AVAST Software Moved Successfully
C:\ProgramData\McAfee Moved Successfully
C:\Users\HP-PC\AppData\Local\Temp\5B60.exe Not Found !
C:\Users\183-k\AppData\Local\Pokki Not Found !
C:\ProgramData\oqztiqep.adk.4B4FC70A905FD32B.matri x Moved Successfully
C:\ProgramData\oqztiqep Not Found !
C:\Program Files (x86)\ESET Moved Successfully
C:\Program Files (x86)\Adware Removal Tool by TSA Moved Successfully
C:\Program Files (x86)\McAfee Moved Successfully
C:\Program Files (x86)\Common Files\mcafee Moved Successfully
C:\Windows\Tasks\HPCeeScheduleForHP-PC.job Moved Successfully
C:\Windows\System32\Tasks\AVAST Software Moved Successfully
C:\Users\183-k\AppData\Roaming\WeatherChickn Not Found !
C:\Windows\System32\Tasks\Hewlett-Packard Moved Successfully
C:\Windows\System32\Drivers\mdare64_54.sys Moved Successfully
C:\Windows\System32\Drivers\mdare64_63.sys Moved Successfully
C:\Windows\System32\Drivers\kltap.sys Moved Successfully
C:\Windows\System32\Drivers\pppop64.sys Moved Successfully
Service : clCI75RGsstX0Gr Not Found !
Service : DDD5473C62677ECE24054A6D47DD272F Not Found !

Run the final Hijack this scan then I can send you on your way after that…

I am getting this error dialog each time I click on HiJackThis.zip on my computer. What should I do?
[ATTACH]1871[/ATTACH]

Disable your antivirus, download it again.
Then unzip it to your desktop. with 7zip
Right click run as admin.

Logfile of Trend Micro HiJackThis 2.0.6 - Private Fork by Alex Dragokas ver. Beta 4.5

Platform: x64 Windows 8.1 (Home Single Language), 6.3.9600, Service Pack: 0
Time: 21.03.2017 - 02:01
Language: OS: English (0x409). Display: English (0x409). Non-Unicode: English (0x4009)
Elevated: No
Ran by: HP-PC (group: Limited User) on HP

Chrome: 57.0.2987.98
Firefox: 1.9.1.3642
Internet Explorer: 11.0.9600.18123

Boot mode: Normal

Running processes:
Number | Path
1 ?:?\BbDevMgr.exe
1 ?:?\EdgeModem-DrvSrv.exe
1 ?:?\GoogleUpdate.exe
1 ?:?\HPSA_Service.exe
1 ?:?\HPWMISVC.exe
1 ?:?\IAStorDataMgrSvc.exe
1 ?:?\IntelMeFWService.exe
1 ?:?\LMS.exe
1 ?:?\PresentationFontCache.exe
2 ?:?\RAVBg64.exe
1 ?:?\RtkAudioService64.exe
1 ?:?\SynTPEnhService.exe
1 ?:?\ZAM.exe
1 ?:?\armsvc.exe
1 ?:?\hpqwmiex.exe
1 ?:?\iSCTAgent.exe
1 ?:?\ksde.exe
1 ?:?\mDNSResponder.exe
1 ?:?\tunmgr.exe
1 ?:?\wmpnetwk.exe
17 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
1 C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
1 C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
1 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
1 C:\Program Files\7-Zip\7zFM.exe
1 C:\Program Files\Everything\Everything.exe
1 C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
1 C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
1 C:\Program Files\Intel\iCLS Client\HeciServer.exe
1 C:\Program Files\Micromax 200G USB Modem\EdgeModem-Run.exe
1 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
1 C:\Users\HP-PC\AppData\Local\RescueTime\RescueTime.exe
1 C:\Users\HP-PC\Desktop\HiJackThis.exe
1 C:\Windows\System32\igfxEM.exe
1 C:\Windows\System32\igfxHK.exe
1 C:\Windows\System32\igfxTray.exe
1 C:\Windows\system32\igfxCUIService.exe
1 (Microsoft) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
1 (Microsoft) C:\Windows\System32\SettingSyncHost.exe
2 (Microsoft) C:\Windows\System32\Wbem\WmiPrvSE.exe
1 (Microsoft) C:\Windows\System32\audiodg.exe
1 (Microsoft) C:\Windows\System32\notepad.exe
1 (Microsoft) C:\Windows\System32\taskhostex.exe
1 (Microsoft) C:\Windows\explorer.exe
1 (Microsoft) C:\Windows\splwow64.exe
1 (Microsoft) C:\Windows\system32\SearchFilterHost.exe
1 (Microsoft) C:\Windows\system32\SearchIndexer.exe
1 (Microsoft) C:\Windows\system32\SearchProtocolHost.exe
1 (Microsoft) C:\Windows\system32\conhost.exe
2 (Microsoft) C:\Windows\system32\csrss.exe
1 (Microsoft) C:\Windows\system32\dasHost.exe
1 (Microsoft) C:\Windows\system32\dwm.exe
1 (Microsoft) C:\Windows\system32\hpservice.exe
1 (Microsoft) C:\Windows\system32\lsass.exe
1 (Microsoft) C:\Windows\system32\services.exe
1 (Microsoft) C:\Windows\system32\smss.exe
1 (Microsoft) C:\Windows\system32\spoolsv.exe
14 (Microsoft) C:\Windows\system32\svchost.exe
1 (Microsoft) C:\Windows\system32\wininit.exe
1 (Microsoft) C:\Windows\system32\winlogon.exe
1 (Microsoft) C:\Windows\system32\wlanext.exe

O1 - Hosts.ICS: 192.168.173.197 android-a14cf9dccc46d418.mshome.net # 2016 12 5 23 11 10 59 574
O1 - Hosts.ICS: 192.168.173.1 HP.mshome.net # 2021 12 3 15 11 10 59 574
O4 - Global User Startup: ISCTSystray.lnk → C:\Program Files (x86)\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
O4 - HKCU..\Run: [RIMDeviceManager] C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" -RunServer
O4 - HKLM..\Run: [EdgeModem-AutoRun] C:\Program Files\Micromax 200G USB Modem\EdgeModem-Run.exe -start
O4 - HKLM..\Run: [Everything] “C:\Program Files\Everything\Everything.exe” -startup
O4 - HKLM..\Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
O4 - HKLM..\Run: [OPBHOBrokerDesktop] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
O4 - HKLM..\Run: [OPBHOBroker] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
O4 - HKLM..\Run: [RTHDVCPL] “C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe” -s
O4 - HKLM..\Run: [SimplePass] C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe /hideui
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM..\Run: [ZAM] “C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe” /minimized
O4 - HKLM..\RunOnce: [EmptyTemp] cmd /c rd /q/s C:\FRST\Temp
O4 - User Startup: OneNote 2007 Screen Clipper and Launcher.lnk → C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - User Startup: RescueTime.lnk → C:\Users\HP-PC\AppData\Local\RescueTime\RescueTime.exe
O4-32 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
O4-32 - HKLM..\Run: [GrooveMonitor] “C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe”
O4-32 - HKLM..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
O4-32 - HKLM..\Run: [RIM PeerManager] “C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe”
O4-32 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4-32 - HKLM..\RunOnce: [DeleteOnReboot] C:\Users\183-k\AppData\Local\Temp\DeleteOnReboot.bat (file missing)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?cl ipAction=4
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?cl ipAction=0
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?cl ipAction=3
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?cl ipAction=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
O9 - Extra ‘Tools’ menuitem: Add to Evernote 5 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html (HKLM)
O9 - Extra ‘Tools’ menuitem: HP Network Check - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromI E.exe (HKLM)
O9 - Extra button: Add to Evernote 5 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html (HKLM)
O9 - Extra button: Launches HP Network Check that helps you solve connection issues - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromI E.exe (HKLM)
O9-32 - Extra ‘Tools’ menuitem: Add to Evernote 5 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html (HKLM)
O9-32 - Extra ‘Tools’ menuitem: HP Network Check - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromI E.exe (HKLM)
O9-32 - Extra ‘Tools’ menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (HKLM)
O9-32 - Extra button: Add to Evernote 5 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html (HKLM)
O9-32 - Extra button: Launches HP Network Check that helps you solve connection issues - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromI E.exe (HKLM)
O9-32 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (HKLM)
O9-32 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (HKLM)
O10 - Broken Internet access because of LSP chain gap (#1 in chain of 7 missing)
O15 - ESC Trusted Zone: http://.connectify.me (HKLM)
O15 - ESC Trusted Zone: http://.connectify.me (HKLM)(32)
O15 - ESC Trusted Zone: http://.fastspring.com (HKLM)
O15 - ESC Trusted Zone: http://*.fastspring.com (HKLM)(32)
O17 - DHCP DNS - 1: 192.168.43.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - (no file)
O22 - ScheduledTask: (Disabled) Optimize Start Menu Cache Files-S-1-5-21-1605944295-1278072363-3366277582-1001 - {root} - {2D3F8A1B-6DCD-4ED5-BDBA-A096594B98EF},$(Arg0)
O22 - ScheduledTask: (Ready) HPGenoobeReminder - {root} - “C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe” CLEAR
O22 - ScheduledTask: (Ready) Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} - {root} - C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe /waitUpgrade
O22 - ScheduledTask: (Ready) SqmUpload_S-1-5-21-1605944295-1278072363-3366277582-1001 - \WPD - C:\Windows\system32\rundll32.exe portabledeviceapi.dll,#1
O22 - ScheduledTask: (Ready) Uploader - \Microsoft\Windows\Customer Experience Improvement Program - C:\Windows\system32\WSqmCons.exe -u
O23 - Service R2: HP SimplePass Service - (omniserv) - Softex Inc. - C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: BlackBerry Link Communication Manager - (RIM Tunnel Service) - BlackBerry Limited - C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
O23 - Service R2: EdgeModem Driver Service - (EdgeModem-DrvSrv) - Shanghai DS-Mobile Technology Co., Ltd. - C:\Program Files\Micromax 200G USB Modem\EdgeModem-DrvSrv.exe
O23 - Service R2: Everything - (Everything) - Unknown owner - C:\Program Files\Everything\Everything.exe
O23 - Service R2: HP Support Assistant Service - (HP Support Assistant Service) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service R2: HPWMISVC - (HPWMISVC) - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
O23 - Service R2: Intel(R) Capability Licensing Service Interface - (Intel(R) Capability Licensing Service Interface) - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service R2: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService1.0.0.0) - Intel Corporation - C:\Windows\system32\igfxCUIService.exe
O23 - Service R2: Intel(R) ME Service - (Intel(R) ME Service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service R2: Intel(R) Management and Security Application Local Management Service - (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service R2: Intel(R) Rapid Storage Technology - (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service R2: Intel(R) Smart Connect Technology Agent - (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
O23 - Service R2: Kaspersky Secure Connection Service 1.0.0 - (KSDE1.0.0) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
O23 - Service R2: RIM MDNS - (RIM MDNS) - Apple Inc. - C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
O23 - Service R2: Realtek Audio Service - (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service R2: SynTPEnh Caller Service - (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service R2: ZAM Controller Service - (ZAMSvc) - Copyright 2017. - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
O23 - Service R3: BlackBerry Device Manager - (BlackBerry Device Manager) - BlackBerry Limited - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
O23 - Service R3: HP Software Framework Service - (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service S2: Google Update Service (gupdate) - (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service S2: Kaspersky Anti-Virus Service 17.0.0 - (AVP17.0.0) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe
O23 - Service S2: Malwarebytes Service - (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service S3: Google Software Updater - (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service S3: Google Update Service (gupdatem) - (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service S3: Intel(R) Capability Licensing Service TCP IP Interface - (Intel(R) Capability Licensing Service TCP IP Interface) - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service S3: ShareItSvc - (ShareItSvc) - SHAREit Technologies Co.Ltd - C:\Program Files (x86)\SHAREit\SHAREit\Shareit.Service.exe
O23 - Service S3: klvssbrigde64 - (klvssbrigde64) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe

–
End of file - Time spent: 20 sec. - 29172 bytes, CRC32: FFFFFFFF. Sign: 胷矄

What items should I delete?

Step 1: Reset Host File

[ul]
[li]Click here to download RstHosts v2.0[/li][li]Save the file to your desktop.[/li][li]Right Click and Run as Administrator.[/li][li]Click on Restaurer, then click OK at the prompt.[/li][li]This will restore the default host file.[/li][li]Next Click on Creer Un Rapport.[/li][li]This will open a logfile, post that in your next reply.[/li][/ul]



Step 2: Hijack This Fix.

Start HijackThis , Right Click Run as Admin.
Close all other open programs prior to running this tool!!
Click System Scan Only.
Then check mark the items listed below.

O4 - HKCU..\Run: [RIMDeviceManager] C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" -RunServer
O4 - HKLM..\Run: [Everything] “C:\Program Files\Everything\Everything.exe” -startup
O4 - HKLM..\Run: [OPBHOBrokerDesktop] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
O4 - HKLM..\Run: [OPBHOBroker] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
O4 - HKLM..\Run: [SimplePass] C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe /hideui
O4 - HKLM..\Run: [ZAM] “C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe” /minimized
O4 - HKLM..\RunOnce: [*EmptyTemp] cmd /c rd /q/s C:\FRST\Temp
O4 - User Startup: OneNote 2007 Screen Clipper and Launcher.lnk → C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - User Startup: RescueTime.lnk → C:\Users\HP-PC\AppData\Local\RescueTime\RescueTime.exe
O4-32 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
O4-32 - HKLM..\Run: [GrooveMonitor] “C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe”
O4-32 - HKLM..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
O4-32 - HKLM..\Run: [RIM PeerManager] “C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe”
O4-32 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4-32 - HKLM..\RunOnce: [DeleteOnReboot] C:\Users\183-k\AppData\Local\Temp\DeleteOnReboot.bat (file missing)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - (no file)
O22 - ScheduledTask: (Ready) Uploader - \Microsoft\Windows\Customer Experience Improvement Program - C:\Windows\system32\WSqmCons.exe -u

Now click on fix checked.
After the fix is complete, then reboot your machine.

Glad to have helped!! Please tell a friend … or two about us. https://forum.windowsinstructed.com/...cons/smile.png

Optimize your internet connection.

Click here for instructions.

suggest the following in place of adblock.
Alternate DNS Server. Ad Blocking DNS.
Ublock Origin.
Anti Ad Block Killer.

Also, keep your browsing private with these tools:

Self Destructing Cookies.
Self Destructing Cookies Chrome.

Some items to keep you safe on the internet.

VooDoo Shield. control of what is running on your machine
Qualys BrowserCheck To update plugins.
Web Of Trust To Avoid Shady Websites.
Unchecky To Avoid Bundled Software.
Privazer To Clean up your mahcine.

Now Lets Clean up the tools we used and remove old restore points.

Downloads - DelFix - Download Now - ToolsLib’]

Download DelFix by “Xplode” to your Desktop.[/URL]
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:

Remove disinfection tools
Create registry backup
Purge System Restore

Now click on “Run” button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt

-|x| RstHosts v2.0 - Rapport créé le 21/03/2017 à 12:18:57
-|x| Système d’exploitation : Windows 8.1 Single Language (64 bits)
-|x| Nom d’utilisateur : 183-k - HP (Administrateur)

-|x|- Informations -|x|-

Emplacement : C:\Windows\System32\drivers\etc\hosts
Attribut(s) : RASH
Propriétaire : Administrators - BUILTIN
Taille : 89 bytes
Date de création : 22/08/2013 - 18:55:43
Date de modification : 21/03/2017 - 12:18:47
Date de dernier accès : 21/03/2017 - 12:18:47

-|x|- Contenu du fichier -|x|-
[HEADING=1]Fichier Hosts créé par RstHosts[/HEADING]
127.0.0.1 localhost
::1 localhost

-|x|- E.O.F - \RstHosts.txt - 609 bytes -|x|-

Thank you very much for your help! You are a life saver, I was going to reinstall windows, but with your help, I don’t have to take such an extreme measure. Thank you! I had just one question, how do I ensure that I can do banking safely on my laptop. Are there any softwares that you would recommend? I have Kapersky safe banking, but I am not sure whether it is the best…

Kaspersky should be fine but to be extra safe use the following software.

Noscript.
Adguard