![]() HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NOS (Trojan.FakeMS) -> Data: C:\Users\Gary\AppData\Roaming\877F24.exe -> Quarantined and deleted successfully. Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM IE: Convert to Adobe PDF - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking) ![]() IE: Convert Link Target to Adobe PDF - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Append to Existing PDF - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Append Link Target to Existing PDF - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html ![]() MPolicies-System: PromptOnSecureDesktop = dword:0 MPolicies-System: EnableUIADesktopToggle = dword:0 MPolicies-System: ConsentPromptBehaviorUser = dword:3 MPolicies-System: ConsentPromptBehaviorAdmin = dword:0 MPolicies-Explorer: NoActiveDesktopChanges = dword:1 MPolicies-Explorer: NoActiveDesktop = dword:1 UPolicies-Explorer: NoDriveTypeAutoRun = dword:145 ![]() StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STK02N~1.LNK - C:\Windows\STK02N\STK02NM.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe StartupFolder: C:\Users\XXX\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\VyprVPN.lnk - C:\Windows\System32\schtasks.exe StartupFolder: C:\Users\XXX\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\ 3\program\quickstart.exe MRun: C:\Program Files (x86)\KeyScrambler\keyscrambler.exe /a MRun: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MRun: C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe MRun: C:\Program Files (x86)\Western Digital\WD Apps\WDDriveAutoUnlock.exe MRun: c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe MRun: "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" MRun: "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup MRun: "c:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" MRun: "c:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" MRun: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MRun: C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe URun: "C:\Users\XXX\Desktop\Bin\QQ.exe" /background URun: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun URun: C:\Program Files (x86)\Dump Truck\DumpTruck.exe ĪV: Microsoft Security Essentials *Disabled/Updated* - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll ![]() I have followed the directions in another thread in this forum and here are the dds.txt and attach.txt results: I have done all I can to delete snap.do, and QQ but files from them keep reappearing. I suspected it might have been malware from either snap.do, or QQ, or from Spybot hijacking my system. internet connection adapters would be present but inoperable. I would unable to open or connect to a vpnģ. Certain strange events began happening on my machine.Ģ. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |