It would help if you would provide the following information:

• Which ransomware it was you tried to remove. In other words.. the name.
• Your operating system
• A copy of your most recent MBAM log. (After running Rkill)

Since System Restore wasn't designed as a "malware" removal tool, let's make sure the "offending process" is no longer running. I'm omitting how to run the tools under certain sets of circumstances, due to the fact you haven't reported any. If you encounter a problem running Rkill, let us know.

After downloading the 3 updated Rkill links, reboot into Safe Mode with Networking and run Rkill as indicated below.

You only need to launch one of the file versions, in order for Rkill to work. (Right-click and "Run as Administrator" if using Vista or Win7) If you have no success running Rkill.exe, try the next. When Rkill runs you will see a command prompt window similar to this. When one DOES work (immediately) run a scan with Malwarebytes' Anti-Malware. Do NOT reboot after running Rkill.


Rkill's purpose is to terminate offending / malicious processes. You will find further instructions and download links at the RKill Download Center. Also see, "RKill - What it does and What it Doesn't - A brief introduction to the program "

See if either of these two scanners have anything additional to report:

ESET's Online Scanner - Their FAQ and Help sections should answer any questions you might have. (Temporarily disable your A/V prior to running the scan)

Kaspersky's TDSSKiller - Instructions are listed below. (Additional instructions can be found here)

You may also find Process Explorer to be of help.

Best of luck..