Kevin Zoll

Emsisoft Employee
  • Content Count

    18782
  • Joined

  • Last visited

  • Days Won

    177

Everything posted by Kevin Zoll

  1. Close all programs and disconnect any USB or external drives before running the tool. Double-click RogueKiller.exe to run the tool again. Once the Prescan has finished, click Scan. Once the Status box shows "Scan Finished". Select the following items: [PUP.Auslogics (Potentiellement Malicieux)] HKEY_LOCAL_MACHINE\Software\Auslogics -- -> Supprimé(e) [PUP.AutoIt.Gen (Potentiellement Malicieux)] Converber.exe -- %SystemDrive%\LiberKey\Apps\Converber\App\Converber\Converber.exe -> Supprimé(e) [PUP.Auslogics (Potentiellement Malicieux)] Auslogics Anti-Malware.lnk -- G:\Auslogics Anti-Malware.lnk (lnk => C:\Program Files (x86)\Auslogics\Anti-Malware\AntiMalware.exe []) -> Supprimé(e) [PUP.Auslogics (Potentiellement Malicieux)] Auslogics Duplicate File Finder.lnk -- G:\Auslogics Duplicate File Finder.lnk (lnk => C:\Program Files (x86)\Auslogics\Duplicate File Finder\Integrator.exe []) -> Supprimé(e) [Rogue.Segurazo (Malicieux)] SegurazoUninstaller.exe [Digital Communications Inc.] -- I:\Users\Bur K CX30JJAD 8janv\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\Segurazo\SegurazoUninstaller.exe -> Supprimé(e) [PUP.SysTweak|PUP.Gen1|PUP.Solvusoft (Potentiellement Malicieux)] Page d'accueil de WinThruster.lnk -- I:\Users\Bur K CX30JJAD 8janv\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\WinThruster\WinThruster\Page d'accueil de WinThruster.lnk (lnk => C:\Program Files (x86)\WinThruster\HomePage.url []) -> Supprimé(e) [PUP.SysTweak|PUP.Gen1|PUP.Solvusoft (Potentiellement Malicieux)] Désinstaller WinThruster.lnk -- I:\Users\Bur K CX30JJAD 8janv\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\WinThruster\WinThruster\Désinstaller WinThruster.lnk (lnk => C:\Program Files (x86)\WinThruster\unins000.exe []) -> Supprimé(e) [PUP.SysTweak|PUP.Gen1|PUP.Solvusoft (Potentiellement Malicieux)] WinThruster.lnk -- I:\Users\Bur K CX30JJAD 8janv\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\WinThruster\WinThruster\WinThruster.lnk (lnk => C:\Program Files (x86)\WinThruster\WinThruster.exe []) -> Supprimé(e) [PUP.AutoIt.Gen (Potentiellement Malicieux)] HDDFix.exe -- I:\Users\dépannage iPod\Desktop\HDDFix.exe -> Supprimé(e) [PUP.InnovativeSolutions (Potentiellement Malicieux)] AU PRO.lnk -- I:\Users\manqu\AppData\Local\Innovative Solutions\Advanced Uninstaller PRO\AU PRO.lnk (lnk => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe []) -> Supprimé(e) [PUP.SweetLabs|PUP.Gen1 (Potentiellement Malicieux)] PC App Store.lnk -- I:\Users\manqu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk (lnk => C:\Users\antifondance uni c b\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [ /OPEN"f22abfeae27a67446927d078890381efc546d3e1"]) -> Supprimé(e) [PUP.SweetLabs|PUP.Gen1 (Potentiellement Malicieux)] Start Menu.lnk -- I:\Users\manqu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk (lnk => C:\Users\antifondance uni c b\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [/OPEN"menu"]) -> Supprimé(e) [PUP.InnovativeSolutions (Potentiellement Malicieux)] Advanced Uninstaller PRO 12.lnk -- I:\Users\manqu\Desktop\Advanced Uninstaller PRO 12.lnk (lnk => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe []) -> Supprimé(e) [PUP.AutoIt.Gen (Potentiellement Malicieux)] HDDFix.exe -- I:\Users\manqu\Desktop\HDDFix.exe -> Supprimé(e) [PUP.PCCleaner (Potentiellement Malicieux)] OneSafe_PC_Cleaner.exe [Avanquest Software SAS] -- I:\Users\manqu\Downloads\OneSafe_PC_Cleaner.exe -> Supprimé(e) [PUP.AutoIt.Gen (Potentiellement Malicieux)] SFTGC.exe -- I:\Users\self-vot 10Crem Tern\Downloads\SFTGC.exe -> Supprimé(e) [PUP.InnovativeSolutions (Potentiellement Malicieux)] Advanced Uninstaller PRO 12.lnk -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO\Advanced Uninstaller PRO 12.lnk (lnk => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe []) -> Supprimé(e) [PUP.InnovativeSolutions (Potentiellement Malicieux)] Uninstall.lnk -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO\Uninstall.lnk (lnk => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\unins000.exe []) -> Supprimé(e) [PUP.InnovativeSolutions (Potentiellement Malicieux)] Advanced Uninstaller PRO 12.lnk -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 12.lnk (lnk => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe []) -> Supprimé(e) [PUP.AutoIt.Gen (Potentiellement Malicieux)] Converber.exe -- I:\LiberKey\Apps\Converber\App\Converber\Converber.exe -> Supprimé(e) Click the Delete button. Attach the RogueKiller report to your next reply. The log can also be found on your desktop labeled (RKreport[X]_D_xxdatexx_xtimex.txt) The highest number of [X], is the most recent Delete log.
  2. Changing tools. Download AdwCleaner and save it on your Desktop. Close all open programs and Internet browsers (you may want to print out or write down these instructions first). Double click on adwcleaner.exe to run the tool. Click on the Scan button. After the scan has finished, click on the Clean button. Confirm each time with OK. You will be prompted to restart your computer. A text file will open in Notepad after the restart (this is the log of what was removed), which you can save on your Desktop. Attach that log file to your reply. NOTE: If you lose that log file for any reason, you can find it at C:\AdwCleaner on your computer.
  3. Thread Closed Reason: Lack of Response PM either Kevin, or Arthur to have this thread reopened. The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on a system, other than the one they were written for, could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread
  4. Stop running tools I did not ask you to run. I see one more log I did not ask for I will terminate this support thread. Just reviewing you FRST reports, I can see you have ran just about ever tool you can find to fix the system. Stop,. You run the very real risk of rendering the operating system non-functional. Copy the below code to Notepad; Save As fixlist.txt to your Desktop. HKU\S-1-5-21-1913538887-3906073971-4032389247-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 GroupPolicy: Restriction ? <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION Task: {F663F3CD-A3FE-4F63-87DA-62ED467E9323} - System32\Tasks\CacheWrite => C:\ProgramData\CacheWrite\CacheWrite.exe <==== ATTENTION HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre-10.0.2\bin\ssv.dll => Pas de fichier R2 MEmuSVC; C:\Program Files (x86)\Microvirt\MEmu\MemuService.exe [85304 2019-07-02] (Shanghai Microvirt Software Technology Co., Ltd. -> ) R0 eppdisk; C:\Windows\System32\drivers\eppdisk.sys [37776 2019-12-13] (Emsisoft Ltd -> Emsisoft Ltd) R3 esihdrv; C:\Users\antifondance uni c b\AppData\Local\Temp\esihdrv.sys [191664 2020-03-06] (ESET, spol. s r.o. -> ESET) <==== ATTENTION R3 HWiNFO; C:\Users\antifondance uni c b\AppData\Local\Temp\HWiNFO64A.SYS [61208 2020-03-06] (Martin Malik - REALiX -> REALiX(tm)) <==== ATTENTION S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security S.L. -> Panda Security, S.L.) S1 SMR521; \SystemRoot\System32\drivers\SMR521.SYS [X] AV: Ashampoo Anti-Virus (Disabled - Up to date) {5FD8BF8F-F242-6153-61B5-8FF333E8736B} AS: Ashampoo Anti-Virus (Disabled - Up to date) {E4B95E6B-D478-6EDD-5B05-B481486F39D6} ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Pas de fichier ContextMenuHandlers1: [Open With EncryptionMenu] -> {A470F8CF-A1E8-4f65-8335-227475AA5C46} => -> Pas de fichier ContextMenuHandlers2: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => -> Pas de fichier ContextMenuHandlers2: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => -> Pas de fichier ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier ContextMenuHandlers3: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => -> Pas de fichier ContextMenuHandlers3: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => -> Pas de fichier ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> Pas de fichier ContextMenuHandlers4: [EncryptionMenu] -> {A470F8CF-A1E8-4f65-8335-227475AA5C46} => -> Pas de fichier ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> Pas de fichier ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Pas de fichier ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Pas de fichier ContextMenuHandlers6: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => -> Pas de fichier ContextMenuHandlers6: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => -> Pas de fichier ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> Pas de fichier AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [143] Close Notepad. NOTE: It's important that both files, FRST, and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system IMPORTANT: Save all of your work, as the next step may reboot your computer. Run FRST and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply. NOTE: If the tool warns you about an outdated version please download and run the updated version. Also, let me know how the machine is running now, and what remaining issues you've noticed.
  5. Do not copy & paste logs to your replies. They will be removed without reading. Also do not run tools I did not ask you to run. Run a fresh scan with FRST, attach the new FRST scan reports to your reply.
  6. Hello @Vicky, No there is noway to get those files back unless you have backups of your data.
  7. You would need to use a tool like AutoRuns to determine what is starting during startup and disable anything that you do not wants starting when you start the system.
  8. As was stated by Christian, there is no method for submission, it simply does not exist.
  9. Boot speeds depend on a lot of factors. Just the fact that the system is booting slowing does not mean it is infected.
  10. Emsisoft Emergency Kit (EEK) is not intended for use on systems that have Emsisoft Anti-Malware (EAM) installed. Any attempts to run EEK on system running EAM will result in the licensing screen popping up. I realize that that is confusing as it does not indicate that running EEK along side EAM is unsupported.
  11. Thread Closed Reason: Lack of Response PM either Kevin, or Arthur to have this thread reopened. The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on a system, other than the one they were written for, could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread
  12. You will want to uninstall UmmyVideoDownloader
  13. I wouldn't expect to see Windows 21H1 until sometime around the end of next month. All the other errors are outside the purview of this forum. AdwCleaner did not find and remove nearly as much as I had hoped.. Let's try a different tool. Download RogueKiller from https://www.fosshub.com/RogueKiller.html and save it to your desktop. Double-click on setup.exe to install RogueKiller. Close all programs and disconnect any USB or external drives before running the tool. Right-click RogueKiller.exe and select Run As Administrator to run the tool. Once the Prescan has finished, click Scan. Once the Status box shows "Scan Finished", click on the "Report" button and attach the scan log to your reply.
  14. Hello @Athina, Thank you for contacting Emsisoft Support. That file extension belongs to the STOP/DJVU (New Variant) family of ransomware and is not supported by our decryption tool. Despite that, I would like for you to run the STOP/DJVU decryption tool anyway. That will accomplish a couple of things. First, it will deactivate and remove any malware that was installed by the ransomware. This will prevent new files from being encrypted and will prevent re-encryption if files are restored from a backup. Second, the decryption tool will determine the ID of the encrypted files. Any ID ending in t1 is an Offline ID anything else is an Online ID. This is important as it tells us how the encryption key was generated. There may be multiple Ids, especially if communication between the target system and the command & control server is interrupted for any reason, or because the file encryption was done in stages to avoid detection. An Offline ID means that the encryption key pair was generated locally and the encryption key is encoded in a file. An Online ID means the encryption key pair was generated and stored on a remote command & control server under the control of the ransomware gang responsible for encrypting your files. Why is this important? The ID of the file(s) is how private encryption keys are identified. If we have a private encryption key matching the ID for a file(s) then that private encryption key can be used to decrypt the file(s). However, this is all contingent on us having a matching private encryption key in our database. The downside of all this is that we are not currently in possession of private encryption keys for the STOP/DJVU (New Variant) family of ransomware. General Notes With Regards to STOP/DJVU Why won't the decrypter run? The decrypter requires version 4.5.2 or newer of the Microsoft .NET Framework, so this could mean your version of the .NET Framework is out of date. We recommend installing the latest version of the .NET Framework (4.8 at the time of writing this), and then trying the decrypter again. What does "Remote name could not be resolved" mean? It's an indication of a DNS issue. Our first recommendation is to reset your HOSTS file back to default. Microsoft has an article about this at the following link:https://support.microsoft.com/en-us/help/972034/how-to-reset-the-hosts-file-back-to-the-default If the decryption tool tells you the files cannot be decrypted, then they cannot be decrypted. That is not an error message. If your files have an Online ID that means that the file(s) encryption keys were generated and stored on a command & control server under the control of the ransomware gang responsible for encrypting your files. We do not have access to those keys. Our ability to add private encryption keys for Online IDs depends entirely on law enforcement agencies arresting the criminals and releasing their database of private keys for inclusion in decryption tools. If your files have an Offline ID and were not decrypted it is because we do not have the corresponding decryption key in our database. Do not ask us when we plan on adding it, because we do not have it or a way to generate your decryption key. When we do get a hold of an encryption key matching an Offline ID it will be added to our database of Private Encryption Keys. Our database does include some Offline ID decryption keys for newer variants of the STOP/DJVU family of ransomware. If the files were encrypted with an Offline ID that matches one of the decryption keys in our database, then our decryption tool will be able to decrypt those files that were encrypted using that key. New Variant STOP/DJVU utilizes both the RSA and Salsa20 encryption algorithms. Both RSA and Salsa20 are considered secure encryption methods and are unbreakable using current technologies. They are not reversible, cannot be cracked, and we are not able to generate a decryption key. So do not send us encrypted files thinking we can recover your decryption key, we can't. To Download the STOP/DJVU decryption tool visit https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu Also, see https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ for more information on the STOP/DJVU decryption tool.
  15. @Srikanth @BbooRekt Your IDs are Online IDs, and as such our decryption tool cannot decrypt your files.
  16. Hello @Muhammad Rizwan, Welcome to the Emsisoft Support Forums. General Notes With Regards to STOP/DJVU If the decryption tool tells you the files cannot be decrypted, then they cannot be decrypted. That is not an error message. If your files have an Offline ID and were not decrypted it is because we do not have the corresponding decryption key in our database. Do not ask us when we plan on adding it, because we do not have it or a way for generating your decryption key. Our database does include some Offline ID decryption keys for newer variants of the STOP/DJVU family of ransomware. If the files were encrypted with an Offline ID that matches one of the decryption keys in our database, then our decryption tool will be able to decrypt those files that were encrypted using that key. New Variant STOP/DJVU utilizes both the RSA and Salsa20 encryption algorithms. Both RSA and Salsa20 are considered secure encryption methods and are unbreakable using current technologies. They are not reversible, cannot be cracked, and we are not able to generate a decryption key. So do not send us encrypted files thinking we can recover your decryption key, we can't. Also, see https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ for more information on the STOP/DJVU decryption tool.
  17. Hello @jaylakhani, Thank you for contacting Emsisoft Support. That file extension belongs to the STOP/DJVU (New Variant) family of ransomware and is not supported by our decryption tool. Despite that, I would like for you to run the STOP/DJVU decryption tool anyway. That will accomplish a couple of things. First, it will deactivate and remove any malware that was installed by the ransomware. This will prevent new files from being encrypted and will prevent re-encryption if files are restored from a backup. Second, the decryption tool will determine the ID of the encrypted files. Any ID ending in t1 is an Offline ID anything else is an Online ID. This is important as it tells us how the encryption key was generated. There may be multiple Ids, especially if communication between the target system and the command & control server is interrupted for any reason, or because the file encryption was done in stages to avoid detection. An Offline ID means that the encryption key pair was generated locally and the encryption key is encoded in a file. An Online ID means the encryption key pair was generated and stored on a remote command & control server under the control of the ransomware gang responsible for encrypting your files. Why is this important? The ID of the file(s) is how private encryption keys are identified. If we have a private encryption key matching the ID for a file(s) then that private encryption key can be used to decrypt the file(s). However, this is all contingent on us having a matching private encryption key in our database. The downside of all this is that we are not currently in possession of private encryption keys for the STOP/DJVU (New Variant) family of ransomware. General Notes With Regards to STOP/DJVU Why won't the decrypter run? The decrypter requires version 4.5.2 or newer of the Microsoft .NET Framework, so this could mean your version of the .NET Framework is out of date. We recommend installing the latest version of the .NET Framework (4.8 at the time of writing this), and then trying the decrypter again. What does "Remote name could not be resolved" mean? It's an indication of a DNS issue. Our first recommendation is to reset your HOSTS file back to default. Microsoft has an article about this at the following link:https://support.microsoft.com/en-us/help/972034/how-to-reset-the-hosts-file-back-to-the-default If the decryption tool tells you the files cannot be decrypted, then they cannot be decrypted. That is not an error message. If your files have an Online ID that means that the file(s) encryption keys were generated and stored on a command & control server under the control of the ransomware gang responsible for encrypting your files. We do not have access to those keys. Our ability to add private encryption keys for Online IDs depends entirely on law enforcement agencies arresting the criminals and releasing their database of private keys for inclusion in decryption tools. If your files have an Offline ID and were not decrypted it is because we do not have the corresponding decryption key in our database. Do not ask us when we plan on adding it, because we do not have it or a way to generate your decryption key. When we do get a hold of an encryption key matching an Offline ID it will be added to our database of Private Encryption Keys. Our database does include some Offline ID decryption keys for newer variants of the STOP/DJVU family of ransomware. If the files were encrypted with an Offline ID that matches one of the decryption keys in our database, then our decryption tool will be able to decrypt those files that were encrypted using that key. New Variant STOP/DJVU utilizes both the RSA and Salsa20 encryption algorithms. Both RSA and Salsa20 are considered secure encryption methods and are unbreakable using current technologies. They are not reversible, cannot be cracked, and we are not able to generate a decryption key. So do not send us encrypted files thinking we can recover your decryption key, we can't. To Download the STOP/DJVU decryption tool visit https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu Also, see https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ for more information on the STOP/DJVU decryption tool.
  18. Hello @Aravind, Thank you for contacting Emsisoft Support. That file extension belongs to the STOP/DJVU (New Variant) family of ransomware and is not supported by our decryption tool. Despite that, I would like for you to run the STOP/DJVU decryption tool anyway. That will accomplish a couple of things. First, it will deactivate and remove any malware that was installed by the ransomware. This will prevent new files from being encrypted and will prevent re-encryption if files are restored from a backup. Second, the decryption tool will determine the ID of the encrypted files. Any ID ending in t1 is an Offline ID anything else is an Online ID. This is important as it tells us how the encryption key was generated. There may be multiple Ids, especially if communication between the target system and the command & control server is interrupted for any reason, or because the file encryption was done in stages to avoid detection. An Offline ID means that the encryption key pair was generated locally and the encryption key is encoded in a file. An Online ID means the encryption key pair was generated and stored on a remote command & control server under the control of the ransomware gang responsible for encrypting your files. Why is this important? The ID of the file(s) is how private encryption keys are identified. If we have a private encryption key matching the ID for a file(s) then that private encryption key can be used to decrypt the file(s). However, this is all contingent on us having a matching private encryption key in our database. The downside of all this is that we are not currently in possession of private encryption keys for the STOP/DJVU (New Variant) family of ransomware. General Notes With Regards to STOP/DJVU Why won't the decrypter run? The decrypter requires version 4.5.2 or newer of the Microsoft .NET Framework, so this could mean your version of the .NET Framework is out of date. We recommend installing the latest version of the .NET Framework (4.8 at the time of writing this), and then trying the decrypter again. What does "Remote name could not be resolved" mean? It's an indication of a DNS issue. Our first recommendation is to reset your HOSTS file back to default. Microsoft has an article about this at the following link:https://support.microsoft.com/en-us/help/972034/how-to-reset-the-hosts-file-back-to-the-default If the decryption tool tells you the files cannot be decrypted, then they cannot be decrypted. That is not an error message. If your files have an Online ID that means that the file(s) encryption keys were generated and stored on a command & control server under the control of the ransomware gang responsible for encrypting your files. We do not have access to those keys. Our ability to add private encryption keys for Online IDs depends entirely on law enforcement agencies arresting the criminals and releasing their database of private keys for inclusion in decryption tools. If your files have an Offline ID and were not decrypted it is because we do not have the corresponding decryption key in our database. Do not ask us when we plan on adding it, because we do not have it or a way to generate your decryption key. When we do get a hold of an encryption key matching an Offline ID it will be added to our database of Private Encryption Keys. Our database does include some Offline ID decryption keys for newer variants of the STOP/DJVU family of ransomware. If the files were encrypted with an Offline ID that matches one of the decryption keys in our database, then our decryption tool will be able to decrypt those files that were encrypted using that key. New Variant STOP/DJVU utilizes both the RSA and Salsa20 encryption algorithms. Both RSA and Salsa20 are considered secure encryption methods and are unbreakable using current technologies. They are not reversible, cannot be cracked, and we are not able to generate a decryption key. So do not send us encrypted files thinking we can recover your decryption key, we can't. To Download the STOP/DJVU decryption tool visit https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu Also, see https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ for more information on the STOP/DJVU decryption tool.
  19. Hello, You have far too many antivirus applications installed. You should have one and one antivirus installed. Though there may not appear to be conflicts there will be performance issues cause by each application competing for the same resources. Your FRST logs are incomplete. Changing tools. Download AdwCleaner and save it on your Desktop. Close all open programs and Internet browsers (you may want to print out or write down these instructions first). Double click on adwcleaner.exe to run the tool. Click on the Scan button. After the scan has finished, click on the Clean button. Confirm each time with OK. You will be prompted to restart your computer. A text file will open in Notepad after the restart (this is the log of what was removed), which you can save on your Desktop. Attach that log file to your reply. NOTE: If you lose that log file for any reason, you can find it at C:\AdwCleaner on your computer.