Jump to content

Removing ICE virus using Farbar


Recommended Posts

Below are the results of my Farbar Scan.

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-11-2013
Ran by SYSTEM on MININT-L0HSIQU on 24-11-2013 12:15:43
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [HostManager] - C:\Program Files (x86)\Common Files\AOL\1323658602\ee\aolsoftware.exe [41800 2010-03-07] (AOL Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKU\Mcx1-BART-PC\...\Winlogon: [shell] EXPLORER.EXE <==== ATTENTION
Startup: C:\Users\Bart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l9ebw8.lnk
ShortcutTarget: l9ebw8.lnk -> C:\PROGRA~3\8wbe9l.dss (Корпорация Майкрософт)

==================== Services (Whitelisted) =================

S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [128752 2010-06-29] (SUPERAntiSpyware.com)
S2 Winmgmt; C:\ProgramData\l9ebw8.pss [60516 2013-11-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2010-04-29] (MediaMall Technologies, Inc.)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14920 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12360 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 smserial; C:\Windows\System32\DRIVERS\SmSerl64.sys [1227776 2009-06-10] (Motorola Inc.)
S5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-24 11:53 - 2013-11-24 11:53 - 00000000 ____D C:\FRST
2013-11-23 15:19 - 2013-11-23 15:19 - 00003240 ____N C:\bootsqm.dat
2013-11-23 14:56 - 2013-11-23 14:56 - 01251328 ____T C:\ProgramData\l9ebw8.fdd
2013-11-23 14:55 - 2013-11-23 14:55 - 00000273 _____ C:\ProgramData\l9ebw8.reg
2013-11-23 14:54 - 2013-11-24 08:51 - 95025368 ____T C:\ProgramData\l9ebw8.bxx
2013-11-23 14:54 - 2013-11-24 08:50 - 00000000 _____ C:\ProgramData\l9ebw8.fvv
2013-11-23 14:54 - 2013-11-23 14:54 - 00204800 _____ (Корпорация Майкрософт) C:\ProgramData\8wbe9l.dss
2013-11-23 14:54 - 2013-11-23 14:54 - 00060516 ____T (Microsoft Corporation) C:\ProgramData\l9ebw8.pss
2013-11-23 11:52 - 2013-11-24 03:49 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-11-23 05:43 - 2013-10-12 00:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-23 05:43 - 2013-10-12 00:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-23 05:43 - 2013-10-12 00:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-11-23 05:43 - 2013-10-12 00:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-23 05:43 - 2013-10-12 00:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-23 05:43 - 2013-10-12 00:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-23 05:43 - 2013-10-12 00:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-23 05:43 - 2013-10-12 00:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-11-23 05:43 - 2013-10-12 00:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-11-23 05:43 - 2013-10-12 00:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-11-23 05:43 - 2013-10-12 00:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-11-23 05:43 - 2013-10-12 00:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-11-23 05:43 - 2013-10-12 00:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-11-23 05:43 - 2013-10-12 00:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-11-23 05:43 - 2013-10-11 23:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-23 05:43 - 2013-10-11 23:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-23 05:43 - 2013-10-11 23:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-23 05:43 - 2013-10-11 23:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-23 05:43 - 2013-10-11 23:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-23 05:43 - 2013-10-11 23:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-23 05:43 - 2013-10-11 23:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-23 05:43 - 2013-10-11 23:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-23 05:43 - 2013-10-11 23:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-23 05:43 - 2013-10-11 23:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-23 05:43 - 2013-10-11 23:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-23 05:43 - 2013-10-11 23:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-23 05:43 - 2013-10-11 23:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-23 05:43 - 2013-10-11 22:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-11-23 05:43 - 2013-10-11 22:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-23 05:43 - 2013-10-11 21:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-11-23 05:43 - 2013-10-11 21:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-15 17:10 - 2013-10-05 12:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-11-15 17:10 - 2013-10-05 11:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-15 17:10 - 2013-10-03 18:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\System32\SmartcardCredentialProvider.dll
2013-11-15 17:10 - 2013-10-03 18:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\credui.dll
2013-11-15 17:10 - 2013-10-03 18:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-11-15 17:10 - 2013-10-03 17:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-15 17:10 - 2013-10-03 17:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-15 17:10 - 2013-10-03 17:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-15 17:10 - 2013-09-27 17:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-11-15 17:10 - 2013-09-24 18:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-11-15 17:10 - 2013-09-24 18:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-11-15 17:10 - 2013-09-24 18:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2013-11-15 17:10 - 2013-09-24 18:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2013-11-15 17:10 - 2013-09-24 18:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2013-11-15 17:10 - 2013-09-24 18:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-11-15 17:10 - 2013-09-24 18:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-11-15 17:10 - 2013-09-24 18:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-11-15 17:10 - 2013-09-24 17:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-15 17:10 - 2013-09-24 17:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-15 17:10 - 2013-09-24 17:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-15 17:10 - 2013-09-24 17:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-15 17:10 - 2013-09-24 17:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2013-11-15 17:10 - 2013-07-04 04:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-11-15 17:09 - 2013-10-11 18:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\System32\nshwfp.dll
2013-11-15 17:09 - 2013-10-11 18:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2013-11-15 17:09 - 2013-10-11 18:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\System32\FWPUCLNT.DLL
2013-11-15 17:09 - 2013-10-11 18:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-15 17:09 - 2013-10-11 18:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-15 17:09 - 2013-10-02 18:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2013-11-15 17:09 - 2013-10-02 18:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-10-26 10:27 - 2013-10-26 10:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-26 10:27 - 2013-10-26 10:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-26 10:15 - 2013-10-26 10:15 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-10-26 10:15 - 2013-10-26 10:15 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help

==================== One Month Modified Files and Folders =======

2013-11-24 11:53 - 2013-11-24 11:53 - 00000000 ____D C:\FRST
2013-11-24 08:51 - 2013-11-23 14:54 - 95025368 ____T C:\ProgramData\l9ebw8.bxx
2013-11-24 08:50 - 2013-11-23 14:54 - 00000000 _____ C:\ProgramData\l9ebw8.fvv
2013-11-24 08:50 - 2013-08-25 10:00 - 00000728 _____ C:\Windows\setupact.log
2013-11-24 08:50 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-24 03:49 - 2013-11-23 11:52 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-11-23 21:49 - 2011-12-01 19:32 - 01741243 _____ C:\Windows\WindowsUpdate.log
2013-11-23 18:32 - 2013-03-20 16:11 - 00000000 ____D C:\users\Mcx1-BART-PC
2013-11-23 18:31 - 2011-12-11 18:56 - 00000000 ____D C:\Program Files (x86)\AOL Desktop 9.6
2013-11-23 18:31 - 2011-12-01 16:41 - 00000000 ____D C:\users\Bart
2013-11-23 18:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-11-23 15:19 - 2013-11-23 15:19 - 00003240 ____N C:\bootsqm.dat
2013-11-23 14:56 - 2013-11-23 14:56 - 01251328 ____T C:\ProgramData\l9ebw8.fdd
2013-11-23 14:55 - 2013-11-23 14:55 - 00000273 _____ C:\ProgramData\l9ebw8.reg
2013-11-23 14:54 - 2013-11-23 14:54 - 00204800 _____ (Корпорация Майкрософт) C:\ProgramData\8wbe9l.dss
2013-11-23 14:54 - 2013-11-23 14:54 - 00060516 ____T (Microsoft Corporation) C:\ProgramData\l9ebw8.pss
2013-11-23 12:19 - 2009-07-13 20:45 - 00021888 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-23 12:19 - 2009-07-13 20:45 - 00021888 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-23 12:18 - 2009-07-13 21:13 - 00726444 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-23 05:43 - 2011-12-01 16:26 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-23 05:42 - 2013-08-17 07:30 - 00000000 ____D C:\Windows\System32\MRT
2013-11-23 05:40 - 2011-12-06 18:21 - 82896128 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-11-11 02:50 - 2010-11-20 19:27 - 00267936 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-10-29 14:20 - 2009-07-13 18:34 - 00000478 _____ C:\Windows\win.ini
2013-10-27 11:53 - 2011-12-01 17:21 - 00109296 _____ C:\Users\Bart\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-26 12:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-10-26 11:49 - 2009-07-13 20:45 - 00413312 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-26 10:27 - 2013-10-26 10:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-26 10:27 - 2013-10-26 10:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-26 10:20 - 2011-12-01 16:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-10-26 10:15 - 2013-10-26 10:15 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-10-26 10:15 - 2013-10-26 10:15 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help

Files to move or delete:
====================
C:\ProgramData\8wbe9l.dss
C:\ProgramData\l9ebw8.bxx
C:\ProgramData\l9ebw8.fvv
C:\ProgramData\l9ebw8.pss
C:\ProgramData\l9ebw8.reg

Some content of TEMP:
====================
C:\Users\Bart\AppData\Local\Temp\oS1R.dll

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

11
Restore point made on: 2013-09-29 06:16:19
Restore point made on: 2013-10-04 01:46:41
Restore point made on: 2013-10-19 11:01:38
Restore point made on: 2013-10-20 13:51:15
Restore point made on: 2013-10-26 10:13:52
Restore point made on: 2013-10-29 14:19:18
Restore point made on: 2013-11-03 17:08:33
Restore point made on: 2013-11-10 10:45:50
Restore point made on: 2013-11-15 17:02:58
Restore point made on: 2013-11-23 05:38:24
Restore point made on: 2013-11-23 14:58:21

==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 3062.18 MB
Available physical RAM: 2449.57 MB
Total Pagefile: 3060.38 MB
Available Pagefile: 2496.44 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.95 GB) (Free:105.5 GB) NTFS
Drive f: () (Removable) (Total:7.53 GB) (Free:7.53 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 7F21D957)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 8 GB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.

LastRegBack: 2013-11-10 14:34

==================== End Of Log ============================

Link to post
Share on other sites

OK, here you go......this should get you going:

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if the computer boots normally now and if so..........run MBAR

If not...rescan with FRST and post the new log

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
To attach a log if needed:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

Link to post
Share on other sites

Thank you so much for the help. It did reboot and I'm running Malware now. Below is the fixlog. Again, thanks.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-11-2013
Ran by SYSTEM at 2013-11-24 12:45:29 Run:1
Running from F:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKU\Mcx1-BART-PC\...\Winlogon: [shell] EXPLORER.EXE
Startup: C:\Users\Bart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l9ebw8.lnk
ShortcutTarget: l9ebw8.lnk -> C:\PROGRA~3\8wbe9l.dss
C:\ProgramData\8wbe9l.dss
C:\ProgramData\l9ebw8.bxx
C:\ProgramData\l9ebw8.fvv
C:\ProgramData\l9ebw8.pss
C:\ProgramData\l9ebw8.reg
C:\Users\Bart\AppData\Local\Temp\oS1R.dll
C:\ProgramData\l9ebw8.fdd
C:\Users\Bart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l9ebw8.lnk

*****************

HKU\Mcx1-BART-PC\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\Bart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l9ebw8.lnk => Moved successfully.
ShortcutTarget: l9ebw8.lnk -> C:\PROGRA~3\8wbe9l.dss  not found.
C:\ProgramData\8wbe9l.dss => Moved successfully.
C:\ProgramData\l9ebw8.bxx => Moved successfully.
C:\ProgramData\l9ebw8.fvv => Moved successfully.
C:\ProgramData\l9ebw8.pss => Moved successfully.
C:\ProgramData\l9ebw8.reg => Moved successfully.
C:\Users\Bart\AppData\Local\Temp\oS1R.dll => Moved successfully.
C:\ProgramData\l9ebw8.fdd => Moved successfully.
"C:\Users\Bart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l9ebw8.lnk" => File/Directory not found.

==== End of Fixlog ====

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.