O2 - BHO: AcroIEHelperStub - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =į2 - REG:system.ini: UserInit=userinit.exe, R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve Also, when I reboot, the security settings in IE are changed to prevent downloads.Ĭ:\Program Files\LENOVO\HOTKEY\tposdsvc.exeĬ:\Program Files\Lenovo\HOTKEY\TPONSCR.exeĬ:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exeĬ:\Program Files\Lenovo\Communications Utility\TpKnrres.exeĬ:\Program Files (x86)\Digital Line Detect\DLG.exeĬ:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXEĬ:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exeĬ:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeĬ:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exeĬ:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe The result is that a number of dllhost.exe processes are created, and a ton of http requests to different websites are made (I disconnected from the internet before any popups appeared).
The machine runs well and web browsing is fine with one exception: from running fiddler, I can see that explorer.exe is occasionally making the following request:
#What is ricoh r5u8xx media driver full#
I rebooted, ran a full scan with both malwarebytes and a quick scan with Microsoft Antimalware Removal tool, and both came back clean. O4 - HKCU\.\Run: regsvr32.exe C:\Users\sumida\AppData\Local\Omjxics\MAXComponents.DLL Malwarebytes found and deleted the following:Ĭ:\Users\sumida\AppData\Local\Omjxics\MAXComponents.DLL (VirTool.Vbcrypt) -> Delete on reboot.įrom running hijackthis.exe, I can see that there is still a lingering registry reference to this dll (which I have yet to delete): After running malwarebytes, I was able to get rid of some, but not all of the malware on my machine.
0 kommentar(er)
