Fix Boot Configuration Data error 0xc0000185

Signing in to a computer that runs a Windows 10 version OS is usually fast and straightforward. However, there are instances when signing in takes too long especially if there are a lot of programs in the Startup. So if many things are loading as soon as you log into your computer, it will slow down the sign-in process. Aside from programs in Startup, it is also possible that there are too many users that are logged in to the account. In such a case, you will most likely encounter an error that says, “Your computer is running low on resources, so no new users can sign in. Please use an account that has already been signed in”. If you’ve encountered such an error when you try to log into your computer, read on as this post will be guiding you on how you can fix it. Each time a user signs in to Windows 10, it will allocate resources in order to work smoothly. But, in many cases, the system is running low on resources which is why this error pops up and blocks a sign-in of a new user. To fix it, you can try to log out the existing users, or perform a Cold Boot, as well as run both the DISM tool and System File Checker scan.

Option 1 - Try to logout existing users

The first thing you can do is to log out the existing users. If you have a shared Windows 10 computer, you have to check if someone hasn’t logged out. It could be that some background task or there is an existing program that is still running under that account. So you have to make sure to ask the same user to log out in case there is some unsaved work. On the other hand, if that user is not around, then you reboot the computer right away.

Option 2 - Try Performing a Cold Boot

You could also try to perform a Cold Boot to fix the problem. A Cold Boot is a process that makes sure that the Windows 10 Kernel shuts down properly and releases all the resources held by any account. To perform a Cold Boot, just press and hold the physical power button on your CPU until it goes off. After that, boot your computer regularly and see if you can now log into your account without any error.

Option 3 - Try to run a System File Checker scan

System File Checker is a built-in command utility in Windows that helps in restoring corrupted files as well as missing files. It replaces bad and corrupted system files to good system files that might be the cause why you’re getting the error when you log into your computer. To run the SFC command, follow the steps given below.

• Boot your computer into the Advanced Recovery mode and from there open Command Prompt.
• After opening Command Prompt, type in sfc /scannow

The command will start a system scan which will take a few whiles before it finishes. Once it’s done, you could get the following results:

1. Windows Resource Protection did not find any integrity violations.
2. Windows Resource Protection found corrupt files and successfully repaired them.
3. Windows Resource Protection found corrupt files but was unable to fix some of them.

 Now restart your computer and see if the problem is fixed or not.

Option 4 - run the dism tool

You might also want to run the DISM tool. This tool is known to repair potentially corrupted files in your system as having them could also system issues like the “Your computer is running low on resources, so no new users can sign in” error. To repair these corrupted system files, you can run the DISM commands:

• Go to the Advanced Recovery mode and select Command Prompt.
• After that, input each one of the commands listed below sequentially to execute them:
  • Dism /Online /Cleanup-Image /CheckHealth
  • Dism /Online /Cleanup-Image /ScanHealth
  • Dism /Online /Cleanup-Image /RestoreHealth

• Once you’ve executed the commands given above, restart your computer and check if the problem is now fixed.

One of the primary packages that install the Windows Media Player is the Media Feature Pack among other related files that are needed by the associated software products. And one of the essential DLL files in that package is the mfplat.dll file which is needed by various games and streaming services. So if this DLL file goes missing, you will most likely encounter any of the following error messages:

• “mfplat.dll missing”
• “The application failed to start because mfplat.dll was not found.”
• “The program can’t start because mfplat.dll is missing from your computer.”

In other circumstances, the Media Feature Package does not come pre-installed with the main Windows package especially for those who use Windows N, thereby causing the error to pop up. The main cause of this problem is that users who use Windows 10 N do not have the Media Feature pack pre-installed with the installation package. Aside from that, the installation package could go missing after a few Windows Updates or if you have uninstalled it by accident. To resolve this problem, you need to check out each one of the given options below.

Option 1 – Try to enable Media Playback via Command Prompt

If you encounter the mfplat.dll missing error when you attempt to run PLEX or other similar streaming service and you’ve already verified that the Media Feature Pack is indeed installed, you might want to try enabling it using an elevated Command Prompt. There are cases when a particular Windows Update ends up disabling the feature and creates the grounds which results in the mfplat.dll missing error. Thus, you can have to enable the feature via Command Prompt.

• Tap the Win + R keys to open the Run dialog box.
• Then type “cmd” in the field and hit Enter to open an elevated Command Prompt.
• Next, click on Yes if a User Account Control prompt pops up.
• After opening Command Prompt, copy and paste the following command and hit Enter to execute it:

dism /online /enable-feature /featurename:MediaPlayback

• Close Command Prompt and then open the app once again to check if the problem is now fixed.

Option 2 – Try installing the Media Feature Pack for Windows 10 N version

As mentioned, the Windows 10 N version does not come with Windows Media Player. Meaning to say, the Media Feature Pack is also not installed by default or won’t be updated by the Windows Update component. So if you are not quite sure what Windows 10 version you currently have installed, refer to these steps:

• Tap the Windows key + S and then type “about” in the search box.
• From the search results, click on the “About your PC” to open the About tab of the Settings app.
• Afterward, scroll down to the Windows specifications and check your Windows version under Edition.

Note: If you have verified that your PC is using the Windows 10 N version, you need to install the appropriate Media Feature Pack for your computer. How? Refer to the steps below:

• Click this link to download and install the Media Feature Pack from Microsoft’s official website.
• Upon installation, select the edition you want to install using the drop-down menu and then click on Confirm. Take note that there are few reasons why you’d want to install the older version since most streaming services like PLEX and most games usually require version 1803.
• After that, wait until the request is validated. The download should begin in a few minutes automatically.
• Once the download is completed, open the installation executable file and follow the next on-screen instructions to install the Media Feature Pack on your computer.
• Restart your computer. After your computer has rebooted, open the application where you’re getting the mfplat.dll missing error and then check if the problem is now fixed.

Option 3 – Try to extract a copy of the mfplat.dll file from the windows.old directory

If you encounter the error shortly after you just upgraded to Windows 10 from an older version, the best thing you can do to resolve the problem is to use windows.old directory to fetch an old copy of the mfplat.dll file. To do so, follow the steps below.

• Go to the Windows drive and then look for the windows.old directory where it preserves a copy of your old operating system as well as associated files in case something goes out of hand during the upgrade process.
• After that, open the windows.old folder and then go to the syswow64 folder.
• Next, from the syswow64 folder, copy the mfplat.dll file and paste it to C:/windows/syswow64.
• Restart your computer and check if the error is now resolved or not.

Error Code 48 – What is it?

Error Code 48 is a device driver error code that users can encounter on any Windows 2000 operating system and later versions.

It occurs when the connected peripheral device cannot be run as the Windows operating system’s driver required to install the programs for peripheral devices has either been corrupted or is incompatible with the system.

It prompts the user with the following message on the screen:

The software for this device has been blocked from starting because it is known to have problems with Windows. Contact the hardware vendor for a new driver. (Code 48)

Solution

Error Causes

Like most other Windows error codes, error code 48 is triggered by the following factors.

• Corrupted system registry files
• Presence of viruses in the device
• The device driver is out-of-date

If this error code is not rectified, it could give birth to other driver device errors such as error code 52.

Further Information and Manual Repair

Method 1 – Run a complete scan for malware and spyware

Identifying and removing the viruses in the system registry and in the connected devices is the easiest method to fix the corrupted registry files.

Viruses such as spyware and malware infect the registry entries and eat up the files that lead to incomplete or missing data. This creates problems for installing external devices as the driver required to install them is not complete.

Method 2 – Use System Restore

You can also use system restore to eliminate the problem. Here is how you can use it:

• Log in using an Administrator account
• Click ‘Start’ button and select All Programs > Accessories > System Tools > System Restore
• Click ‘Restore my computer to an earlier time’ and click ‘Next’
• Select the last Windows to restore point from the ‘On this list, click a restore point’ list, and click ‘Next’
• Click ‘Next’ on the confirmation window to proceed
• Restart your PC after restoration is complete

By restoring the system via the last saved system checkpoint, you can obtain undamaged Windows system registry files that can help resolve the error code.

Method 3 – Manually uninstall and reinstall the device driver

Since Error Code 48 is due to a missing or an out-of-date device driver, uninstalling and then reinstalling the device driver can help solve the error.

You can do this by firstly logging in as Administrator and opening Device Manager. Select the device that is causing the problem and double click it; make sure that the peripheral is connected properly to the PC.

Upon opening, click on the ‘Driver’ tab and then select ‘Update Driver’. Make sure to refer to the system documentation that you received with your PC or computer to check for the motherboard details and driver specifics.

Method 4 – Use software to automatically download the driver

Manually uninstalling and reinstalling the driver will do the trick; however, it may be time-consuming especially when you would have to resort to your hardware user manual. Therefore, using a program such as DriverFIX can save you a lot of time and frustration in having your device work properly on your computer. DriverFIX, with its user-friendly approach to help you fix your PC issues, comes with an integrated database that detects which drivers you need to reconfigure within just a few seconds and downloads it automatically. It further ensures that your drivers are installed in their entirety leaving no room for any incomplete files to remain that create Error Code 48. It also has the added advantage of being able to backup and restores your files should there be the slightest possibility of system file damage. DriverFIX is the answer to fixing your PC error codes accurately and quickly. Click here to download DriverFIX to fix Error Code 48 quickly and effectively!

Microsoft has started to use group along with every open window in the Taskbar ever since the release of Windows 10. Early on, they used to show an individual entry for each one of the windows after grouping them which makes the taskbar look cleaner and organized. However, the main issue lies in the fact that you have to hover on your desired window to get on to them. At the time of writing, you need to tap the Ctrl key and click on the taskbar icon to open the last active window but you have to only click on the program’s taskbar icon after you apply the tweak given in this post for the last active window to open. Take note that the “Last Active” windows feature will only work if the taskbar buttons are combined. Before you get started doing the instructions given below, you need to create a System Restore Point first since you will be dealing with registry files and modifying some of the critical settings in Windows 10. Once you’ve done this, proceed to the given steps below. Step 1: Tap the Win + R keys to open the Run dialog box and then type “Regedit” in the field and hit Enter to open the Registry Editor. Step 2: If a User Account Control or UAC prompt appears, just click on Yes to proceed to open the Registry Editor. Step 3: Next, navigate to the following registry path:

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced

Step 4: From there, right-click on the right side of the panel and select New > DWORD (32-bit) and then name it “LastActiveClick”. Step 5: After that, double click on the newly created DWORd to modify its value. Put “1” as its value data. Step 6: Then click OK and close the Registry Editor. Step 7: Now restart your computer to successfully apply the changes made. Note: In case you want to revert back to the default configuration, all you have to do is set the value data of LastActiveClick to “0” or simply delete that DWORD and restart your computer to successfully apply the changes made.

As you know, each one of the Windows 10 versions is priced differently and one of the considered more expensive compared to the Windows 10 Home version is the Windows10 Pro. The good thing is, Microsoft allows its users to upgrade from the Windows 10 Home version to the Windows 10 Pro version at a reasonable cost instead of buying the entire license again. However, upgrading your Windows 10 computer is not always that easy and you might encounter some errors along the way. One of the reported errors you could encounter is an error message that says, “Something happened, and we couldn’t start the upgrade”. This kind of problem is due to the problems with the Microsoft Store or the key authorization and to fix it, there are several options you can check out. You can try to run the built-in troubleshooters such as the Windows Update troubleshooter, Windows Store Apps troubleshooter, or Microsoft Accounts troubleshooter. You could also try to reset the Windows Store cache or re-register the Windows Store app. For more details, refer to each one of the given options below.

Option 1 – Try to run the Microsoft Accounts troubleshooter

Since the Microsoft Accounts troubleshooter is not built-in into the Windows operating system, you can download this troubleshooter by clicking on this link.

Option 2 – Try running the Windows Update Troubleshooter

Running the built-in Windows Update troubleshooter could also help you resolve the “Something happened, and we couldn’t start the upgrade” error. To run it, go to Settings and then select Troubleshoot from the options. From there, click on Windows Update and then click the “Run the troubleshooter” button. After that, follow the next on-screen instructions and you should be good to go.

Option 3 – Run the Windows Store App troubleshooter

The Windows 10 Store Apps Troubleshooter will help you in fixing the problem in Microsoft Store. This is a great built-in tool from Microsoft that helps users fix any app issues. To use the Windows Store Apps Troubleshooter, follow the steps below.

• Tap Win + I keys again to open the Windows Settings panel.
• Go to Update & Security and then go to Troubleshoot.
• Under the Troubleshoot section, on your left-hand side, scroll down to find Window Store Apps.
• Then click on the Run the troubleshooter option and follow the on-screen instructions and then see if it fixes the problem.

Option 4 – Try to reset the Microsoft Store cache

As you know, like any other apps, Microsoft Store also caches as you view apps and games so it is most likely that the cache is no longer valid and must be removed. To do so, follow the steps below.

• Right-click on the start button and click on Command Prompt (administrator).
• Next, type in the command, “wsreset.exe” and tap Enter. Once you do, the command will clear the cache for the Windows Store app.
• Now restart your PC and afterward, try opening Microsoft Store again and then try to install your app or update your computer again.

Option 5 – Try to re-register the Microsoft Store app via Windows PowerShell

• Tap the Win + X key combination or right-click on the Start button and click on the Windows PowerShell (Admin) option.
• If a User Account Control or UAC prompt appears, just click on Yes to proceed and open the Windows PowerShell window.
• Next, type in or copy-paste the following command to re-register the Microsoft Store app and tap Enter:

powershell -ExecutionPolicy Unrestricted Add-AppxPackage -DisableDevelopmentMode -Register $Env:SystemRootWinStoreAppxManifest.xml

• Wait for the process to be completed and then restart your computer.

Option 6 – Try contacting Microsoft

If none of the options worked, you might also want to contact Microsoft for further assistance in fixing the error.

Steam Autumn sale is still raging and other storefronts like EPIC and GOG have also had their go, and as the year slowly closes we reflect on the best games released this year.

The games presented are not in any particular order and as sales are still raging pick one for you for a good time.

F1 Manager 22

If you are into formula racing this new manager is something we will wholeheartedly recommend. How it has been a very long time since a good F1 manager has been released this one is breath of fresh air. Masterfully done and fun to play, also licensed with real teams and cars get it here: https://store.steampowered.com/app/1708520/F1_Manager_2022/

Stray

I like cats, but this game is on another level from its competitors. Unique approach, great storyline, and of course orange cat as the main character! Set in a cyberpunk environment following the story of some unfortunate androids you can do most cat things like playing in boxes, etc but essentially the game is a puzzle platformer which in my opinion is a great thing. Meow your things and get the game while it is discounted: https://store.steampowered.com/app/1332010/Stray/

Neon White

Mirror's Edge was the very unique game when it was released introducing parkour into the gaming world, and Neon white brings it one level up. With competitive parkour FPS gameplay this game is great for killing some time and competing with your friends but most of all it is fun to play experience. Get it here: https://store.steampowered.com/app/1533420/Neon_White/

Teenage mutant ninja turtles: Shredder's revenge

Shredder's revenge is a love letter to classic beat-them-up games found in old dusty arcades back in old times. Fast frenzy action, pixel art graphics, and tons of fun!!! Get it now and start partying like it was 1980: https://store.steampowered.com/app/1361510/Teenage_Mutant_Ninja_Turtles_Shredders_Revenge/

Tiny Tina's Wonderlands

This game needs to be experienced in order to fully grasp its magnitude and quirkiness. From the creators of borderlands comes a new IP fusion of fantasy, guns, and crazy ideas all wrapped into an action RPG looter shooter with a recognizable borderlands style of graphics. https://store.steampowered.com/app/1286680/Tiny_Tinas_Wonderlands/

Norco

Winner of multiple awards, Norco is a classic point-and-click adventure game with a great sci-fi story with a lot of environmental focus. Story and atmosphere are the main selling points for the game and if you enjoy good stories with interesting characters give this one a go: https://store.steampowered.com/app/1221250/NORCO/

Final Fantasy 14: Endwalker

Expansion for Massive multiplayer online roleplaying game brings so much to the table that we just could not oversee it and place it aside. Technically not full standing game since it is the expansion it still delivers on many fronts and since it is supposedly the last expansion now is the best time to pick it up and give a final fantasy 14 a go: https://store.steampowered.com/app/1592500/FINAL_FANTASY_XIV_Endwalker/

Elden Ring

Of course, the list would not be complete if we did not include Elden ring, a great example of how a difficult but well-executed game can go over and beyond. With a story on par with great epics and compact as in dark souls, this title will provide you with many hours of gameplay and content. https://store.steampowered.com/app/1245620/ELDEN_RING/

Windows 11 has some cool animations including fading effects which make working in it feels nice and futuristic but the cost of this is that there is a slight delay to certain actions performed. If you want the snap fast feature in Windows 11 and do not care about this eye candy there is an easy way to turn animations off inside it.

• First, open Windows Settings by pressing ⊞ Windows + I on your keyboard
• Alternatively, click on Start, search for Settings, and then click its icon.
• When Settings appears, look in the sidebar and select Accessibility.
• In Accessibility settings, click on Visual Effects.
• In Visual Effects, switch Animation Effects to Off.

That’s it, changes will be applied automatically, you can close settings and continue working inside Windows 11 without animations and fades. You can always switch animations back On via settings if you change your mind.

If your Microsoft Edge browser encountered a Stop Error that says, “INVALID_POINTER_READ_c0000005 (atidxx64.dll)” in your Windows 10 computer, then this indicates that your Graphics card driver is outdated. According to security experts, Microsoft has already acknowledged the problem and stated that this issue exists with Windows 10 v1809, Windows Server 2019, and Windows Server version 1809. Although there is no direct way to resolve the problem, there are still some workarounds you can try. If you are using a RadeonHD2000 or HD4000 series video card, the update will be blocked for you. Some users also claim to experience performance issues with the lock screen or the ShellExperienceHost. However, if you are using AMD, the problem is that it no longer supports Radeon HD2000 and HD4000 series graphics processing units or GPUs. Even though Microsoft is already working for a way to resolve the problem, here are some alternative solutions you can check out:

Option 1 – Update your Graphics card drivers

• First, boot your computer into Safe Mode.
• After that, tap the Win + R keys to launch Run.
• Type in devmgmt.msc into the box and tap Enter or click OK to open the Device Manager.
• After that, a list of device drivers will be displayed. From there, look for the Display Adapters and click on them.
• After that, right-click on each entry under the Display Adapters and select the “Uninstall Device” option from the menu.
• Now restart your computer.
• After restarting your computer, go to the Settings app and Check for Updates in the Windows Update section.

Note: You also have the option to go directly to the website of your graphics card manufacturers like NVIDIA, Intel or AMD and go to the section called Drivers then check if there’s a new available update – if there is, download and install it.

Option 2 – Try removing AMD Radeon HD2000 and HD4000 drivers

Although this is not exactly a perfect solution, removing AMD drivers will make the operating system fall back to the default GPU available on your motherboard. You also have the option to completely disable the hardware.

• Tap the Win + X + M keys to open the Device Manager.
• Next, look for your Graphics card drive, and under Display Adapters, right click on them and click Uninstall device or Disable device.
• After that, restart your computer. This will disable the AMD drivers so you won’t be able to find them. It will also release the Windows 10 v1809 update on your computer and in case your operating system tries to prompt you with the “New Device found” message, simply ignore it.

Option 3 – Try to use another browser

You might want to use another browser especially when you already updated your computer and Microsoft Edge still keeps on crashing. You can use Google Chrome, Mozilla Firefox, and other browsers as alternatives until you sort out the problem.

Option 4 – Try to remove the Graphics card physically

You might also want to try removing both AMD Radeon HD2000 and HD4000 as they are very old graphics cards. And since AMD is not going to roll out anything, at least on its own if your motherboard has an onboard GPU, it would be best to get rid of the cards. After that, install the Windows v1809 update and then put them back in. You also have the option to install the driver but just don’t use Microsoft Edge.

Windows 11 has brought some new features and changed some of the existing ones. One of these changes includes quick switching of audio devices which will play audio. Audio switching can still be done under the taskbar, it is just a little different and one could say even hidden. Follow this quick guide and you will be switching from your headphones to speakers as an example in a matter of seconds.

1. Click on the speaker icon located in the far-right part of the taskbar.
2. After the quick settings menu appears click on the right arrow located right of the volume slider. If the arrow is not present, instead of click on the pencil icon, then on add, and finally select Volume from the list.
3. After clicking on the arrow icon, a list of all enabled audio devices on the system will replace the volume slider. Click on the desired audio device in order to make it active.
4. Click anywhere outside the quick setting menu to save changes and close it.

Note: in the Quick settings menu if you choose More Volume Settings it will bring you to System > Sound where you can access more sound input and output options.

What is PyLocky ransomware? And how does it execute its attack?

PyLocky ransomware is a file-locking malware created in order to lock important files and demand ransom from victims in exchange for data recovery. This new ransomware uses the .lockymap extension in marking the files it encrypts. It starts to execute its attack by dropping the following malicious payload in the system:

Name: facture_4739149_08.26.2018.exe SHA256:8655f8599b0892d55efc13fea404b520858d01812251b1d25dcf0afb4684dce9 Size: 5.3 MB

After dropping its malicious payload, this crypto-malware connects the infected computer to a remote server where it downloads more malicious files and places them on system folders. It then applies a data gathering module used to gather data about the user and the computer. The malicious files that were downloaded earlier along with the data obtained are used for another module called stealth protection. This allows PyLocky ransomware to execute its attack without detection from any security or antivirus programs installed in the system. It also modifies some registry keys and entries in the Windows Registry such as:

• HKEY_CURRENT_USERControl PanelDesktop
• HKEY_USERS.DEFAULTControl PanelDesktop
• HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun
• HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
• HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunOnce
• HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce

Once all the modifications are carried out, PyLocky ransomware will begin encrypting its targeted files using a sophisticated encryption cipher. Following the encryption, it adds the .lockymap extension to each one of the encrypted files and releases a ransom note named “LOCKY-README.txt” which contains the following content:

“Please be advised: All your files, pictures document and data has been encrypted with Military Grade Encryption RSA ABS-256. Your information is not lost. But Encrypted. In order for you to restore your files, you have to purchase a Decrypter. Follow these steps to restore your files. 1* Download the Tor Browser. ( Just type in google “Download Tor“ 2‘ Browse to URL: http://4wcgqlckaazungm.onion/index.php 3* Purchase the Decryptor to restore your files. It is very simple. If you don’t believe that we can restore your files, then you can restore 1 file of image format for free. Be aware the time is ticking. Price will be doubled every 96 hours so use it wisely. Your unique ID : CAUTION: Please do not try to modify or delete any encrypted file as it will be hard to restore it. SUPPORT: You can contact support to help decrypt your files for you. Click on support at http://4wcgqlckaazungm.onion/index.php”

How does PyLocky ransomware spread over the web?

PyLocky ransomware spreads using malicious spam email campaigns. Creators of this threat embed an infected attachment to spam emails and send them using a spambot. Crooks may even use deceptive tactics to trick you into opening the malware-laden immediately which is something you must not do. Thus, before opening any emails, make sure that you’ve thoroughly checked them. To successfully obliterate PyLocky ransomware from your computer, refer to the removal guide laid out below.

• Step 1: Launch the Task Manager by simply tapping Ctrl + Shift + Esc keys on your keyboard.
• Step 2: Under the Task Manager, go to the Processes tab and look for the process named facture_4739149_08.26.2018.exe and any suspicious-looking process which takes up most of your CPU’s resources and is most likely related to PyLocky ransomware.
• Step 3: After that, close the Task Manager.
• Step 4: Tap Win + R, type in appwiz.cpl and click OK or tap Enter to open Control Panel’s list of installed programs.
• Step 5: Under the list of installed programs, look for PyLocky ransomware or anything similar, and then uninstall it.
• Step 6: Next, close the Control Panel and tap Win + E keys to launch File Explorer.
• Step 7: Navigate to the following locations below and look for PyLocky ransomware’s malicious components such as facture_4739149_08.26.2018.exe and LOCKY-README.txt as well as other suspicious files, then delete all of them.

%TEMP% %WINDIR%System32Tasks %APPDATA%MicrosoftWindowsTemplates %USERPROFILE%Downloads %USERPROFILE%Desktop

• Step 8: Close the File Explorer.
• Step 9: Tap Win + R to open Run and then type in Regedit in the field and tap enter to pull up Windows Registry.
• Step 10: Navigate to the following path:

HKEY_CURRENT_USERControl PanelDesktop HKEY_USERS.DEFAULTControl PanelDesktop HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunOnce HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce

• Step 11: Delete the registry keys and sub-keys created by PyLocky ransomware.
• Step 12: Close the Registry Editor and empty the Recycle Bin.

Try to recover your encrypted files using the Shadow Volume copies Restoring your encrypted files using Windows Previous Versions feature will only be effective if PyLocky ransomware hasn’t deleted the shadow copies of your files. But still, this is one of the best and free methods there is, so it’s definitely worth a shot. To restore the encrypted file, right-click on it and select Properties, a new window will pop up, then proceed to Previous Versions. It will load the file’s previous version before it was modified. After it loads, select any of the previous versions displayed on the list like the one in the illustration below. And then click the Restore button.