Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Using Autoruns - File not found


  • Please log in to reply
5 replies to this topic

#1 Tom6killer

Tom6killer

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Saint Louis, MO
  • Local time:10:53 PM

Posted 18 June 2014 - 07:14 PM

Hello,

This site is awesome!

I downloaded and used Autoruns. I found lines in which the file was not found hylighted in yellow.

Also, most lines I cannot find the .exe  file name to compare to the Autoruns data base.

Can someone explain this.  Thanks for your time.   Tom6killer

 

BTCFilterService       File not found:                system32\DRIVERS\motfilt.sys 

Motousbnet               File not found:                     system32\DRIVERS\Motousbnet.sys 



BC AdBot (Login to Remove)

 


#2 pcpunk

pcpunk

  • Members
  • 5,996 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:53 PM

Posted 31 August 2014 - 01:50 PM

+1

I also have unchecked the "Gold" or as you say "Yellow" entries as most of them I recognize as being stuff that has been removed from laptop.  I will see what happens later I guess lol.

 

Now I would like to know what to do with ones in "Pink" that have no "Publisher Name"

 

I would love to learn some more about this if any knowledgeable help is out there, thanks sorry for hijacking your thread.


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#3 pcpunk

pcpunk

  • Members
  • 5,996 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:53 PM

Posted 31 August 2014 - 02:01 PM

Would like to know the color indicators and what they mean also?

 

One of the things that is showing in Pink is ESProtectionDriver, no Publisher Name, Here is the image path for all in pink: 

ESProtectionDriver c:\program files\malwarebytes anti-exploit\mbae.sys 10/4/2013 8:57 AM

aswRvrt c:\windows2\system32\drivers\aswrvrt.sys 6/26/2014 7:35 AM

vidc.iv31 c:\windows2\system32\ir32_32.dll 8/18/2001 1:33 AM

vidc.iv32 c:\windows2\system32\ir32_32.dll 8/18/2001 1:33 AM

Sonic Audio Offset Filter c:\program files\common files\sonic shared\offset.ax 4/4/2004 7:22 PM

Sonic File Writer c:\program files\common files\sonic shared\sonicfilewriter.ax 4/4/2004 7:22 PM

Sonic TimeStampSmoother Filter c:\program files\common files\sonic shared\timestampsmoother.ax 4/4/2004 7:24 PM


Edited by pcpunk, 31 August 2014 - 02:11 PM.

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#4 pcpunk

pcpunk

  • Members
  • 5,996 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:53 PM

Posted 31 August 2014 - 02:25 PM

I now have Deleted All files that were in Gold as most were known to have been removed from my system not to long ago.


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#5 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:11:53 PM

Posted 01 September 2014 - 02:01 AM

Would like to know the color indicators and what they mean also?

 

One of the things that is showing in Pink is ESProtectionDriver, no Publisher Name, Here is the image path for all in pink: 

ESProtectionDriver c:\program files\malwarebytes anti-exploit\mbae.sys 10/4/2013 8:57 AM

aswRvrt c:\windows2\system32\drivers\aswrvrt.sys 6/26/2014 7:35 AM

vidc.iv31 c:\windows2\system32\ir32_32.dll 8/18/2001 1:33 AM

vidc.iv32 c:\windows2\system32\ir32_32.dll 8/18/2001 1:33 AM

Sonic Audio Offset Filter c:\program files\common files\sonic shared\offset.ax 4/4/2004 7:22 PM

Sonic File Writer c:\program files\common files\sonic shared\sonicfilewriter.ax 4/4/2004 7:22 PM

Sonic TimeStampSmoother Filter c:\program files\common files\sonic shared\timestampsmoother.ax 4/4/2004 7:24 PM

 

If you right click on any of those entries there comes a dropdown menu of very useful functions that can be employed by Autoruns: Delete, Copy, Jump to entry, Jump to image, Search online, Process Explorer and Properties as you can see in the screenshot I've provided in the hyper-linked text above (my OneDrive). I've highlighted the ESProtectionDriver and aswRvrt entries above as I have both those entries and their associated programs installed on my computer. Here's a screenshot of aswRvrt's rt click select Properties >> "Details Tab" & also the "Jump to image" output. As you can see under the Details tab this file is Avast!Revert ver 9.0.2021.515. I believe it has something to do with Avast's self-protection module but can't confirm it,  using the rt click Search online function in the drop-down menu automatically opens a search for that file in your default browser & default search engine .

 

This screenshot displays the Digital Signatures>> Certificate information and you can see all appears to be in order.

 

See if you can find info about ESProtectionDriver using the tools/methods I described above and report back what you find... it's 3:00 AM here & I HAVE to get some sleep.

Good luck!


Edited by Union_Thug, 01 September 2014 - 07:05 PM.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:53 PM

Posted 01 September 2014 - 02:22 PM

For startup items, in most cases "File not found" indicates orphan registry entries still present, but the executables are gone so you can safely delete them. That is not the case for "System 32 Drivers Not Found"...see FAQ: Common Autoruns Issues - #12 Autoruns: System 32 Drivers Not Found which provides information in regards to these "File not found" entries.

If you're going to keep Autoruns (which I recommend), be careful using it and be sure to read:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users