ibluto 0 Posted June 22, 2016 Report Share Posted June 22, 2016 I know the post says not to quarantine anything but she already hit the button. Quarantine_160622-010906.txt Addition_22-06-2016_01-11-28.txt FRST_22-06-2016_01-11-28.txt Link to post Share on other sites
Kevin Zoll 309 Posted June 22, 2016 Report Share Posted June 22, 2016 Hello, Files that have been encrypted by Locky cannot be decrypted. Locky uses a secure encryption algorithm that is not breakable using the methods currently available. Copy the below code to Notepad; Save As fixlist.txt to your Desktop. HKLM\...\Run: [] => [X] HKU\S-1-5-21-3562854674-2266526363-4179296465-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-3562854674-2266526363-4179296465-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 ShellExecuteHooks: - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File [ ] GroupPolicyUsers\S-1-5-21-3562854674-2266526363-4179296465-1001\User: Restriction <======= ATTENTION Toolbar: HKLM - No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} - No File Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File FF Plugin: @microsoft.com/GENUINE -> disabled [No File] 2014-03-28 12:38 - 2014-03-28 12:38 - 0005016 _____ () C:\Users\Bgenera\AppData\Roaming\UserTile.png 2012-06-27 09:50 - 2012-06-27 12:35 - 0002333 _____ () C:\ProgramData\hpzinstall.log C:\Users\Bgenera\AppData\Local\Temp\dllnt_dump.dll C:\Users\Bgenera\AppData\Local\Temp\Quarantine.exe CustomCLSID: HKU\S-1-5-21-3562854674-2266526363-4179296465-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Bgenera\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-3562854674-2266526363-4179296465-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Bgenera\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-3562854674-2266526363-4179296465-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Bgenera\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-3562854674-2266526363-4179296465-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Bgenera\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-3562854674-2266526363-4179296465-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Bgenera\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File Task: {055E3355-0CC2-490A-A2B3-44462497CEA5} - System32\Tasks\{316ABD8F-A9A2-4EB7-BF29-84FA4B2B9D6D} => pcalua.exe -a D:\Setup.exe -d D:\ Task: {CF5843A9-E3E3-4CD3-A8F6-7F3386EE1AA2} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{D5C9BD49-9F24-405E-9071-9FE72241D35D}.exe <==== ATTENTION AlternateDataStreams: C:\Users\Bgenera\Desktop\Welcome to Renaissance Place.url:KAVICHS [138]Close Notepad.NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemRun FRST and press the Fix button just once and wait.If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart.The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.Note: If the tool warns you about an outdated version please download and run the updated version. Link to post Share on other sites
Kevin Zoll 309 Posted June 27, 2016 Report Share Posted June 27, 2016 Thread ClosedReason: Lack of ResponsePM either Kevin, Elise, or Arthur to have this thread reopened.All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread. Link to post Share on other sites
Recommended Posts