BlackTunicLink 1 Posted February 17 Report Share Posted February 17 Here are the required files. scan_210217-102207.txt Addition.txt FRST.txt Link to post Share on other sites
Kevin Zoll 309 Posted February 18 Report Share Posted February 18 Hello @BlackTunicLink, Welcome to the Emsisoft Support Forums. C:\Program Files\KMSpico\Service_KMS.exe C:\Users\aaron_000\Downloads\_\KEYGEN-TSZ\Keygen.exe Software cracks and Keygens are the only observed infection vector for the STOP Ransomware family, which accounts for roughly 50% of ransomware attacks worldwide. If you do not want your files encrypted by STOP, do not engage in software piracy. Copy the below code to Notepad; Save As fixlist.txt to your Desktop. GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION 2019-06-17 06:08 - 2019-06-17 06:08 - 006922240 _____ () C:\Program Files (x86)\GUT847A.tmp 2019-10-17 14:20 - 2019-10-17 14:20 - 009256960 _____ () C:\Program Files (x86)\GUTE445.tmp 2018-12-22 20:53 - 2018-12-22 20:53 - 007895040 _____ () C:\Program Files (x86)\GUTFB31.tmp ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll -> No File ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll -> No File ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll -> No File BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll => No Filen) Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File FirewallRules: [{536C65E3-5EB2-4E81-837D-7C5D52123922}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe => No File FirewallRules: [{071A271B-CEF8-4167-BD6B-47284F730C28}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe => No File C:\Users\aaron_000\Downloads\_\KEYGEN-TSZ\Keygen.exe C:\Users\aaron_000\Downloads\_\KEYGEN-TSZ Close Notepad. NOTE: It's important that both files, FRST, and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system IMPORTANT: Save all of your work, as the next step may reboot your computer. Run FRST and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply. NOTE: If the tool warns you about an outdated version please download and run the updated version. Also, let me know how the machine is running now, and what remaining issues you've noticed. Link to post Share on other sites
BlackTunicLink 1 Posted February 21 Author Report Share Posted February 21 I believe everything is fine. Thanks for the help. Link to post Share on other sites
Kevin Zoll 309 Posted February 22 Report Share Posted February 22 You are welcome. Link to post Share on other sites
Recommended Posts