LiquidTension

Hello, I'm not sure why Panda isn't recognising your external HDD. I assume the drive is formatted in NTFS? What's the OS of your second PC?

Hello Eric, Do you know what happened to your log files in previous posts? Please do the following. Re-run FRST, ensuring you place a checkmark next to Addition.txt. Attach FRST.txt and Addition.txtAttach the last three MBAM Protection logs in your next reply.Locate the following file: C:\Windows\Minidump\092414-6796-01.dmp Right-click + Send to > Compressed (zipped) folder.Locate the following three files, and drag into the ZIP file.C:\Windows\Minidump\092414-6750-01.dmpC:\Windows\Minidump\092414-7000-01.dmpC:\Windows\Minidump\092414-6890-01.dmp​Attach the ZIP file in your next reply. Run the programme below. MiniToolBox Please download MiniToolBox and save the file to your Desktop.Close any open windows.Right-Click MiniToolBox.exe and select Run as administrator to run the programme.Check the following items:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList DevicesList Users, Partitions and Memory size.List Minidump FilesClick .A log (Result.txt) will be created on your Desktop. Copy the contents of the log and paste in your next reply.

Following instructions given to other users is extremely dangerous. Most helpers provide a warning similar to that of below when they post an FRST Script: NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System. Did you not see this? Yes, I can help you with this. However, if all you've done is copy others your computer is most likely infected still. If you would like to be certain, please let me know. I can provide preventive tips/articles for you at the end. If not, I can provide the articles now. Please let me know.

Hello Tom, Ultimately, it's up to you. Panda USB Vaccine will prevent your USB drive from transferring autorun infections to your clean PC (or your freshly reformatted PC). Go through every subfolder of C:\Users\Kulle. If you have other user accounts, now would be the time to login and check for personal files. Other than that, you shouldn't have personal files saved anywhere else. Yes, image, video and music files are OK as long as you can account for the files (whether it be files you've created or downloaded from a known source). Apologies, that step isn't clear. Downloading your Network Adapters and Anti-Virus setup file should be done on a clean PC. Should anything go wrong with the reformat/restore and you find yourself without Internet access, you may appreciate having the adapters readily available at hand. By downloading your Anti-Virus setup file, you can ensure you need not connect to the Internet until after your Anti-Virus is installed (or during the avast! installation process, as you must be connected with this Anti-Virus). Of course, with Windows 8 this isn't as much an issue (see below). If you don't want to download your Anti-Virus setup file in advance, by all means turn on Windows Defender which is of course a fully fledged Anti-Virus. As with STEP 7, you must ensure Windows Firewall is enabled after the reformat/restore. If you have the Premium version then by all means install MBAM earlier. Yes, some websites and games require Java. But as the quotation demonstrates, that would put you in a minority. Most Internet-users do not need Java. A website may tell you Java is required for the site to function correctly. This is normal, but if you do decide to download and install Java, I would only do so from the official site. Any pop-ups asking you to install Java should automatically be treated as malicious. This may not be the actual case, but it's a good habit to get into, and may help minimize the risk of infection. I would hold back installing Java. Once all is sorted, and normal use of the computer can be resumed, you will quickly realise if you do or do not need Java.

OK. It's getting late here, so I shall return with instructions for you tomorrow. Thank you for your continued patience thus far. Sometimes the malware is well hidden, requiring numerous rounds of troubleshooting. But rest assured, we will get down to the bottom of this.

Thanks Eric. To confirm, the only issues you are currently experiencing are outbound IP blocks by MBAM. Is this correct?

Below I have compiled a list of recommend software and resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet. STEP 11 Recommended Software The following programmes come highly recommended in the security community. AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads. Emsisoft Antimalware (free) acts as an additional on-demand scanner, and can be used in conjunction with your Anti-Virus. Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software. Malwarebytes Anti-Malware Premium (MBAM) incorporates real-time protection and is designed to run alongside your Anti-Virus. NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology. Sandboxie isolates programmes of your choice, preventing files from writing to your HDD unless you approve the file. Secuina PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you. SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies. Unchecky automatically removes checkmarks for additional software in programme installers, helping you avoid adware and PUPs. Web of Trust (WOT) is a browser add-on designed to alert the user before interacting with a potentially malicious website. Setup on my Windows 8 machine: ESET Smart SecurityMalwarebytes Anti-Malware PremiumEmsisoft AntimalwareSandboxieSpywareBlasterSecunia PSICCleanerWOT, Adblock & NoScript

The following steps explain how you can reformat/restore, setup your machine once done, and safely move your backed up data across. STEP 6 Reformatting/Restoring There are several options available. Restore to factory default using your Dell DBRM (Windows 8).Reformat using Windows built-in tools.Reformat using Darik's Boot and Nuke (DBAN).The advantage of using your Recovery partition is that you do not need to reinstall Windows afterwards. The Recovery partition will restore the computer to the state it was before the very first time you switched it on. This is the option I recommend you take. Before proceeding, double-check you have backed up all the files you need. Now follow these instructions on using your Dell DBRM to restore to factory default. Take heed of the warnings provided to you, and take your time as you progress through the various stages. Do not click or agree to anything without first ensuring you've fully read what you're agreeing to. STEP 7 Computer Setup Before restoring your backed up data, it's important you do the following in the order specified. Confirm Windows Firewall is enabled Press the Windows Key + r on your keyboard at the same time. Type firewall.cpl and click OK.Confirm Windows Firewall is enabled.If not, enable the Firewall.Install an Anti-Virus Hold the shift key and insert your USB drive. Move the AV installation file to your Desktop. Remove your USB drive.Open the installation file, and follow the prompts to install the Anti-Virus.Once installed, connect to Internet and immediately download the latest updates for the Anti-Virus.Run a scan if you wish to.Note: Avast! requires an active Internet connection during the installation. You must connect to the Internet before starting the installation if you chose avast!.Install Windows Updates Press the Windows Key + r on your keyboard at the same time. Type wuapp.exe and click OK.Click Check for updates.Install all recommended updates (you may wish to uncheck any optional updates).Do not use the computer whilst updates are installing.Confirm there are no Issues with... Audio/SoundBatteryDisplayCD/DVD driveKeyboardMouseWireless NetworkIf you find issues with any of the above, do the following. Press the Windows Key + r on your keyboard at the same time. Type devmgmt.msc and click OK.Locate the relevant category, and click the corresponding drop-down arrow.Right-click the relevant driver, and click Uninstall.Follow any prompts.Reboot your computer.Windows should notify you that it has found and installed the driver after the reboot.Confirm if the issue is resolved. STEP 8 Panda USB Vaccine Install Panda USB Vaccine as instructed in STEP 1. Skip the instructions that proceed Computer vaccinated.I recommend keeping the programme installed for future use. STEP 9 Restoring Backed Up Data Hold the shift key and insert your USB drive.Open your Anti-Virus. Run a scan, ensuring you select the option to scan removal media or the drive letter associated with your USB drive.Confirm no threats found.Open Windows Explorer, and navigate to your USB drive. Copy the backed up files to your Desktop, or the location of your choice.Remove your USB drive. STEP 10 Install Previously Installed Software Here are links to some of your previously installed software. I do not recommend installing Java for the reasons below. Adobe Flash Player (uncheck the Optional Offer) Adobe Reader (Uncheck the Optional Offer) GIMP Google Chrome iTunes Malwarebytes Anti-Malware Mozilla Firefox Using Java is an unnecessary security risk; especially using older versions which have vulnerabilities that malicious sites can use to exploit and infect your system. Kaspersky Lab report: Evaluating the threat level of software vulnerabilitiesMicrosoft: Unprecedented Wave of Java ExploitationGhosts of Java Haunt UsersMicrosoft: Unprecedented Wave of Java ExploitationDrive-by Trojan preying on out-of-date Java installationsGhosts of Java Haunt UsersHole in Patch Process You don't need JavaW3Techs usage statistics and market share data of Java on the webJava: Should you remove it?

Hi Tom, Here are the steps (11, not 12) I provide to those seeking assistance with reformatting/restoring their computer to factory default. STEP 1 Panda USB Vaccine Please download Panda USB Vaccine and save the file to your desktop.Double-click USBVaccineSetup.exe to install the programme.Read and accept the license agreement, then click Next.Upon completion of the setup, ensure Launch Panda USB Vaccine is checked and click Finish.Click the Vaccinate Computer button. It should now show a green checkmark and confirm Computer vaccinated.Hold down the Shift key on your keyboard and insert your USB drive.Follow these instructions on how to format your USB drive (this will remove all files on the device).Return to Panda USB Vaccine. When the name of the drive appears in the Panda USB Vaccine dialog box, click the Vaccinate USB drive(s)button.Exit the programme when done.-- Computer Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not. USB Vaccination disables the autorun file so it cannot be read, modified or replaced and creates an AUTORUN_.INF as protection against malicious code. The Panda Resarch Blog advises that once USB drives have been vaccinated, they cannot be reversed except with a format. If you do this, be sure to back up your data files first or they will be lost during the formatting process. STEP 2 Folder Options Press the Windows Key + r on your keyboard at the same time. Type Control Folders and click OK.Click View. Under Hidden files and folders:Place a checkmark next to Show hidden files, folders and drives.Remove the checkmark next to Hide extensions for known file types.Click Apply followed by OK. STEP 3 Backup Data The safest practice is not to backup any executable files (.exe), screensavers (.scr), dynamic link library (.dll), autorun (.ini) or script files (.php,.asp, .htm, .html, .xml) files because they may be infected by malware. You should also avoid backing up compressed files (.zip, .cab, .rar) that have executables inside as some types of malware can penetrate compressed files and infect the .exe files within them. Other types of malware may disguise itself by hiding a file extension or by adding double file extensions (hence why STEP 2 is important) and/or space(s) in the file's name to hide the real extension, so be sure you look closely at the full file name. Backing up documents, image, music and video is fine.Specially crafted Word/Excel/PDF can be used for malicious intent, so I recommend only backing up such documents that you or other users created (as opposed to downloaded).To repeat, do not backup up files with the following extensions:.exe, .scr, .bat, .com, .cmd, .msi, .pif, .ini, .htm, .html, .hta, .php, .asp, .xml, .zip, .rar, .cabOnce you have decided which files you wish to backup, copy the files over to the USB drive. STEP 4 Download Installation Files I recommend downloading your Network Adapter drivers before reformatting. This is a precaution in case you experience issues with Internet connectivity after reformatting. Press the Windows Key + r on your keyboard at the same time. Type devmgmt.msc and click OK.Locate Network Adapters and click the corresponding drop-down arrow.Make a note of your Network Adapters.Using this Dell page, enter your relevant product details and locate the Network Adapters you noted down. Save the files to your USB drive. Download the Anti-Virus installation file of your choice. You need only download the installation file; do not click or open the file. Once downloaded, save the file to your USB drive. You must only install one Anti-Virus after reformatting. avast! Free Anti-Virus (free) Microsoft Security Essentials (free) ESET NOD32 Anti-Virus (paid) Kaspersky Anti-Virus (paid) Emsisoft Internet Security (paid)Each paid-for Anti-Virus comes with a free trial if you wish to try the software before purchasing. Alternatively, you may wish to use the trial, and revert to a free anti-virus afterwards. For a paid solution, my choice of anti-virus is ESET NOD32. For a free solution, my choice of anti-virus is avast!. However, please be aware thatthere is no universal solution that works for everyone, and there is no single best anti-virus. What works for me may not work for you and your machine. Once you have downloaded the drivers and the Anti-Virus installation file of your choice, right-click the USB drive in the system-tray, and follow the prompts to safely remove the device. Now remove your USB drive from the computer STEP 5 Paid-for/Premium/Licensed Software Do you have any paid-for software that was activated using a code or key? If so, ensure you have all relevant information noted down before reformatting. If you have a Malwarebytes Anti-Malware Premium license, but do not possess your details, follow the instructions below.

You are more than welcome. All the best, Adam.

Very good. Now for the good news. All Clean! Congratulations, your computer appears clean! I no longer see signs of malware on your computer, and feel satisfied that our work here is done. The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of resources and tools that you may find useful. My help will always be free. But if you are happy with the help provided, and would like to support my fight against malware and/or buy me a beer, please consider a donation. STEP 1 DelFix Please download DelFix and save the file to your Desktop.Double-click DelFix.exe to run the programme.Place a checkmark next to the following items:Activate UACRemove disinfection toolsCreate registry backupPurge system restoreReset system settingsClick the Run button.-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete). ====================================================== Below I have compiled a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet. Answers to common security questions - Best Practices by quietman7, MVPHow Malware Spreads - How did I get infected? by quietman7, MVPSimple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams, MVPHow to Prevent Malware by miekiemoes, MVPHow to backup and restore your data using Cobian Backup by YourHighnessSlow Computer/browser? It May Not Be Malware by quietman7, MVP The following programmes come highly recommended in the security community. AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads. Emsisoft Antimalware (free) acts as an additional on-demand scanner, and can be used in conjunction with your Anti-Virus. Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software. Malwarebytes Anti-Malware Premium (MBAM) incorporates real-time protection and is designed to run alongside your Anti-Virus. NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology. Sandboxie isolates programmes of your choice, preventing files from writing to your HDD unless you approve the file. Secuina PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you. SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies. Unchecky automatically removes checkmarks for additional software in programme installers, helping you avoid adware and PUPs. Web of Trust (WOT) is a browser add-on designed to alert the user before interacting with a potentially malicious website. -- Please feel free to ask if you have any questions or concerns on computer security or the programmes above. ====================================================== Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread. Thank you for using Malwarebytes. Safe Surfing. Adam (LiquidTension).

OK, that's good. How's your computer performing? Are there any outstanding issues?

OK! Lets run one final check for remnants. STEP 1 Farbar Recovery Scan Tool (FRST) Script Press the Windows Key + r on your keyboard at the same time. Type Notepad and click OK.Copy the entire contents of the codebox below and paste into the Notepad document. startTcpip\..\Interfaces\{22E7428A-D459-4ABD-AC59-50051B78086C}: [NameServer] 208.69.150.252,208.69.150.250Tcpip\..\Interfaces\{5930C68C-6818-4556-90A6-F28B141CBA7F}: [NameServer] 208.69.150.252,208.69.150.250Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 208.69.150.252,208.69.150.250Tcpip\..\Interfaces\{DC9548E0-34DC-4B41-BCC4-42F9A6ABB174}: [NameServer] 208.69.150.252,208.69.150.250EmptyTemp: endClick File, Save As and type fixlist.txt as the File Name.Important: The file must be saved in the same location as FRST64.exe. NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System. Right-Click FRST64.exe and select Run as administrator to run the programme.Click Fix.A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply. STEP 2 ESET Online Scan Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled. Please download ESET Online Scan and save the file to your Desktop.Temporarily disable your anti-virus software. For instructions, please refer to the following link.Double-click esetsmartinstaller_enu.exe to run the programme.Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.Agree to the Terms of Use once more and click Start. Allow components to download.Place a checkmark next to Enable detection of potentially unwanted applications.Click Hide advanced settings. Place a checkmark next to:Scan archivesScan for potentially unsafe applicationsEnable Anti-Stealth technologyEnsure Remove found threats is unchecked.Click Start.Wait for the scan to finish. Please be patient as this can take some time.Upon completion, click . If no threats were found, skip the next two bullet points.Click and save the file to your Desktop, naming it something unique such as MyEsetScan.Push the Back button.Place a checkmark next to and click .Re-enable your anti-virus software.Copy the contents of the log and paste in your next reply. ====================================================== STEP 3 Logs In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked. Fixlog.txtESET Online Scan log

OK, no problem. I will return with instructions later.

You don't recognise anything in this report? http://who.is/whois-ip/ip-address/208.69.150.250 We will look into AdFender later. For now, please post the contents of Fixlog.txt and confirm the above question.

Hello, That's the wrong log. Please locate Fixlog.txt and post the contents. Please look at the report I linked in my post and answer my question regarding the IP addresses.

Hello, No problem about the log. They look pretty good. Please look at the following report on the IP addresses below. Do you recognise anything? 208.69.150.252208.69.150.250 Farbar Recovery Scan Tool (FRST) Script (!) Navigate to C:\Users\Kelsey\Downloads. Cut FRST64.exe and paste onto your Desktop.Press the Windows Key + r on your keyboard at the same time. Type Notepad and click OK.Copy the entire contents of the codebox below and paste into the Notepad document. startFile: C:\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dllFile: C:\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dllC:\ProgramData\SetStretch.exeC:\ProgramData\SetStretch.VBSCMD: ipconfig /flushdnsCMD: netsh winsock reset allCMD: bitsadmin /reset /allusersEmptyTemp:endClick File, Save As and type fixlist.txt as the File Name.Important: The file must be saved in the same location as FRST64.exe. NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System. Right-Click FRST64.exe and select Run as administrator to run the programme.Click Fix.A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply. Please provide an update on your computer after carrying out the instructions above. Are there any outstanding issues?

Hello, FRST.txt has been cut off. Please post the whole log. No. Sqlite is used by AdwCleaner.

Yes, please ensure all items are checked and click Clean. Then proceed with JRT and FRST.

Hello, Those logs look good. Please work your way through the following. STEP 1 AdwCleaner Please download AdwCleaner and save the file to your Desktop.Right-Click AdwCleaner.exe and select Run as administrator to run the programme.Follow the prompts.Click Scan.Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.Ensure anything you know to be legitimate does not have a checkmark, and click Clean.Follow the prompts and allow your computer to reboot.After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt. STEP 2 Junkware Removal Tool (JRT) Please download Junkware Removal Tool and save the file to your Desktop.Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.Temporarily disable your anti-virus software. For instructions, please refer to the following link.Right-Click JRT.exe and select Run as administrator to run the programme.Follow the prompts and allow the scan to run uninterrupted.Upon completion, a log (JRT.txt) will open on your desktop.Re-enable your anti-virus software.Copy the contents of JRT.txt and paste in your next reply. STEP 3 Farbar Recovery Scan Tool (FRST) Scan Please download Farbar Recovery Scan Tool (x64) and save the file to your Desktop.Right-Click FRST64.exe and select Run as administrator to run the programme.Click Yes to the disclaimer.Ensure the Addition.txt box is checked.Click the Scan button and let the programme run.Upon completion, click OK, then OK on the Addition.txt pop up screen.Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. ====================================================== STEP 4 Logs In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked. AdwCleaner[s0].txtJRT.txtFRST.txtAddition.txt

Hello, There are preventative measures we can take to vaccinate your computer and USB drive from autorun infections. We also have the option of booting into a Linux environment. However, nothing can categorically prevent you, the end-user, from physically copying an infected file onto a USB drive, and then transferring the file back. Have you looked into the options listed in the article I linked? Whilst you may already be aware, I must emphasize once more than there is just as much chance your files will not be decrypted as there is they will if you go ahead and pay the ransom. ------------------------------------- I have a 12 step set of instructions on how you can backup your data, make appropriate preparations, restore/reformat your machine and transfer your data back that I can provide once we know where we stand regarding your encrypted files. Please let me know how you get on with the encrypted files, and we can go from there.

Hello novemberainx, welcome to Malwarebytes' Malware Removal forum! My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems. If you would allow me to call you by your first name I would prefer that. General P2P/Piracy Notice: ====================================================== Please read through the points below to ensure this process moves as quickly and efficiently as possible. Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.Please do not post logs using the CODE, QUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.Please backup important documents before proceeding with my instructions.If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions. ====================================================== We'll get to your AdwCleaner scan in my next post. In the meantime, please do the following: STEP 1 Malwarebytes Anti-Malware (MBAM) If you have not downloaded and installed the updated Malwarebytes Anti-Malware 2.0 please do so now.Open Malwarebytes Anti-Malware and click Update Now.Once updated, click the Settings tab and tick Scan for rootkits.Click the Scan tab, ensure Threat Scan is checked and click Scan Now.Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.Upon completion of the scan (or after the reboot), click the History tab.Click Application Logs and double-click the Scan Log.Click Copy to Clipboard and paste the log in your next reply. STEP 2 TDSSKiller Scan Please download TDSSKiller and save the file to your Desktop.Right-Click TDSSKiller.exe and select Run as administrator to run the programme.Click Change parameters. Place a checkmark next to Detect TDLFS file system.​Click Start Scan. Do not use the computer during the scan.If objects are found, change the action to skip.Click Continue and close the window.A log will be created and saved to the root directory (usually C:\). Copy the contents of the log and paste in your next reply. ====================================================== STEP 3 Logs In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked. MBAM logTDSSKiller log

Hello Tom, If you plan to reformat there is no need to spend the time cleaning the machine. A reformat will wipe all infections, allowing you to start from scratch. What are your thoughts on your encrypted files? Have you read through the two links on CryptoWall?

Hi Eric, How did you reset, reconfigure and reinstall your router?Are you experiencing issues with other devices connected to the same Network? I'd like to first get a look from outside Windows before we look into your router further. STEP 1 FRST & ListParts Recovery Environment Scan Note: You require access to a clean PC and USB drive. Note: Please print off these instructions, or ensure you have access to them using a different device. Insert the USB drive into the infected PC.Please download Farbar Recovery Scan Tool 64-Bit AND ListParts (x64) to your USB drive.Enter the Recovery Environment by choosing one of the options below. Option #1: Enter Recovery Environment (Windows 8) Consult the following instructions on how to enter the Recovery Environment Command Prompt in Windows 8. Option #2: Enter Recovery Environment (Windows Installation Disc) Insert your Windows installation disc.Restart your computer.Configure your infected PC to boot from CD/DVD. Instructions on how to do this can be found here.If prompted, press any key to start Windows from the installation disc.Click Repair your computer.Select English as the keyboard language settings, and then click Next.Select the Operating System you want to repair, and then click Next.Select your user account, and then click Next. Advanced Boot Options Menu Select Command Prompt.In the command window type notepad and press Enter on your keyboard.Notepad will open. Click File and select Open.Select Computer, write down your USB drive letter on a piece of paper and close notepad.In the command window type: x:\frst64.exeNote: Replace letter x with the drive letter of your USB drive you wrote down earlier.Press Enter on your keyboard. The tool will start to run.When the tool opens click Yes to the disclaimer.Click the Scan button.It will create a log (FRST.txt) on the USB drive. Go back to the command window and type x:\listparts64.exeNote: Replace letter x with the drive letter of your USB drive you wrote down earlier.Press Enter on your keyboard. The tool will start to run.Click List BCD.Click the Scan button.It will create a log (Result.txt) on the USB drive. Boot normally into Windows. Please copy the contents of both logs (FRST.txt and Result.txt) and paste in your next reply. ====================================================== STEP 2 Logs In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked. FRST.txtResult.txt

Hello hades1223, welcome to Malwarebytes' Malware Removal forum! My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems. If you would allow me to call you by your first name I would prefer that. General P2P/Piracy Notice: ====================================================== Please read through the points below to ensure this process moves as quickly and efficiently as possible. Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.Please do not post logs using the CODE, QUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.Please backup important documents before proceeding with my instructions.If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions. ====================================================== You are infected with Poweliks, a rootkit which also opens a backdoor on the compromised machine As such, I must unfortunately issue you the following warning. Please let me know how you wish to proceed.