NotAName

Thanks @AdvancedSetup (Ron) for the prompt reply. Yes, I do need help to thoroughly clean the laptop as it's giving me hiccups. I've already mentioned the errors in the point number 1 in full details Thanks in advance

My laptop is out for service so I borrowed a laptop (OS: Windows 10 Pro lappy) from an acquaintance a week or two ago and started working on it. Few days back I've been hit by a ransomware. Internal Hard Drive has no Important data (The guy who gave me the lappy had already backed up his data and wiped all the partitions, so his data is safe) But the problem is my 4TB external Hard Drive was connected with the laptop at the time of the attack. The HDD is not full but it has gigabytes of important data. Most of my files on the external HDD in folders and sub folders now has .PPTX extension and a READ_ME.txt file that tells me to download TOR Browser and visit a link and pay the ransom to buy the decryptor. The same thing happened to the files on the Internal HDD but there's less important data on the internal hdd and most of the files are not important at all. Critically important data is only on the external HDD. I uploaded the sample file to id-ransomware malwarehunterteam website and it says it's a GlobeImposter 2.0 Ransomware and so There's no way to decrypt the files for free. I downloaded Malwarebytes, HitmanPro and Spybot Search & Destroy and scanned the laptop and deleted/quarantined the viruses/threats as instructed by these software. Now my questions and problems are listed below (please guide me in simple steps) 1. I immediately removed the external HDD and I scanned the laptop with Malwarebytes and other anti-malware software TWICE or THRICE but still the system is behaving weirdly. (i) The search bar on the taskbar ("Search the web Windows") is locked/greyed out. I mean I can't use this bar. I can't type anything In this bar. How to make it work? (ii) During the encryption attack, Default Windows Defender Application was automatically disabled and the enable-switch was greyed out. The enabling switch is still greyed out so I can't enable the Defender now. (iii) After the attack the Windows started giving me so many error message after each reboot. So I ran the Malwarebytes (and other) scan again. now all the errors are gone but one error message is persistent. Whenever I reboot the laptop it shows an error message "Main class was not specified in INI file." I want this message to get vanished so the guy who lent me the lappy doesn't know about the malware attack (iv) Windows Edge Browser is NOT working. The moment I launch it, it flashes and vanishes within a blink of an eye. Chrome and Firefox are working fine (v) Windows Photos App is not working/opening. It also vanishes like Edge (vi) There might be issues with other applications too but I haven't discovered yet Before anyone tells me to use the recovery disk etc, I wanna clarify that I have NONE with me. I just don't wanna let that guy know (the owner of the laptop) about the Ransomware attack. So I want to reinstate his lappy in the previous working condition. By the way System Restore wasn't enabled on his system as far as I discovered 2. Is there any hope to recover my data (External HDD) in the future? Will there be any free decryptor? If the free decryptor gets released in the future, will I be able to recover my HDD files without current laptop? As I have to return the current laptop by Saturday to the owner. Do I have to backup anything from the current borrowed laptop now for the decryption process in future? please tell me [p.s. I don't have any backup of the HDD] 3. Is the Ransomware Malware still residing somewhere on my system? how to confirm? How to clean the system permanently without recovery disk? 4. Is it safe to connect this external HDD to my own laptop when I get my lappy back or a new computer in near future? Is there any risk involved? 5. I had created few new profiles in Firefox browser. All the profiles are gone (I guess because the profiles data and cookies under AppData are now encrypted/corrupted with PPTX extention BUT ironically in Google Chrome my Gmail Account is still logged in. and the browsing history is still intact. it means the Chrome Cookies haven't been corrupted? How is this possible? anything spooky? 6. After cleaning/quarantining this current laptop, I , curiously, connected the infected external HDD with this infected laptop. To my surprise, many files are still safe (not encrypted) on the HDD. I guess I did a good thing by instantly shutting down the system and disconnecting the HDD. So, this is a tip for potential victims. As soon as you discover any malware, promptly disconnect external media or shutdown the system By the way, After Scanning and quarantining with Malwarebytes, I've Re-connected the HDD to check the health of my files and to backup (copy/move) some important but encrypted PPTX encrypted files. Any risk or is it alright? Will I end up locking down my safe files (NON encrypted files) on the HDD? I'm so scared. Worst nightmare ever