Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help: GPU miner removal


  • This topic is locked This topic is locked
1 reply to this topic

#1 grummir

grummir

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 02 June 2014 - 11:06 AM

(my apologies if this is not the correct forum to post on)

 

hello everyone,

 

I recently noticed my GPU was maxed on idle. Discovered it was a miner and managed to stop it with a root killer, but i am unable to fully remove it (safely).

I am currently running windows 7 Ult. x64

The steps i haven take so far:

1- Found and executed the rootkiller (it worked: results posted below)

2- Scanned with Microsoft security essentials. (no results)

3- Scanned with Malwarebytes Anti-Malware (some files found, but nothing sloved)

4- Scanned with the "chameleon" version of Malwarebytes (same result as before)

5- Started the "Combofix" as a last ditch effort (No success: results posted below)

 

Please, please someone help me, i am at my wits end...

 

Here is the root killer log:

 

Rkill 2.6.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 06/02/2014 10:46:49 AM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * D:\Users\Grummir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Grummir.exe (PID: 3844) [UP-HEUR]
 * D:\Users\Grummir\AppData\Roaming\GRUMMIR-PC\GRUMMIR-PC.exe (PID: 5924) [UP-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 06/02/2014 10:47:02 AM
Execution time: 0 hours(s), 0 minute(s), and 12 seconds(s)
 

 

 

Here is the log from my latest attempt using the "combofix"

 

ComboFix 14-05-29.01 - Grummir 02/06/2014  11:00:13.1.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.12228.9638 [GMT -4:00]
Running from: d:\users\Grummir\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\users\Grummir\AppData\Roaming\GRUMMIR-PC
d:\users\Grummir\AppData\Roaming\GRUMMIR-PC\coinutil.dll
d:\users\Grummir\AppData\Roaming\GRUMMIR-PC\cryp.dll
d:\users\Grummir\AppData\Roaming\GRUMMIR-PC\GRUMMIR-PC.exe
d:\users\Grummir\AppData\Roaming\GRUMMIR-PC\miner.dll
d:\users\Grummir\AppData\Roaming\GRUMMIR-PC\mpir.dll
d:\users\Grummir\AppData\Roaming\GRUMMIR-PC\scrypt.cl
d:\users\Grummir\AppData\Roaming\GRUMMIR-PC\usft_ext.dll
d:\users\Grummir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Grummir.exe
d:\users\Grummir\AppData\Roaming\play.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-02 to 2014-06-02  )))))))))))))))))))))))))))))))
.
.
2014-06-02 14:26 . 2014-06-02 14:26    --------    d-----w-    d:\users\Grummir\AppData\Roaming\Malwarebytes
2014-06-02 14:26 . 2014-06-02 14:26    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2014-06-02 14:04 . 2014-06-02 14:04    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-06-02 14:04 . 2014-05-12 11:26    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-06-02 14:04 . 2013-04-04 18:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-05-30 15:25 . 2014-03-04 11:32    599840    ----a-w-    c:\windows\SysWow64\nvStreaming.exe
2014-05-30 15:24 . 2014-05-30 15:24    --------    d-----w-    c:\program files\iPod
2014-05-30 15:24 . 2014-05-30 15:24    --------    d-----w-    c:\program files\iTunes
2014-05-30 15:24 . 2014-05-30 15:24    --------    d-----w-    c:\program files (x86)\iTunes
2014-05-30 15:22 . 2014-05-30 15:22    --------    d-----w-    d:\users\Grummir\AppData\Local\MFAData
2014-05-30 15:22 . 2014-05-30 15:22    --------    d-----w-    d:\users\Grummir\AppData\Local\Avg2014
2014-05-26 23:18 . 2014-05-20 02:44    1889112    ----a-w-    c:\windows\system32\nvdispco6433788.dll
2014-05-26 23:18 . 2014-05-20 02:44    1541576    ----a-w-    c:\windows\system32\nvdispgenco6433788.dll
2014-05-26 23:03 . 2014-03-31 16:42    40392    ----a-w-    c:\windows\system32\drivers\nvvad64v.sys
2014-05-26 23:03 . 2014-03-31 16:42    34760    ----a-w-    c:\windows\SysWow64\nvaudcap32v.dll
2014-05-20 05:17 . 2014-05-20 05:18    --------    d-----w-    d:\users\Grummir\AppData\Roaming\DarkSoulsII
2014-05-15 18:39 . 2014-06-02 14:13    --------    d-----w-    c:\program files (x86)\Application Updater
2014-05-15 18:39 . 2014-05-15 18:39    --------    d-----w-    c:\program files (x86)\Vuze Remote Toolbar
2014-05-15 08:32 . 2014-05-06 04:40    23544320    ----a-w-    c:\windows\system32\mshtml.dll
2014-05-15 08:32 . 2014-05-06 04:17    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-05-15 08:32 . 2014-05-06 03:07    2724864    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2014-05-15 08:32 . 2014-05-06 03:00    84992    ----a-w-    c:\windows\system32\mshtmled.dll
2014-05-07 04:13 . 2014-05-15 18:32    --------    d-s---w-    c:\windows\system32\CompatTel
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-02 15:00 . 2013-11-18 00:00    138298    ----a-w-    d:\users\Grummir\Network_Meter_Data.js
2014-06-02 14:41 . 2013-11-17 23:55    8077    ----a-w-    d:\users\Grummir\IP_Log_Data.js
2014-05-15 08:32 . 2013-11-20 04:00    93223848    ----a-w-    c:\windows\system32\MRT.exe
2014-05-13 22:11 . 2013-11-18 00:16    70832    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-13 22:11 . 2013-11-18 00:16    692400    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-30 18:27 . 2013-11-20 00:27    1081112    ----a-w-    c:\windows\SysWow64\nvspcap.dll
2014-04-30 18:26 . 2013-11-20 00:27    1225920    ----a-w-    c:\windows\system32\nvspcap64.dll
2014-03-31 16:42 . 2013-11-20 00:26    37320    ----a-w-    c:\windows\system32\nvaudcap64v.dll
2014-03-11 13:52 . 2013-09-27 14:53    133928    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-06 09:31 . 2014-04-29 09:00    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:59 . 2014-04-29 09:00    66048    ----a-w-    c:\windows\system32\iesetup.dll
2014-03-06 08:57 . 2014-04-29 09:00    548352    ----a-w-    c:\windows\system32\vbscript.dll
2014-03-06 08:57 . 2014-04-29 09:00    48640    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-03-06 08:53 . 2014-04-29 09:00    2767360    ----a-w-    c:\windows\system32\iertutil.dll
2014-03-06 08:40 . 2014-04-29 09:00    51200    ----a-w-    c:\windows\system32\jsproxy.dll
2014-03-06 08:39 . 2014-04-29 09:00    33792    ----a-w-    c:\windows\system32\iernonce.dll
2014-03-06 08:32 . 2014-04-29 09:00    574976    ----a-w-    c:\windows\system32\ieui.dll
2014-03-06 08:29 . 2014-04-29 09:00    139264    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-03-06 08:29 . 2014-04-29 09:00    111616    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-03-06 08:28 . 2014-04-29 09:00    752640    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-03-06 08:15 . 2014-04-29 09:00    940032    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 08:11 . 2014-04-29 09:00    5784064    ----a-w-    c:\windows\system32\jscript9.dll
2014-03-06 08:09 . 2014-04-29 09:00    453120    ----a-w-    c:\windows\system32\dxtmsft.dll
2014-03-06 08:03 . 2014-04-29 09:00    586240    ----a-w-    c:\windows\system32\ie4uinit.exe
2014-03-06 08:02 . 2014-04-29 09:00    61952    ----a-w-    c:\windows\SysWow64\iesetup.dll
2014-03-06 08:02 . 2014-04-29 09:00    455168    ----a-w-    c:\windows\SysWow64\vbscript.dll
2014-03-06 08:01 . 2014-04-29 09:00    51200    ----a-w-    c:\windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56 . 2014-04-29 09:00    38400    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 07:48 . 2014-04-29 09:00    195584    ----a-w-    c:\windows\system32\msrating.dll
2014-03-06 07:46 . 2014-04-29 09:00    4254720    ----a-w-    c:\windows\SysWow64\jscript9.dll
2014-03-06 07:42 . 2014-04-29 09:00    296960    ----a-w-    c:\windows\system32\dxtrans.dll
2014-03-06 07:38 . 2014-04-29 09:00    112128    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2014-03-06 07:36 . 2014-04-29 09:00    592896    ----a-w-    c:\windows\SysWow64\jscript9diag.dll
2014-03-06 07:21 . 2014-04-29 09:00    628736    ----a-w-    c:\windows\system32\msfeeds.dll
2014-03-06 07:13 . 2014-04-29 09:00    32256    ----a-w-    c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11 . 2014-04-29 09:00    2043904    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-03-06 06:53 . 2014-04-29 09:00    13551104    ----a-w-    c:\windows\system32\ieframe.dll
2014-03-06 06:40 . 2014-04-29 09:00    1967104    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2014-03-06 06:22 . 2014-04-29 09:00    2260480    ----a-w-    c:\windows\system32\wininet.dll
2014-03-06 05:58 . 2014-04-29 09:00    1400832    ----a-w-    c:\windows\system32\urlmon.dll
2014-03-06 05:50 . 2014-04-29 09:00    846336    ----a-w-    c:\windows\system32\ieapfltr.dll
2014-03-06 05:41 . 2014-04-29 09:00    1789440    ----a-w-    c:\windows\SysWow64\wininet.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe" [2011-10-12 286720]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-13 43848]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-05-26 152392]
.
d:\users\Grummir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe /remind /language=ENC /_WFM="." [2008-11-7 517384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 MF NTFS Monitor;MediaFire NTFS Monitor;d:\users\Grummir\AppData\Local\MEDIAF~1\MFUSNM~1.EXE;d:\users\Grummir\AppData\Local\MEDIAF~1\MFUSNM~1.EXE [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys;c:\windows\SYSNATIVE\DRIVERS\mv91cons.sys [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 mfmonitor;mfmonitor;c:\windows\system32\DRIVERS\mfmonitor_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mfmonitor_x64.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-18 22:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconError]
@="{5EE8C634-CDC0-453D-9731-DF0B19F4E807}"
[HKEY_CLASSES_ROOT\CLSID\{5EE8C634-CDC0-453D-9731-DF0B19F4E807}]
2013-12-06 16:42    89600    ----a-w-    c:\program files (x86)\MediaFire Desktop\MediaFireIcon3_8a52a.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconSynched]
@="{9A3B79CB-D899-40B5-8DBC-20447F1ADC8F}"
[HKEY_CLASSES_ROOT\CLSID\{9A3B79CB-D899-40B5-8DBC-20447F1ADC8F}]
2013-12-06 16:43    84992    ----a-w-    c:\program files (x86)\MediaFire Desktop\MediaFireIcon_8a52a.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconSyncing]
@="{C4D81971-6B13-4173-AB21-F83AD20CCC04}"
[HKEY_CLASSES_ROOT\CLSID\{C4D81971-6B13-4173-AB21-F83AD20CCC04}]
2013-12-06 16:42    86528    ----a-w-    c:\program files (x86)\MediaFire Desktop\MediaFireIcon2_8a52a.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MediaFireIconLock]
@="{759F3E92-F4E8-4953-8315-238B8B17E0F3}"
[HKEY_CLASSES_ROOT\CLSID\{759F3E92-F4E8-4953-8315-238B8B17E0F3}]
2013-12-06 16:42    84992    ----a-w-    c:\program files (x86)\MediaFire Desktop\MediaFireIcon4_8a52a.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MediaFireIconReadOnly]
@="{7995D0FC-769B-4197-AEC0-991921CB99E1}"
[HKEY_CLASSES_ROOT\CLSID\{7995D0FC-769B-4197-AEC0-991921CB99E1}]
2013-12-06 16:42    84992    ----a-w-    c:\program files (x86)\MediaFire Desktop\MediaFireIcon5_8a52a.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]


Edited by grummir, 02 June 2014 - 11:39 AM.


BC AdBot (Login to Remove)

 


m

#2 hamluis

hamluis

    Moderator


  • Moderator
  • 54,861 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:14 PM

Posted 02 June 2014 - 01:10 PM

Dupe topic moved from Win 7 to Malware Removal Logs.

 

Please...pursue the topic in MRL.

 

This topic is closed to avoid confusion.

 

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users