BlackTunicLink Posted February 17, 2021 Report Share Posted February 17, 2021 Here are the required files. scan_210217-102207.txt Addition.txt FRST.txt Link to comment Share on other sites More sharing options...
ShadowPuterDude Posted February 18, 2021 Report Share Posted February 18, 2021 Hello @BlackTunicLink, Welcome to the Emsisoft Support Forums. C:\Program Files\KMSpico\Service_KMS.exe C:\Users\aaron_000\Downloads\_\KEYGEN-TSZ\Keygen.exe Software cracks and Keygens are the only observed infection vector for the STOP Ransomware family, which accounts for roughly 50% of ransomware attacks worldwide. If you do not want your files encrypted by STOP, do not engage in software piracy. Copy the below code to Notepad; Save As fixlist.txt to your Desktop. GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION 2019-06-17 06:08 - 2019-06-17 06:08 - 006922240 _____ () C:\Program Files (x86)\GUT847A.tmp 2019-10-17 14:20 - 2019-10-17 14:20 - 009256960 _____ () C:\Program Files (x86)\GUTE445.tmp 2018-12-22 20:53 - 2018-12-22 20:53 - 007895040 _____ () C:\Program Files (x86)\GUTFB31.tmp ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll -> No File ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll -> No File ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll -> No File BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll => No Filen) Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File FirewallRules: [{536C65E3-5EB2-4E81-837D-7C5D52123922}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe => No File FirewallRules: [{071A271B-CEF8-4167-BD6B-47284F730C28}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe => No File C:\Users\aaron_000\Downloads\_\KEYGEN-TSZ\Keygen.exe C:\Users\aaron_000\Downloads\_\KEYGEN-TSZ Close Notepad. NOTE: It's important that both files, FRST, and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system IMPORTANT: Save all of your work, as the next step may reboot your computer. Run FRST and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply. NOTE: If the tool warns you about an outdated version please download and run the updated version. Also, let me know how the machine is running now, and what remaining issues you've noticed. Link to comment Share on other sites More sharing options...
BlackTunicLink Posted February 21, 2021 Author Report Share Posted February 21, 2021 I believe everything is fine. Thanks for the help. Link to comment Share on other sites More sharing options...
ShadowPuterDude Posted February 22, 2021 Report Share Posted February 22, 2021 You are welcome. Link to comment Share on other sites More sharing options...
Recommended Posts