Win 7 unable to use or create restore point after fbi virus

Follow the instructions here, then see if you can set a clean restore point Remove the FBI MoneyPak Ransomware or the Reveton Trojan

Farbar Service Scanner

Click here Farbar Service Scanner to DOWNLOAD

Place file into your desktop

Place a check mark next to the following options

• ⬜ Internet Services
• ⬜ Windows Firewall
• ⬜ System Restore
• ⬜ Security Center
• ⬜ Windows Update
• ⬜ Windows Defender

Press the Scan button

Farbar Service Scanner will create a log, called FSS.txt, on the Desktop. Upload the FSS.txt with your reply

Run this tool as well

Farbar Recovery Scan Tool


32-bit Version OS Farbar Recovery Scan Tool <==== Download Link

Drag the FRST.exe from the Downloads folder to your Desktop

Right click on FRST.exe and choose

When the tool opens click Yes on the disclaimer window .

Press Scan button.


Please upload both logs in your reply.(FRST.txt and Addition.txt)

FRST.txt and Addition.txt will be on the Desktop

Upload a File
Click on the Go Advanced button under the Message box . Scroll down to Additional Options then click on Manage Attachments in the Attach Files sections . Click the Browse button locate the file then click on the Open button . In the Upload File from your Computer section click on the Upload button . Wait until it finishes uploading then close the window . Then click Submit Reply .

Upload the FSS.txt file

Don't Run


Open Notepad . Inside Notepad paste the highlighted text


start
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
HKLM\...\Run: [] - [x]
HKLM\...\Run: [TaskTray] - [x]
HKCU\...\Run: [AdobeBridge] - [x]
URLSearchHook: (No Name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - No File
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
C:\ProgramData\20tb6z.dat
C:\ProgramData\dziw0q.pad
C:\ProgramData\as98213.txt
C:\ZD267718
C:\ProgramData\20tb6z.dat
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
end


Inside Notepad

click on File > Save As
File Name : Fixlist.txt
Save as type: All Files
Location: Destkop

Open up FRST.exe again . Click on the [Fix] button . Once its complete it will create a new log called Fixlog.txt upload that log.

AdwCleaner

Click here AdwCleaner

Click on Download Now button

Save to the Desktop

Right-click on AdwCleaner.exe and choose

Click on Delete and confirm the prompt.



Your computer will be rebooted automatically. A text file will open after the restart.

Upload the log : The log file is at C:\AdwCleaner[Sn].txt


Also run

TDSSKILLER

download link TDSSKiller

Save the file to the Desktop

Right-click the program and select:



When the TDSSKiller console opens, click on: Change Parameters
Under Additional Options, place a check in the box next to: Detect TDLFS File System
Click: OK


Press: Start Scan


If a suspicious object is detected, the default action is Skip, leave it as is, and click on: Continue
If malicious objects are found, they show in the Scan results.
Ensure Cure (the default) is selected, then click: Continue > Reboot now, to finish the cleaning process.
(Note: If Cure is not available, select Skip, >>Do not select: Delete<<)


When done, the tool outputs its log to the disk with the Windows Operating System, normally C:\


Logs have a name like:
C:\TDSSKiller.X.X.X_12.04.2013_15.31.43_log.txt


Please post the TDSSKiller log in your reply.