Let's run some scans and see if we can get to the bottom of the sounds.
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
- Flush DNS
- Report IE Proxy Settings
- Reset IE Proxy Settings
- Report FF Proxy Settings
- Reset FF Proxy Settings
- List content of Hosts
- List IP configuration
- List Winsock Entries
- List last 10 Event Viewer log
- List Installed Programs
- List Devices
- List Users, Partitions and Memory size.
- List Minidump Files
- List Restore Points
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Please download AdwCleaner by Xplode and save to your Desktop.
- Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
- Click on the Scan button.
- AdwCleaner will begin to scan your computer.
- This time click on the Clean button.
- Press OK when asked to close all programs and follow the onscreen prompts.
- Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
- After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
- Copy and paste the contents of that logfile in your next reply.
- A copy of that log file will also be saved in the C:\AdwCleaner folder.
Please download Junkware Removal Tool to your desktop.
- Shut down your protection software now to avoid potential conflicts.
- Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
- The tool will open start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message.
- Please download TDSSKiller from here and save it to your Desktop
- Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters
- Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system
- If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now
- Click Start Scan and allow the scan process to run
- If threats are detected select Skip or Cure (if available) for all of them unless otherwise instructed.
***Do NOT select Delete!
- Click Continue
- Click Reboot computer
- Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and paste it into your next reply
Please download Malwarebytes Anti-Malware and save it to your desktop.
- Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
- Double-click on the renamed file to install, then follow these instructions
- for doing a Quick Scan in normal mode.
- Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
- If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
- After completing the scan, a log report will open in Notepad.
- The log is automatically saved and can be viewed by clicking the Logs tab .
- Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
- Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
~If I am helping you and you have not had a reply from me in two days, please send me a PM~
ID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here
~Twitter~ | ~Malware Analyst at Emsisoft~