Ransomware his killed my updates

---

Adware Removal Tool 5.1
Time: 2017_04_04_13_08_59
OS: Windows 8.1 - x64 Bit
Account Name: John
Adware Definition: 03272017
Elapsed time: 24:33
Repair Status:- Automatic Done
\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\

[-] Deleted ->> Folder ->> C:\Users\John\Appdata\Roaming\ZHP\Quarantine\Pokki

SecurityCheck by glax24 & Severnyj v.1.4.0.47 [25.03.17]
WebSite: www.safezone.cc
DateLog: 04.04.2017 14:30:42
Path starting: C:\Users\John\AppData\Local\Temp\SecurityCheck\Sec urityCheck.exe
Log directory: C:\SecurityCheck
IsAdmin: True
User: John
VersionXML: 4.06is-02.04.2017

---

Windows 8.1(6.3.9600) (x64) Core Lang: English(0809)
Installation date OS: 13.02.2015 10:02:17
LicenseStatus: Windows(R), Core edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
SystemDrive: C: FS: [NTFS] Capacity: [917.7 Gb] Used: [149.7 Gb] Free: [768 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.0.9600.18538 Warning! Download Update
Online installation. Last version available when Windows update is enabled throught the Internet.
User Account Control enabled
Automatically download and schedule installation
Date install updates: 2017-02-23 13:14:05
Windows Update (wuauserv) - The service has stopped
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Avira Antivirus (enabled and up to date)
Windows Defender (disabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Avira Antivirus (enabled and up to date)
Windows Defender (disabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Avira Antivirus v.15.0.25.172
-------------------------- [ SecurityUtilities ] --------------------------
Eraser 6.2.0.2979 v.6.2.2979
Zemana AntiMalware v.2.72.0.345
--------------------------- [ OtherUtilities ] ----------------------------
7-Zip 9.20 (x64 edition) v.9.20.00.0 Warning! Download Update
Uninstall old version and install new one.
VLC media player v.2.2.4
OpenOffice 4.1.1 v.4.11.9775 Warning! Download Update
--------------------------------- [ P2P ] ---------------------------------
µTorrent v.3.4.9.43295 Warning! P2P-client.
qBittorrent 3.3.11 v.3.3.11 Warning! P2P-client.
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 31 v.8.0.310 Warning! Download Update
Uninstall old version and install new one (jre-8u121-windows-i586.exe).
--------------------------- [ AppleProduction ] ---------------------------
Bonjour v.3.0.0.10 Warning! Download Update
^Please use Apple Software Update tool.[1]
Bonjour Service (Bonjour Service) - The service is running
--------------------------- [ AdobeProduction ] ---------------------------
Adobe AIR v.3.8.0.870 Warning! Download Update
Adobe Flash Player 25 NPAPI v.25.0.0.127
Adobe Flash Player 25 PPAPI v.25.0.0.127
Adobe Acrobat Reader DC v.15.023.20070
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox 52.0.2 (x86 en-US) v.52.0.2
Opera Stable 44.0.2510.857 v.44.0.2510.857
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Mozilla Firefox\firefox.exe v.52.0.2.6291
------------------ [ AntivirusFirewallProcessServices ] -------------------
Avira Scheduler (AntiVirSchedulerService) - The service is running
C:\Program Files (x86)\Avira\Antivirus\sched.exe v.15.0.25.170
Avira Real-Time Protection (AntiVirService) - The service is running
C:\Program Files (x86)\Avira\Antivirus\avguard.exe v.15.0.25.170
Avira Mail Protection (AntiVirMailService) - The service has stopped
Avira Web Protection (AntiVirWebService) - The service has stopped
Avira Service Host (Avira.ServiceHost) - The service is running
C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe v.1.2.81.6390
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe v.1.2.81.6390
C:\Program Files (x86)\Avira\Antivirus\avshadow.exe v.15.0.25.172
Windows Defender Service (WinDefend) - The service has stopped
Windows Defender Network Inspection Service (WdNisSvc) - The service has stopped
ZAM Controller Service (ZAMSvc) - The service is running
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe v.2.72.0.345
---------------------------- [ UnwantedApps ] -----------------------------
Skype Click to Call v.8.5.0.9167 Warning! Browser’s toolbar. It can slow down the working of your browser and have violation privacy problems.
----------------------------- [ End of Log ] ------------------------------

---

1. /b ↩︎

Just finished and rebooted, thank you for your help, but its worse now. The original problem is still there, I cant update windows and there are no options available to me to change settings. In PC Settings-update and recovery-windows update, I cant click any options. In Control Panel-check for updates,when I try to update I get this message… “Windows update cant check for updates as the service is not running”.
Also, while running one of the tools above, I lost most the apps/icons when I open the task bar window, and, the “start menu” and "file explorer icons are blank and give the error message…“it might have been moved renamed or deleted”.

Zemana, open zemana and go to the quarantine tab and select restore for all items except these..

File - %homedrive%\adwcleaner\quarantine\files\tyyvxjoycg iulmpzvfkiuxtrqppgnpne\dmr_72.exe
File - %homedrive%$recycle.bin\s-1-5-21-2883912777-938897299-4248600124-1001$rtjj555.exe

[ATTACH]1930[/ATTACH]


Windows Repair.

Install (use the direct download) the Tweaking.com - Windows all in one repair tool. Then boot Windows into Safe Mode, (Make Certain To Run This Program As Administrator) then run through the Prescan on step 2 tab. Then skip to step 5 and create a system restore point. Then go to the repair tab…

Notice create a registry backup is ticked by default, so no need to do so in step 5… https://pchelpforum.net/attachments/...7-26-png.1290/

Now run the program, with the boxes ticked in the picture below.

Click Image Below For Better Resolution.



May want to save picture or write down what boxes need ticked, since you will run this in Safe Mode.

Important: Make certain to reboot twice after running this tool!!


You can simply delete the old shortcuts and create new ones.

Hi and thank you for all your help, I really appreciate it. Today I followed your instructions and rebooted twice, all seems fine and my apps and “windows update” options have returned, but windows update was running constantly searching for updates and using 30% CPU, I have disabled it in control panel. Now when I checked it says it is up to date ! so I think it is fixed

Glad to have helped!! Please tell a friend … or two about us. https://forum.windowsinstructed.com/...cons/smile.png

Optimize your internet connection.

Click here for instructions.

suggest the following in place of adblock.
Alternate DNS Server. Ad Blocking DNS.
Ublock Origin.
Anti Ad Block Killer.

Also, keep your browsing private with these tools:

Self Destructing Cookies.
Self Destructing Cookies Chrome.

Some items to keep you safe on the internet.

VooDoo Shield. control of what is running on your machine
Qualys BrowserCheck To update plugins.
Web Of Trust To Avoid Shady Websites.
Unchecky To Avoid Bundled Software.
Privazer To Clean up your mahcine.

Now Lets Clean up the tools we used and remove old restore points.

Downloads - DelFix - Download Now - ToolsLib’]

Download DelFix by “Xplode” to your Desktop.[/URL]
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:

Remove disinfection tools
Create registry backup
Purge System Restore

Now click on “Run” button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt