Jump to content

Recommended Posts

Hello,

Encrypted files with the xtbl extension cannot be decrypted.

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

HKLM\...\Run: [kghniyoh] => C:\Windows\System32\[email protected]
HKLM\...\Policies\Explorer: [ShowSuperHidden] 1
HKU\S-1-5-21-2811035814-3685519089-1505991472-1130\...\MountPoints2: {45339bca-c429-11e3-8989-806e6f6e6963} - E:\Autorun.exe
HKU\S-1-5-21-2811035814-3685519089-1505991472-1130\...\MountPoints2: {8743a86d-39a6-11e4-958f-babad6e8e5c6} - F:\setup.exe
Startup: C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\How to decrypt your files.jpg [2016-07-21] ()
Startup: C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\How to decrypt your files.txt [2016-07-21] ()
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [No File]
2016-07-21 10:34 - 2016-07-21 10:36 - 00000000 ____D C:\Users\bkiwan\AppData\Local\Temp\tmp00001d35
2016-07-21 10:34 - 2016-07-21 10:34 - 02053586 ____T C:\Users\bkiwan\AppData\Local\Temp\E61C750ABE4C48C7A3CDA6D5619635B1.tmp
2016-07-21 10:34 - 2016-07-21 10:34 - 02053586 ____T C:\Users\bkiwan\AppData\Local\Temp\89819AA7EEBA409D8850E7FB1CE9EB1F.tmp
2016-07-21 10:34 - 2016-07-21 10:34 - 02053586 ____T C:\Users\bkiwan\AppData\Local\Temp\29321768B2584DE580B9DA253B655B79.tmp
2016-07-21 10:34 - 2016-07-21 10:34 - 01747238 ____T C:\Users\bkiwan\AppData\Local\Temp\A7E9554B318749E394DEB8EAD33F0B56.tmp
2016-07-21 10:34 - 2016-07-21 10:34 - 01747238 ____T C:\Users\bkiwan\AppData\Local\Temp\96444C5F96BE4B6191242FF2127607B6.tmp
2016-07-21 10:34 - 2016-07-21 10:34 - 01695376 ____T C:\Users\bkiwan\AppData\Local\Temp\F57A59AF8FF74C00B7D232083BE33320.tmp
2016-07-21 10:34 - 2016-07-21 10:34 - 00834951 ____T C:\Users\bkiwan\AppData\Local\Temp\FB7A5FB214624C8A8A77BEAB8E756934.tmp
2016-07-21 10:34 - 2016-07-21 10:34 - 00834951 ____T C:\Users\bkiwan\AppData\Local\Temp\D95A0C94816747D0943B9B38B77850D8.tmp
2016-07-21 10:34 - 2016-07-21 10:34 - 00834951 ____T C:\Users\bkiwan\AppData\Local\Temp\12274CF1B25E4C32AD6D4409B61FE736.tmp
2016-07-21 10:34 - 2016-07-21 10:34 - 00718283 ____T C:\Users\bkiwan\AppData\Local\Temp\EEC4FF9043544567A99D73F864C1F7A5.tmp
2016-07-21 10:34 - 2016-07-21 10:34 - 00718283 ____T C:\Users\bkiwan\AppData\Local\Temp\0B1F1F0A81EF4B5BB282BE235ECAF2A4.tmp
2016-07-21 10:34 - 2016-07-21 10:34 - 00699243 ____T C:\Users\bkiwan\AppData\Local\Temp\A61128B40E08446DB186B7E439E6DE85.tmp
2016-07-21 10:34 - 2016-07-21 10:34 - 00079884 ____T C:\Users\bkiwan\AppData\Local\Temp\E2D4C975E9CC42A1BC8CB8B311682E22.tmp
2016-07-21 10:34 - 2016-07-21 10:34 - 00079884 ____T C:\Users\bkiwan\AppData\Local\Temp\C6CBCB2D26E64263991A8BD157E386D0.tmp
2016-07-21 10:34 - 2016-07-21 10:34 - 00079884 ____T C:\Users\bkiwan\AppData\Local\Temp\23B70E6D90D246B9BB4397A5E9B8C54D.tmp
2016-07-21 10:34 - 2016-07-21 10:34 - 00052164 ____T C:\Users\bkiwan\AppData\Local\Temp\9AD45A6448054BC6B63161E382419F6B.tmp
2016-07-21 05:23 - 2016-05-26 12:47 - 00000000 ____D C:\Users\SYSTEM_USER\AppData\Local\Temp\6
2016-07-21 05:21 - 2016-05-26 12:33 - 00000000 ____D C:\Users\alpha\AppData\Local\Temp\4
C:\Users\bkiwan\AppData\Local\Temp\2\ReimagePackage.exe
C:\Users\bkiwan\AppData\Local\Temp\2\sqlite3.exe
Task: {3BD2AD39-C1E5-474C-A686-320B6D2554E3} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2016-05-27] (Reimage®) <==== ATTENTION
Task: {51A20EA7-EFB5-4528-87F4-50DC4AED561E} - System32\Tasks\GoogleUpdateTaskMachineSvc => /nw <==== ATTENTION
Task: {8209253D-E60B-44B5-8C53-96C794C909AD} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2016-07-11] (Reimage ltd.) <==== ATTENTION
C:\Users\TEMP\Downloads\[email protected]
Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...