Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop Up errors


  • Please log in to reply
6 replies to this topic

#1 SimiRed

SimiRed

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:53 PM

Posted 01 November 2013 - 07:56 AM

Hello,

 

I'm new here... but I've been fighting a pop up window that I can not get to go away.  I ran malware and removed 2 infections.  (VirTool.Vbcrypt and VirTool.Vbcrypt)   Norton 360 didn't find any other viruses.

 

I tried to attach a picuture of the error codes, not sure if it worked. 

 

It says "The module C:\Users\Tracey\AppData\Local\Pkmics\ATSVault.dll" failed to load.....

 

Any suggestions on how to fix this or make sure that a virus still isn't lingering in the system.

 

Thanks in Advance!!

 

Tracey

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,043 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:12:53 AM

Posted 01 November 2013 - 08:02 AM

Hi SimiRed,

 

It's not unusual to receive such an error(s) when "booting up" after using anti-virus and other security scanning tools to remove a malware infection.
A "Cannot find...", "Could not run...", "Error loading... or "specific module could not be found" message is usually related to a malware file that was set to run at startup in the registry but has been deleted. Windows is trying to load this file but cannot locate it since the file was mostly likely removed during an anti-virus or anti-malware scan. However, an associated orphaned registry entry still remains and is telling Windows to load the file when you boot up. Since the file no longer exists, Windows will display an error message. You need to remove this registry entry so Windows stops searching for the file when it loads.
 
Lets get a log from autoruns in order to find where the value is running from and disable it:
 
Please download Autoruns.
 
Open Downloads in your browser and click on the Autoruns download.
 
Click on Run to initiate the installation.
 
When Autoruns loads you will see an image similar to the one below.
 
autorunsscreen_zps2ac55e2e.png
 
Click on File, then click on Save.
 
You will see an image similar to the one below.
 
autorunsscreen1_zps8a35cb1a.png
 
Choose Desktop as the destination, then click on the down arrow in the Save as type: box and click on Text (*.txt), then click on Save.
 
There will be a Text icon on the desktop titled AutoRuns, click on it to open the log.
 
Copy the log and paste it in your next post.
 
xXToffeeXx~

Edited by xXToffeeXx, 01 November 2013 - 08:03 AM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 SimiRed

SimiRed
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:53 PM

Posted 01 November 2013 - 08:22 AM

Here is the copied text...

 

Thank you for helping!!

 

 

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "8/15/2013 9:10 AM"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe" "3/31/2010 6:04 PM"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe" "3/31/2010 6:05 PM"
+ "IntelWireless" "Intel® PROSet/Wireless Framework" "Intel® Corporation" "c:\program files\common files\intel\wirelesscommon\ifrmewrk.exe" "3/5/2010 1:08 PM"
+ "IntelWirelessWiMAX" "Intel® PROSet/Wireless WiMAX Connection Utility" "Intel® Corporation" "c:\program files\intel\wimax\bin\wimaxcu.exe" "6/8/2010 7:25 AM"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe" "3/31/2010 6:04 PM"
+ "QuickSet" "QuickSet" "Dell Inc." "c:\program files\dell\quickset\quickset.exe" "8/27/2012 10:50 PM"
+ "RtHDVCpl" "Realtek HD Audio Manager" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\ravcpl64.exe" "4/12/2010 1:34 AM"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics Incorporated" "c:\program files\synaptics\syntp\syntpenh.exe" "5/7/2010 1:47 PM"
"C:\Users\Tracey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" "" "9/11/2013 6:54 PM"
+ "Dell Dock.lnk" "Dell Dock" "Stardock Corporation" "c:\program files\dell\delldock\delldock.exe" "12/15/2009 7:01 PM"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" "" "10/27/2010 3:48 AM"
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe" "7/13/2009 7:58 PM"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" "" "10/27/2010 3:48 AM"
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe" "7/13/2009 7:42 PM"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" "" "10/28/2013 12:46 PM"
+ "LMab1err" "" "" "c:\program files\lexmark\errorapp\lmab1err.exe" "11/9/2011 6:39 AM"
+ "LMADGmon" "Printer Device Monitor" "" "c:\program files (x86)\lexmark s410 series\lmadgmon.exe" "10/24/2011 2:57 AM"
+ "Pkmics Update" "" "" "File not found: C:\Users\Tracey\AppData\Local\Pkmics\ATSVault.dll" ""
+ "Sidebar" "Windows Desktop Gadgets" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe" "11/20/2010 6:24 AM"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" "" "7/14/2009 12:53 AM"
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll" "2/26/2009 7:28 AM"
"HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "2/17/2012 7:26 AM"
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\tracey\appdata\roaming\dropbox\bin\dropboxext64.14.dll" "5/26/2010 2:32 PM"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "7/14/2009 12:53 AM"
+ "BUContextMenu" "Backup Shell" "Symantec Corporation" "c:\program files (x86)\norton 360\engine64\20.4.0.40\bushell.dll" "5/28/2013 10:40 PM"
+ "Symantec.Norton.Antivirus.IEContextMenu" "Symantec Shared Component Shell Extension Module" "Symantec Corporation" "c:\program files (x86)\norton 360\engine64\20.4.0.40\navshext.dll" "6/4/2013 12:34 AM"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files (x86)\winzip\wzshls64.dll" "5/25/2011 11:19 AM"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "7/14/2009 12:53 AM"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files (x86)\winzip\wzshlstb.dll" "5/25/2011 11:06 AM"
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers" "" "" "" "1/7/2013 1:39 PM"
+ "Symantec.Norton.Antivirus.IEContextMenu" "Symantec Shared Component Shell Extension Module" "Symantec Corporation" "c:\program files (x86)\norton 360\engine64\20.4.0.40\navshext.dll" "6/4/2013 12:34 AM"
"HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers" "" "" "" "7/14/2009 12:53 AM"
+ "BuPropertySheet" "Backup Shell" "Symantec Corporation" "c:\program files (x86)\norton 360\engine64\20.4.0.40\bushell.dll" "5/28/2013 10:40 PM"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" "" "7/14/2009 12:53 AM"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll" "2/28/2013 4:39 PM"
"HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" "2/17/2012 7:26 AM"
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\tracey\appdata\roaming\dropbox\bin\dropboxext64.14.dll" "5/26/2010 2:32 PM"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" "1/7/2013 1:39 PM"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files (x86)\winzip\wzshls64.dll" "5/25/2011 11:19 AM"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" "1/7/2013 1:39 PM"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files (x86)\winzip\wzshlstb.dll" "5/25/2011 11:06 AM"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" "" "1/7/2013 1:39 PM"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files (x86)\winzip\wzshls64.dll" "5/25/2011 11:19 AM"
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\DragDropHandlers" "" "" "" "1/7/2013 1:39 PM"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files (x86)\winzip\wzshlstb.dll" "5/25/2011 11:06 AM"
"HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "2/17/2012 7:26 AM"
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\tracey\appdata\roaming\dropbox\bin\dropboxext64.14.dll" "5/26/2010 2:32 PM"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "7/14/2009 12:53 AM"
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll" "7/13/2009 9:32 PM"
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll" "3/31/2010 6:04 PM"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "7/14/2009 12:53 AM"
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll" "7/13/2009 9:09 PM"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" "" "12/12/2012 3:56 PM"
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll" "5/8/2013 6:17 AM"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" "12/12/2012 3:56 PM"
+ "BUContextMenu" "Backup Shell" "Symantec Corporation" "c:\program files (x86)\norton 360\engine64\20.4.0.40\bushell.dll" "5/28/2013 10:40 PM"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll" "2/28/2013 4:39 PM"
+ "Symantec.Norton.Antivirus.IEContextMenu" "Symantec Shared Component Shell Extension Module" "Symantec Corporation" "c:\program files (x86)\norton 360\engine64\20.4.0.40\navshext.dll" "6/4/2013 12:34 AM"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files (x86)\winzip\wzshls64.dll" "5/25/2011 11:19 AM"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" "12/12/2012 3:56 PM"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files (x86)\winzip\wzshlstb.dll" "5/25/2011 11:06 AM"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" "" "12/12/2012 3:56 PM"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files (x86)\winzip\wzshls64.dll" "5/25/2011 11:19 AM"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers" "" "" "" "12/12/2012 3:56 PM"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files (x86)\winzip\wzshlstb.dll" "5/25/2011 11:06 AM"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" "" "1/7/2013 11:12 AM"
+ "DropboxExt1" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\tracey\appdata\roaming\dropbox\bin\dropboxext64.14.dll" "5/26/2010 2:32 PM"
+ "DropboxExt2" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\tracey\appdata\roaming\dropbox\bin\dropboxext64.14.dll" "5/26/2010 2:32 PM"
+ "DropboxExt3" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\tracey\appdata\roaming\dropbox\bin\dropboxext64.14.dll" "5/26/2010 2:32 PM"
+ "DropboxExt4" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\tracey\appdata\roaming\dropbox\bin\dropboxext64.14.dll" "5/26/2010 2:32 PM"
+ "OverlayExcluded" "Backup Shell" "Symantec Corporation" "c:\program files (x86)\norton 360\engine64\20.4.0.40\bushell.dll" "5/28/2013 10:40 PM"
+ "OverlayPending" "Backup Shell" "Symantec Corporation" "c:\program files (x86)\norton 360\engine64\20.4.0.40\bushell.dll" "5/28/2013 10:40 PM"
+ "OverlayProtected" "Backup Shell" "Symantec Corporation" "c:\program files (x86)\norton 360\engine64\20.4.0.40\bushell.dll" "5/28/2013 10:40 PM"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" "" "11/1/2013 8:14 AM"
+ "DropboxExt1" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\tracey\appdata\roaming\dropbox\bin\dropboxext.14.dll" "5/26/2010 2:32 PM"
+ "DropboxExt2" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\tracey\appdata\roaming\dropbox\bin\dropboxext.14.dll" "5/26/2010 2:32 PM"
+ "DropboxExt3" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\tracey\appdata\roaming\dropbox\bin\dropboxext.14.dll" "5/26/2010 2:32 PM"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "1/7/2013 11:12 AM"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll" "9/21/2010 5:47 PM"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "11/1/2013 8:14 AM"
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll" "5/8/2013 5:58 AM"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\jp2ssv.dll" "10/3/2011 9:05 AM"
+ "Norton Identity Protection" "coIEPlugIn" "Symantec Corporation" "c:\program files (x86)\norton 360\engine\20.4.0.40\coieplg.dll" "5/30/2013 9:44 PM"
+ "Norton Vulnerability Protection" "IPS Browser Helper DLL" "Symantec Corporation" "c:\program files (x86)\norton 360\engine\20.4.0.40\ips\ipsbho.dll" "8/8/2012 2:50 PM"
+ "Search Helper" "Search Helper for Internet Explorer" "Microsoft Corporation" "c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll" "9/22/2010 3:00 PM"
+ "Skype Plug-In" "Skype add-on for IE" "Skype Technologies S.A." "c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll" "11/22/2010 9:45 AM"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll" "9/21/2010 5:01 PM"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" "" "10/9/2013 9:40 AM"
+ "Norton Toolbar" "coIEPlugIn" "Symantec Corporation" "c:\program files (x86)\norton 360\engine\20.4.0.40\coieplg.dll" "5/30/2013 9:44 PM"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" "" "10/9/2013 9:40 AM"
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files (x86)\windows live\writer\writerbrowserextension.dll" "11/10/2010 6:03 AM"
+ "Skype Plug-In" "Skype add-on for IE" "Skype Technologies S.A." "c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll" "11/22/2010 9:45 AM"
"Task Scheduler" "" "" "" ""
+ "\LexmarkPUDCTask" "Product Update" "" "c:\program files\lexmark\productupdate\lmprodupdate.exe" "9/15/2011 3:41 AM"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files (x86)\windows live\soxe\wlsoxe.dll" "11/10/2010 6:02 AM"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs" "6/10/2009 4:36 PM"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe" "7/13/2009 8:24 PM"
+ "\Norton 360\Norton Error Analyzer" "Symantec Error Reporting" "Symantec Corporation" "c:\program files (x86)\norton 360\engine\20.4.0.40\symerr.exe" "6/3/2013 9:21 PM"
+ "\PCDEventLauncherTask" "PC-Doctor Module" "PC-Doctor, Inc." "c:\program files\my dell\sessionchecker.exe" "9/4/2013 2:05 AM"
+ "\PCDoctorBackgroundMonitorTask" "PC-Doctor Module" "PC-Doctor, Inc." "c:\program files\my dell\uaclauncher.exe" "9/4/2013 2:04 AM"
+ "\RealUpgradeLogonTaskS-1-5-21-640983877-1080421621-212360993-1000" "" "" "File not found: C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe" ""
+ "\RealUpgradeScheduledTaskS-1-5-21-640983877-1080421621-212360993-1000" "" "" "File not found: C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe" ""
+ "\SidebarExecute" "Windows Desktop Gadgets" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe" "11/20/2010 6:24 AM"
+ "\SystemToolsDailyTest" "" "" "File not found: uaclauncher.exe" ""
+ "\{7F25E06D-8AB9-49D8-BB83-05B273278315}" "Roxio Burn" "" "c:\program files (x86)\roxio\roxio burn\roxio burn.exe" "12/16/2009 1:12 AM"
+ "\{A136DC4A-9EDD-42FF-B471-9872214BFFEF}" "Skype " "Skype Technologies S.A." "c:\program files (x86)\skype\phone\skype.exe" "7/13/2012 8:29 AM"
+ "\{C14F0455-13B8-4296-A5DB-24E8252B49DF}" "Roxio Burn" "" "c:\program files (x86)\roxio\roxio burn\roxio burn.exe" "12/16/2009 1:12 AM"
"HKLM\System\CurrentControlSet\Services" "" "" "" "10/24/2013 6:39 PM"
+ "ABBYY.Licensing.FineReader.Sprint.9.0" "This service is required for the operation of the ABBYY FineReader 9.0 Express Edition licensing mechanism." "ABBYY" "c:\program files (x86)\common files\abbyy\finereadersprint\9.00\licensing\networklicenseserver.exe" "5/14/2009 10:07 AM"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe" "9/26/2013 8:46 PM"
+ "AERTFilters" "Andrea filters APO access service (64-bit)" "Andrea Electronics Corporation" "c:\program files\realtek\audio\hda\aertsr64.exe" "11/17/2009 12:17 PM"
+ "Akamai" "Provides networking protocol and file transfer technologies. If the service is stopped, those applications that depend on the service may fail to transfer files or otherwise function properly." "Akamai Technologies, Inc." "c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll" "6/4/2013 10:22 PM"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe" "9/6/2011 9:55 PM"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe" "8/31/2011 1:52 AM"
+ "DeviceMonitorService" "This service supports to  NGP for getting device information" "Nero AG" "c:\program files (x86)\motorola media link\lite\nserviceentry.exe" "4/20/2010 2:19 AM"
+ "DMAgent" "Red Bend Device Management Service for Intel® PROSet/Wireless WiMAX Software." "Red Bend Ltd." "c:\program files\intel\wimax\bin\dmagent.exe" "6/7/2010 8:34 AM"
+ "DockLoginService" "Dock Login Service" "Stardock Corporation" "c:\program files\dell\delldock\docklogin.exe" "8/21/2008 12:21 PM"
+ "EvtEng" "Manages the event trace messages for all the Intel® PROSet/Wireless Software components." "Intel® Corporation" "c:\program files\intel\wifi\bin\evteng.exe" "3/5/2010 1:26 PM"
+ "Fitbit" "Uploads your Fitbit's data to Fitbit.com in the background" "Fitbit, Inc." "c:\program files (x86)\fitbit\fitbit.exe" "10/26/2011 7:01 PM"
+ "Garmin Core Update Service" "Keeps the software and content on your Garmin devices and the Garmin software on your PC up to date." "Garmin Ltd or its subsidiaries" "c:\program files (x86)\garmin\core update service\garmin.cartography.mapupdate.coreservice.exe" "9/19/2013 9:46 AM"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe" "3/9/2010 2:10 AM"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe" "3/9/2010 2:10 AM"
+ "LMIGuardianSvc" "Support LogMeIn processes with quality assurance feedback" "LogMeIn, Inc." "c:\program files (x86)\logmein\x64\lmiguardiansvc.exe" "11/30/2012 4:15 AM"
+ "LMIMaint" "LogMeIn Maintenance Service" "LogMeIn, Inc." "c:\program files (x86)\logmein\x64\ramaint.exe" "10/24/2013 6:29 AM"
+ "LMS" "Allows applications to access the local Intel® Management and Security Application using its locally-available selected network interfaces." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\lms\lms.exe" "9/30/2009 10:33 PM"
+ "LogMeIn" "LogMeIn" "LogMeIn, Inc." "c:\program files (x86)\logmein\x64\logmein.exe" "11/8/2010 6:58 AM"
+ "Motorola Device Manager" "MotoHelper Service" "Motorola Mobility LLC" "c:\program files (x86)\motorola mobility\motorola device manager\motohelperservice.exe" "3/25/2013 3:40 PM"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe" "8/14/2013 12:02 PM"
+ "MyWiFiDHCPDNS" "Wireless PAN DHCP and DNS Server" "" "c:\program files\intel\wifi\bin\pandhcpdns.exe" "3/5/2010 1:07 PM"
+ "N360" "Norton 360" "Symantec Corporation" "c:\program files (x86)\norton 360\engine\20.4.0.40\ccsvchst.exe" "5/20/2013 7:25 PM"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\office12\odserv.exe" "7/20/2011 1:12 AM"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe" "10/26/2006 5:00 PM"
+ "PST Service" "Route and execute the requests/commands from PST" "Motorola" "c:\program files (x86)\motorola\motforwarddaemon\forwarddaemon.exe" "8/10/2011 3:44 AM"
+ "RegSrvc" "Provides registry access to all Intel® PROSet/Wireless Software components" "Intel® Corporation" "c:\program files\common files\intel\wirelesscommon\regsrvc.exe" "3/5/2010 1:06 PM"
+ "SeaPort" "Enables the detection, download and installation of up-to-date configuration files for Microsoft Search Enhancement applications. Also provides server communication for the customer experience improvement program. If this service is disabled, search enhancement features such as search history may not work correctly." "Microsoft Corporation" "c:\program files (x86)\microsoft\search enhancement pack\seaport\seaport.exe" "9/22/2010 3:00 PM"
+ "SftService" "SoftThinks Agent Service" "SoftThinks SAS" "c:\program files (x86)\dell datasafe local backup\sftservice.exe" "8/12/2011 11:41 AM"
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files (x86)\skype\updater\updater.exe" "7/13/2012 8:28 AM"
+ "TurboBoost" "Turbo Boost Monitor Service" "Intel® Corporation" "c:\program files\intel\turboboost\turboboost.exe" "11/2/2009 4:46 PM"
+ "UNS" "Intel® Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel® Management and Security Application Device." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\uns\uns.exe" "9/30/2009 10:34 PM"
+ "WiMAXAppSrv" "WiMAX SDK Service for Intel® PROSet/Wireless WiMAX Software" "Intel® Corporation" "c:\program files\intel\wimax\bin\appsrv.exe" "6/7/2010 8:39 AM"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll" "5/27/2013 1:51 AM"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe" "9/21/2010 5:46 PM"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe" "11/20/2010 7:18 AM"
+ "WMZuneComm" "Zune Connectivity for Windows Mobile devices" "Microsoft Corporation" "c:\program files (x86)\zune\wmzunecomm.exe" "8/5/2011 3:32 PM"
+ "ZuneNetworkSvc" "Shares Zune media libraries to Zune devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files (x86)\zune\zunenss.exe" "8/5/2011 3:46 PM"
+ "ZuneWlanCfgSvc" "Configures Zune for wireless syncing" "Microsoft Corporation" "c:\program files (x86)\zune\zunewlancfgsvc.exe" "8/5/2011 3:34 PM"
"HKLM\System\CurrentControlSet\Services" "" "" "" "10/24/2013 6:39 PM"
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys" "12/5/2008 7:54 PM"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys" "5/1/2007 1:30 PM"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys" "2/27/2007 8:04 PM"
+ "AFS" "" "" "File not found: C:\Windows\System32\Drivers\AFS.sys" ""
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys" "7/13/2009 7:19 PM"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys" "3/18/2010 8:45 PM"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys" "3/20/2009 2:36 PM"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys" "3/19/2010 12:18 PM"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys" "5/24/2007 5:27 PM"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys" "1/14/2009 3:27 PM"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys" "2/13/2009 6:18 PM"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys" "4/26/2009 7:14 AM"
+ "BHDrvx64" "SONAR Engine Driver" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.3.0.36\definitions\bashdefs\20131022.001\bhdrvx64.sys" "10/17/2013 4:36 AM"
+ "bpenum" "Intel® Centrino® WiMAX Enumerator" "Intel Corporation" "c:\windows\system32\drivers\bpenum.sys" "5/16/2010 10:28 AM"
+ "bpmp" "Intel® Centrino® WiMAX Driver" "Intel Corporation" "c:\windows\system32\drivers\bpmp.sys" "5/16/2010 10:28 AM"
+ "bpusb" "Intel® Centrino® WiMAX Function Driver" "Intel Corporation" "c:\windows\system32\drivers\bpusb.sys" "5/16/2010 10:28 AM"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys" "8/6/2006 9:51 PM"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys" "8/6/2006 9:51 PM"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys" "8/6/2006 9:51 PM"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys" "8/6/2006 9:51 PM"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys" "8/6/2006 9:51 PM"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys" "8/9/2006 8:11 AM"
+ "BTCFilterService" "" "" "File not found: system32\DRIVERS\motfilt.sys" ""
+ "catchme" "" "" "File not found: C:\ComboFix\catchme.sys" ""
+ "ccSet_N360" "Common Client Settings Driver" "Symantec Corporation" "c:\windows\system32\drivers\n360x64\1404000.028\ccsetx64.sys" "3/21/2013 11:02 PM"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys" "7/13/2009 7:19 PM"
+ "CtClsFlt" "Video Class Upper Filter Driver (64-bit)" "Creative Technology Ltd." "c:\windows\system32\drivers\ctclsflt.sys" "6/15/2009 1:06 AM"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys" "12/31/2008 12:29 PM"
+ "eeCtrl" "Symantec Eraser Control Driver" "Symantec Corporation" "c:\program files (x86)\common files\symantec shared\eengine\eectrl64.sys" "8/21/2013 5:36 PM"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys" "2/3/2009 6:52 PM"
+ "EraserUtilRebootDrv" "Symantec Eraser Utility Driver" "Symantec Corporation" "c:\program files (x86)\common files\symantec shared\eengine\eraserutilrebootdrv.sys" "8/21/2013 5:36 PM"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys" "5/11/2009 4:26 AM"
+ "HECIx64" "Intel® Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\hecix64.sys" "9/17/2009 3:54 PM"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys" "4/20/2010 2:32 PM"
+ "iaStor" "Intel Rapid Storage Technology driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys" "5/30/2012 4:40 PM"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys" "6/10/2010 8:46 PM"
+ "IDSVia64" "Symantec Intrusion Prevention Driver" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.3.0.36\definitions\ipsdefs\20131031.001\idsvia64.sys" "10/16/2013 6:10 PM"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd64.sys" "3/31/2010 6:47 PM"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys" "12/13/2005 5:47 PM"
+ "Impcd" "Intel® Turbo Boost Technology Driver" "Intel Corporation" "c:\windows\system32\drivers\impcd.sys" "2/26/2010 7:32 PM"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhd64.sys" "4/13/2010 5:16 AM"
+ "IntcDAud" "Intel® Display Audio Driver" "Intel® Corporation" "c:\windows\system32\drivers\intcdaud.sys" "10/15/2010 4:28 AM"
+ "L1C" "Atheros L1c PCI-E Gigabit Ethernet Controller" "Atheros Communications, Inc." "c:\windows\system32\drivers\l1c62x64.sys" "12/20/2009 11:46 PM"
+ "LMIInfo" "RemotelyAnywhere Kernel Information Provider" "LogMeIn, Inc." "c:\program files (x86)\logmein\x64\rainfo.sys" "1/11/2013 8:19 AM"
+ "lmimirr" "LogMeIn Mirror Miniport Driver" "LogMeIn, Inc." "c:\windows\system32\drivers\lmimirr.sys" "4/10/2007 6:32 PM"
+ "LMIRfsDriver" "LogMeIn Rfs Drivemap Driver" "LogMeIn, Inc." "c:\windows\system32\drivers\lmirfsdriver.sys" "7/14/2008 12:26 PM"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys" "12/9/2008 6:46 PM"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys" "5/18/2009 8:20 PM"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys" "5/18/2009 8:31 PM"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys" "4/16/2009 6:13 PM"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys" "5/18/2009 9:09 PM"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys" "5/18/2009 9:25 PM"
+ "motccgp" "" "" "File not found: system32\DRIVERS\motccgp.sys" ""
+ "motccgpfl" "" "" "File not found: system32\DRIVERS\motccgpfl.sys" ""
+ "motmodem" "" "" "File not found: system32\DRIVERS\motmodem.sys" ""
+ "MotoSwitchService" "" "" "File not found: system32\DRIVERS\motswch.sys" ""
+ "Motousbnet" "" "" "File not found: system32\DRIVERS\Motousbnet.sys" ""
+ "motusbdevice" "" "" "File not found: system32\DRIVERS\motusbdevice.sys" ""
+ "NAVENG" "AV Engine" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.3.0.36\definitions\virusdefs\20131031.033\eng64.sys" "8/22/2013 4:38 PM"
+ "NAVEX15" "AV Engine" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.3.0.36\definitions\virusdefs\20131031.033\ex64.sys" "8/22/2013 4:36 PM"
+ "NETw5s64" "Intel® Wireless WiFi Link Driver" "Intel Corporation" "c:\windows\system32\drivers\netw5s64.sys" "5/31/2010 3:05 PM"
+ "NETwNs64" "Intel® Wireless WiFi Link Driver" "Intel Corporation" "c:\windows\system32\drivers\netwsw00.sys" "12/6/2012 8:11 AM"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys" "6/6/2006 5:11 PM"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys" "3/19/2010 4:59 PM"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys" "3/19/2010 4:45 PM"
+ "PxHlpa64" "Px Engine Device Driver for 64-bit Windows" "Sonic Solutions" "c:\windows\system32\drivers\pxhlpa64.sys" "6/23/2009 7:16 PM"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys" "1/22/2009 7:05 PM"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys" "5/18/2009 9:18 PM"
+ "RSUSBSTOR" "Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtsustor.sys" "5/6/2010 11:19 PM"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys" "9/13/2006 9:18 AM"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys" "9/24/2008 2:28 PM"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys" "10/1/2008 5:56 PM"
+ "SIUSBXP" "SiUSBXp.sys" "Silicon Laboratories" "c:\windows\system32\drivers\siusbxp.sys" "7/15/2010 6:27 PM"
+ "SRTSP" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\n360x64\1404000.028\srtsp64.sys" "4/22/2013 6:26 PM"
+ "SRTSPX" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\n360x64\1404000.028\srtspx64.sys" "1/25/2013 5:30 PM"
+ "stexstor" "Promise  SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys" "2/17/2009 7:03 PM"
+ "SymDS" "Symantec Data Store" "Symantec Corporation" "c:\windows\system32\drivers\n360x64\1404000.028\symds64.sys" "4/25/2013 7:19 PM"
+ "SymEFA" "Symantec Extended File Attributes" "Symantec Corporation" "c:\windows\system32\drivers\n360x64\1404000.028\symefa64.sys" "1/18/2013 8:31 PM"
+ "SymEvent" "Symantec Event Library" "Symantec Corporation" "c:\windows\system32\drivers\symevent64x86.sys" "8/22/2012 1:33 AM"
+ "SymIM" "Symantec Network Security Intermediate Filter Driver" "Symantec Corporation" "c:\windows\system32\drivers\symimv.sys" "7/20/2012 10:05 PM"
+ "SymIRON" "Iron Driver" "Symantec Corporation" "c:\windows\system32\drivers\n360x64\1404000.028\ironx64.sys" "7/23/2012 8:34 PM"
+ "SymNetS" "Network Security Driver" "Symantec Corporation" "c:\windows\system32\drivers\n360x64\1404000.028\symnets.sys" "4/9/2013 7:24 PM"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys" "5/6/2010 8:54 PM"
+ "TurboB" "Turbo Boost UI Monitor driver" "" "c:\windows\system32\drivers\turbob.sys" "11/2/2009 4:47 PM"
+ "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys" "4/28/2011 2:25 PM"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys" "7/13/2009 7:19 PM"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys" "1/30/2009 9:18 PM"
+ "WDC_SAM" "Manages WD external storage products." "Western Digital Technologies" "c:\windows\system32\drivers\wdcsam64.sys" "4/16/2008 4:39 AM"
+ "wdkmd" "Intel Wireless Display Solution" "Intel Corporation" "c:\windows\system32\drivers\wdkmd.sys" "6/4/2010 7:50 AM"
+ "{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}" "" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\000.fcl" "9/26/2008 9:11 AM"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "10/9/2013 9:42 AM"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm" "7/13/2009 9:28 PM"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "11/1/2013 8:14 AM"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm" "7/13/2009 9:06 PM"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll" "11/20/2010 7:59 AM"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" "7/14/2009 12:53 AM"
+ "LogMeIn Video Decoder" "LogMeIn Video Codec" "LogMeIn, Inc." "c:\program files (x86)\logmein\x64\racodec.ax" "10/24/2013 6:28 AM"
+ "LogMeIn Video Encoder" "LogMeIn Video Codec" "LogMeIn, Inc." "c:\program files (x86)\logmein\x64\racodec.ax" "10/24/2013 6:28 AM"
+ "Microsoft Zune H.264 Video Decoder" "Microsoft Zune H.264 Video Decoder" "Microsoft Corporation" "c:\program files (x86)\zune\zuneh264dec.dll" "8/5/2011 3:31 PM"
+ "WMEnc Screen Capture Filter" "ZuneSrcWrp Module" "Microsoft Corporation" "c:\program files (x86)\zune\zunesrcwrp.dll" "8/5/2011 3:46 PM"
+ "Zune Enhanced Video Renderer" "Enhanced Video Renderer DLL" "Microsoft Corporation" "c:\program files (x86)\zune\zuneevr.dll" "8/5/2011 3:31 PM"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" "7/14/2009 12:53 AM"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "11/10/2010 6:21 AM"
+ "Creative MJPEG Decoder 2" "Decoder" "Creative Technology Ltd." "c:\program files (x86)\creative\shared files\ctmjpgdec2.ax" "12/1/2008 5:44 AM"
+ "Creative Video Processing Filter" "Creative Video Processing Filter" "Creative Technology Ltd." "c:\program files (x86)\creative\shared files\vidprocu.ax" "1/5/2009 11:42 PM"
+ "CyberLink Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\kernel\movie\claud.ax" "12/2/2009 10:21 PM"
+ "CyberLink Audio Effect" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files (x86)\cyberlink\powerdvd dx\kernel\movie\claudfx.ax" "5/24/2009 11:31 PM"
+ "CyberLink Audio Spectrum Analyzer" "CLAudSpa.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\kernel\movie\claudspa.ax" "9/24/2004 7:08 AM"
+ "CyberLink Audio Wizard" "CyberLink Audio Wizard Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\kernel\movie\claudwizard.ax" "8/14/2009 9:26 AM"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\kernel\movie\claudiocd.ax" "8/16/2006 10:04 PM"
+ "CyberLink Demultiplexer" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\kernel\movie\cldemuxer.ax" "9/28/2006 6:23 AM"
+ "CyberLink Demultiplexer" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\kernel\bd\cldemuxer.ax" "9/28/2006 6:23 AM"
+ "CyberLink DVD Navigator" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\kernel\bd\clnavx.ax" "12/10/2009 8:43 AM"
+ "CyberLink DVD Navigator" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\kernel\movie\clnavx.ax" "12/10/2009 8:43 AM"
+ "CyberLink Line21 Decoder Filter" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\kernel\bd\clline21.ax" "7/9/2009 2:06 AM"
+ "CyberLink Line21 Decoder Filter" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\kernel\movie\clline21.ax" "7/9/2009 2:06 AM"
+ "Cyberlink SubTitle Importor" "CLSubTitle.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\kernel\movie\clsubtitle.ax" "5/19/2009 3:57 AM"
+ "CyberLink TimeStretch Filter" "CLAuTS.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\kernel\movie\clauts.ax" "7/7/2009 4:31 AM"
+ "CyberLink TimeStretch Filter" "CLAuTS.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\kernel\bd\clauts.ax" "7/7/2009 4:31 AM"
+ "CyberLink Tzan Filter" "Cyberlink Tzan Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\kernel\bd\cltzan.ax" "7/28/2009 12:17 AM"
+ "CyberLink Tzan Filter" "Cyberlink Tzan Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\kernel\movie\cltzan.ax" "7/28/2009 12:17 AM"
+ "CyberLink Video Effect" "CLVidFx" "CyberLink" "c:\program files (x86)\cyberlink\powerdvd dx\kernel\movie\clvidfx.ax" "3/23/2005 4:15 AM"
+ "CyberLink Video/SP Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\kernel\movie\clvsd.ax" "12/8/2009 11:26 AM"
+ "DS Video Buffer Filter" "WiDiAgent.dll COM object." "Intel Corporation" "c:\program files (x86)\common files\intel corporation\widiagent\dsbuffer_video.ax" "6/18/2010 1:46 AM"
+ "LogMeIn Video Decoder" "LogMeIn Video Codec" "LogMeIn, Inc." "c:\program files (x86)\logmein\x86\racodec.ax" "10/24/2013 6:14 AM"
+ "LogMeIn Video Encoder" "LogMeIn Video Codec" "LogMeIn, Inc." "c:\program files (x86)\logmein\x86\racodec.ax" "10/24/2013 6:14 AM"
+ "MainConcept AAC Encoder" "AAC audio encoder filter" "MainConcept GmbH" "c:\program files (x86)\common files\intel corporation\mainconcept filters\mc_enc_aac_ds.ax" "3/23/2009 3:02 PM"
+ "MainConcept MPEG Multiplexer-Plus" "MPEG Multiplexer-Plus DS Filter" "MainConcept GmbH" "c:\program files (x86)\common files\intel corporation\mainconcept filters\mcmpeg2mux.ax" "10/6/2008 3:42 PM"
+ "MainConcept Network Renderer" "Network Renderer" "MainConcept GmbH" "c:\program files (x86)\common files\intel corporation\mainconcept filters\mc_net_renderer_ds.ax" "3/16/2009 7:15 AM"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "11/10/2010 6:21 AM"
+ "WD Audio Filter" "WiDi Audio Source Filter." "Intel Corporation" "c:\program files (x86)\common files\intel corporation\widiagent\wdaudiofilter.dll" "6/18/2010 1:45 AM"
+ "WDSource Filter" "WiDi Video Source Filter." "Intel Corporation" "c:\program files (x86)\common files\intel corporation\widiagent\wdsourcefilter.dll" "6/18/2010 1:46 AM"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "11/10/2010 6:21 AM"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "11/10/2010 6:21 AM"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "11/10/2010 6:21 AM"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "11/10/2010 6:21 AM"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "11/10/2010 6:21 AM"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "11/10/2010 6:21 AM"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" "" "7/14/2009 12:53 AM"
+ "LogMeInCredProv" "LogMeIn Remote Control Helper" "LogMeIn, Inc." "c:\windows\system32\lmiinit.dll" "10/24/2013 6:28 AM"
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll" "9/21/2010 5:47 PM"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" "" "11/1/2013 8:14 AM"
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll" "3/31/2010 6:03 PM"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" "" "12/12/2012 4:01 PM"
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll" "8/31/2011 1:44 AM"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll" "9/21/2010 5:00 PM"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll" "9/21/2010 5:00 PM"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" "" "12/12/2012 4:01 PM"
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll" "8/31/2011 1:53 AM"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll" "9/21/2010 5:45 PM"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll" "9/21/2010 5:45 PM"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" "" "11/1/2013 8:15 AM"
+ "LM_LMADGQ" "Printer Communication System" " " "c:\windows\system32\lmadgqlang.dll" "10/13/2011 2:23 PM"
+ "LM_LMFX1N" "Printer Communication System" " " "c:\windows\system32\lmfx1nlang.dll" "8/10/2011 4:14 PM"
+ "LogMeIn Printer Port Monitor" "RemotelyAnywhere Printer Port Monitor" "LogMeIn, Inc." "c:\windows\system32\lmiport.dll" "4/26/2013 10:14 AM"
+ "PCL hpz3llhn" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpz3llhn.dll" "8/9/2006 11:27 PM"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" "" "7/14/2009 12:49 AM"
+ "LMIRfsClientNP" "LogMeIn Virtual Disk Network" "LogMeIn, Inc." "c:\windows\system32\lmirfsclientnp.dll" "10/24/2013 6:28 AM"
"C:\Users\Tracey\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" "" "" "" "8/13/2013 2:37 PM"
+ "" "" "" "C:\Program Files\Windows Sidebar\Gadgets\Norton.Gadget" ""
+ "Clock" "Watch the clock in your own time zone or any city in the world." "Microsoft Corporation" "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\Gadget.xml" "7/13/2009 10:24 PM"
+ "Weather" "See what the weather looks like around the world." "Microsoft Corporation" "C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\Gadget.xml" "7/13/2009 10:29 PM"
 



#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,043 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:12:53 AM

Posted 01 November 2013 - 08:46 AM

Hi SimiRed,

 

Open up AutoRuns again and press ctrl and f. Then type Pkmics Update and press enter, an entry called Pkmics Update should be highlighted. Remove the tick in the box by clicking on it.

Reboot and tell me if any errors occur upon startup.

 

xXToffeeXx~


Edited by xXToffeeXx, 01 November 2013 - 08:46 AM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 SimiRed

SimiRed
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:53 PM

Posted 01 November 2013 - 09:22 AM

Yep... that did it!!!  WooHoo! 

 

Thanks a million! 

 

Now....until hubby does something to it again.  He doesn't touch my Clevo laptop!



#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,043 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:12:53 AM

Posted 01 November 2013 - 09:55 AM

Hi SimiRed,

 

No problem, you are most welcome. I'm glad that sorted it out.

You may want to get him to read this topic as it contains good information for keeping safe and avoid getting infected. It's written by site founder and admin, Lawrence Abrams.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,141 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:53 PM

Posted 01 November 2013 - 06:54 PM


If you're going to keep Autoruns (which I recommend), be careful using it and be sure to read:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users