Jump to content

FBI Ransomware Infection


Swanny
 Share

Recommended Posts

Greetings, I am working on a laptop that has been infected with the FBI Ransomware, please see the below FRST Log:

 

*Note*, this PC has one user account enabled and all attempts to start into safemode so far have failed.

 

Thanks in advance!!

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-09-2013 04
Ran by SYSTEM on MINWINPC on 02-09-2013 12:31:25
Running from F:\
Windows Vista Home Premium (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [synTPStart] - C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-15] (Synaptics, Inc.)
HKLM\...\Run: [MSConfig] - C:\Windows\system32\msconfig.exe [227840 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM\...\Run: [] -  [x]
HKLM\...\Run: [NvSvc] - C:\Windows\system32\nvsvc.dll [86016 2007-09-28] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [8497696 2007-09-28] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [81920 2007-09-28] (NVIDIA Corporation)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [navservice] - C:\Program Files\Navionics World\NavService.exe [98304 2012-09-25] ()
HKLM\...\Run: [spySweeper] - C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [6273400 2008-11-13] (Webroot Software, Inc.)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2007-10-01] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2007-10-01] (Hewlett-Packard)
HKU\owner\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2009-06-02] (Google Inc.)
HKU\owner\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\owner\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-18] (Microsoft Corporation)
HKU\owner\...\Run: [DisplaySwitch] - C:\Users\owner\AppData\Roaming\Microsoft\Windows\Templates\sysdrivwin.exe [ 2013-08-30] ()
HKU\owner\...\Run: [Adobe CSS5.1 Manager] - C:\Users\owner\AppData\Local\39d498f8-6ad9-491f-8d38-19f546e38839ad\dfadfdfead.exe [ 2013-08-30] () <===== ATTENTION

========================== Services (Whitelisted) =================

S3 Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.)
S2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
S2 WebrootSpySweeperService; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [3667312 2008-11-12] (Webroot Software, Inc. (www.webroot.com))
S2 WRConsumerService; C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe [1086840 2008-11-13] (Webroot Software, Inc. )

==================== Drivers (Whitelisted) ====================

S0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-10] (Microsoft Corporation)
S3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [176640 2007-09-08] (Conexant Systems Inc.)
S1 nm3; C:\Windows\System32\DRIVERS\nm3.sys [39736 2010-06-09] (Microsoft Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-08] (Microsoft Corporation)
S0 ssfs0bbc; C:\Windows\System32\DRIVERS\ssfs0bbc.sys [29808 2008-11-12] (Webroot Software, Inc. (www.webroot.com))
S0 SSHRMD; C:\Windows\System32\Drivers\SSHRMD.SYS [23152 2008-11-12] (Webroot Software, Inc. (www.webroot.com))
S0 SSIDRV; C:\Windows\System32\Drivers\SSIDRV.SYS [170608 2008-11-12] (Webroot Software, Inc. (www.webroot.com))
S3 SSKBFD; C:\Windows\System32\Drivers\sskbfd.sys [23920 2008-01-04] (Webroot Software Inc (www.webroot.com))
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S1 eabfiltr;
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 SymIM; system32\DRIVERS\SymIM.sys [x]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-30 19:04 - 2013-08-30 19:04 - 00063488 _____ (Hilgraeve, Inc.) C:\Users\owner\spoolsv.exe
2013-08-30 19:04 - 2013-08-30 19:04 - 00032768 _____ C:\Users\owner\iexplore.exe
2013-08-30 19:04 - 2013-08-30 19:04 - 00000000 ____D C:\Users\owner\Local Settings\Application Data\39d498f8-6ad9-491f-8d38-19f546e38839ad
2013-08-30 19:04 - 2013-08-30 19:04 - 00000000 ____D C:\Users\owner\AppData\Local\39d498f8-6ad9-491f-8d38-19f546e38839ad
2013-08-30 19:04 - 2013-08-30 19:04 - 00000000 _____ C:\Users\owner\vlcplayer.exe
2013-08-27 19:26 - 2013-08-01 20:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-08-20 14:42 - 2013-08-20 14:42 - 00000000 ____D C:\Users\owner\Local Settings\Application Data\Macromedia
2013-08-20 14:42 - 2013-08-20 14:42 - 00000000 ____D C:\Users\owner\AppData\Local\Macromedia
2013-08-20 14:26 - 2013-08-20 14:26 - 01067192 _____ (Solid State Networks) C:\Users\owner\Downloads\install_flashplayer11x32axau_mssa_awc_aih.exe
2013-08-19 23:18 - 2013-08-19 23:21 - 00000000 ____D C:\Windows\System32\MRT
2013-08-19 23:03 - 2013-07-24 18:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-08-19 23:03 - 2013-07-24 18:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-08-19 23:03 - 2013-07-24 18:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-08-19 23:03 - 2013-07-24 18:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-08-19 23:03 - 2013-07-24 18:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-08-19 23:03 - 2013-07-24 18:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-08-19 23:03 - 2013-07-24 18:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-08-19 23:03 - 2013-07-24 18:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-08-19 23:03 - 2013-07-24 18:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-08-19 23:03 - 2013-07-24 18:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-08-19 23:03 - 2013-07-24 18:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-08-19 23:03 - 2013-07-24 18:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-08-19 23:03 - 2013-07-24 18:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-08-19 23:03 - 2013-07-24 18:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-08-19 23:03 - 2013-07-24 18:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-08-19 23:03 - 2013-07-24 18:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-08-19 09:58 - 2013-07-07 20:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-08-19 09:58 - 2013-07-07 20:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-08-19 09:58 - 2013-07-07 20:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-08-19 09:58 - 2013-07-07 20:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-08-19 09:58 - 2013-07-04 20:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-08-19 09:58 - 2013-06-15 05:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\icaapi.dll
2013-08-19 09:58 - 2013-06-15 03:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2013-08-19 09:57 - 2013-07-17 11:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-08-19 09:57 - 2013-07-10 01:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-08-19 09:52 - 2013-07-09 04:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-08-19 09:52 - 2013-07-07 20:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-08-19 09:52 - 2013-07-07 20:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

==================== One Month Modified Files and Folders =======

2013-09-02 08:19 - 2013-09-02 08:19 - 00000000 __SHD C:\found.000
2013-09-02 08:15 - 2008-01-28 21:13 - 01245760 _____ C:\Windows\WindowsUpdate.log
2013-09-02 08:13 - 2009-06-02 07:27 - 00000000 ____D C:\Program Files\Google
2013-09-02 08:13 - 2008-03-31 15:55 - 00000000 _____ C:\Users\owner\AppData\Roaming\nvModes.001
2013-09-02 08:11 - 2006-11-02 04:47 - 00003568 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-02 08:11 - 2006-11-02 04:47 - 00003568 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-30 19:04 - 2013-08-30 19:04 - 00063488 _____ (Hilgraeve, Inc.) C:\Users\owner\spoolsv.exe
2013-08-30 19:04 - 2013-08-30 19:04 - 00032768 _____ C:\Users\owner\iexplore.exe
2013-08-30 19:04 - 2013-08-30 19:04 - 00000000 ____D C:\Users\owner\Local Settings\Application Data\39d498f8-6ad9-491f-8d38-19f546e38839ad
2013-08-30 19:04 - 2013-08-30 19:04 - 00000000 ____D C:\Users\owner\AppData\Local\39d498f8-6ad9-491f-8d38-19f546e38839ad
2013-08-30 19:04 - 2013-08-30 19:04 - 00000000 _____ C:\Users\owner\vlcplayer.exe
2013-08-30 19:04 - 2008-03-03 19:01 - 00000000 ____D C:\users\owner
2013-08-30 18:52 - 2008-03-31 15:16 - 00027335 _____ C:\Users\owner\AppData\Roaming\nvModes.dat
2013-08-26 14:09 - 2012-02-06 08:10 - 00000000 ____D C:\Users\owner\AppData\Roaming\HpUpdate
2013-08-20 15:00 - 2006-11-02 02:33 - 00721582 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-20 14:42 - 2013-08-20 14:42 - 00000000 ____D C:\Users\owner\Local Settings\Application Data\Macromedia
2013-08-20 14:42 - 2013-08-20 14:42 - 00000000 ____D C:\Users\owner\AppData\Local\Macromedia
2013-08-20 14:42 - 2012-04-05 17:04 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-08-20 14:42 - 2011-06-24 19:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-08-20 14:26 - 2013-08-20 14:26 - 01067192 _____ (Solid State Networks) C:\Users\owner\Downloads\install_flashplayer11x32axau_mssa_awc_aih.exe
2013-08-19 23:56 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\rescache
2013-08-19 23:53 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-19 23:21 - 2013-08-19 23:18 - 00000000 ____D C:\Windows\System32\MRT
2013-08-19 23:18 - 2006-11-02 02:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-08-19 23:14 - 2007-10-25 00:51 - 00000000 ____D C:\ProgramData\Microsoft Help

Files to move or delete:
====================
C:\Users\owner\AppData\Local\39d498f8-6ad9-491f-8d38-19f546e38839ad\dfadfdfead.exe
C:\Users\owner\iexplore.exe
C:\Users\owner\spoolsv.exe
C:\Users\owner\vlcplayer.exe
C:\Users\owner\AppData\Local\Temp\contentDATs.exe
C:\Users\owner\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\owner\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\owner\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\owner\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\owner\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\owner\AppData\Local\Temp\tbWhit.dll
C:\Users\owner\AppData\Local\Temp\updater_uninstall.exe
C:\Users\owner\AppData\Local\Temp\be29e7f1-71ae-4703-50cb-1d52be512f51\twapi-be29e7f1-71ae-4703-50cb-1d52be512f51.dll
C:\Windows\Tasks\{C473DEA2-EECC-46AA-939C-0E97D9AD1B5A}.job

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-06-05 13:17:30
Restore point made on: 2013-06-05 23:00:36
Restore point made on: 2013-06-24 15:02:36
Restore point made on: 2013-06-25 23:00:45
Restore point made on: 2013-06-26 19:30:51
Restore point made on: 2013-07-01 18:32:09
Restore point made on: 2013-07-12 16:44:36
Restore point made on: 2013-07-14 23:00:46
Restore point made on: 2013-07-21 19:15:42
Restore point made on: 2013-07-31 19:26:44
Restore point made on: 2013-08-07 14:12:59
Restore point made on: 2013-08-19 09:36:50
Restore point made on: 2013-08-19 23:00:37
Restore point made on: 2013-08-20 15:28:47
Restore point made on: 2013-08-24 12:22:38
Restore point made on: 2013-08-27 23:00:37

==================== Memory info ===========================

Percentage of memory in use: 23%
Total physical RAM: 1982.31 MB
Available physical RAM: 1511.05 MB
Total Pagefile: 1735.09 MB
Available Pagefile: 1571.24 MB
Total Virtual: 2047.88 MB
Available Virtual: 1959.63 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:137.34 GB) (Free:71.6 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (PRESARIO_RP) (Fixed) (Total:11.71 GB) (Free:1.87 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (UNTITLED 1) (Removable) (Total:14.91 GB) (Free:12.31 GB) FAT32
Drive g: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: D23D125D)
Partition 1: (Active) - (Size=137 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0B)


LastRegBack: 2013-09-02 08:10

==================== End Of Log ============================

Link to post
Share on other sites

OK, here you go......this should get you going:

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if the computer boots normally now and if so..........run MBAR

If not...rescan with FRST and post the new log

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

Link to post
Share on other sites

Thanks for the quick reply,

 

Here is the fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-09-2013 04
Ran by SYSTEM at 2013-09-02 13:11:02 Run:1
Running from F:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
HKU\owner\...\Run: [DisplaySwitch] - C:\Users\owner\AppData\Roaming\Microsoft\Windows\Templates\sysdrivwin.exe [ 2013-08-30] ()
HKU\owner\...\Run: [Adobe CSS5.1 Manager] - C:\Users\owner\AppData\Local\39d498f8-6ad9-491f-8d38-19f546e38839ad\dfadfdfead.exe
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Templates\sysdrivwin.exe
C:\Users\owner\AppData\Local\39d498f8-6ad9-491f-8d38-19f546e38839ad\dfadfdfead.exe
C:\Users\owner\spoolsv.exe
C:\Users\owner\iexplore.exe
C:\Users\owner\Local Settings\Application Data\39d498f8-6ad9-491f-8d38-19f546e38839ad
C:\Users\owner\AppData\Local\39d498f8-6ad9-491f-8d38-19f546e38839ad
C:\Users\owner\vlcplayer.exe
C:\Windows\Tasks\{C473DEA2-EECC-46AA-939C-0E97D9AD1B5A}.job

*****************

HKU\owner\Software\Microsoft\Windows\CurrentVersion\Run\\DisplaySwitch => Value deleted successfully.
HKU\owner\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe CSS5.1 Manager => Value deleted successfully.
"C:\Users\owner\AppData\Roaming\Microsoft\Windows\Templates\sysdrivwin.exe " => Could not move.
"C:\Users\owner\AppData\Local\39d498f8-6ad9-491f-8d38-19f546e38839ad\dfadfdfead.exe " => Could not move.
"C:\Users\owner\spoolsv.exe" => Could not move.
"C:\Users\owner\iexplore.exe" => Could not move.
"C:\Users\owner\Local Settings\Application Data\39d498f8-6ad9-491f-8d38-19f546e38839ad" => Could not move.
"C:\Users\owner\AppData\Local\39d498f8-6ad9-491f-8d38-19f546e38839ad" => Could not move.
"C:\Users\owner\vlcplayer.exe" => Could not move.
"C:\Windows\Tasks\{C473DEA2-EECC-46AA-939C-0E97D9AD1B5A}.job" => Could not move.

==== End of Fixlog ====

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.