Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop up at start up


  • Please log in to reply
13 replies to this topic

#1 WilliamP

WilliamP

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:23 AM

Posted 30 January 2015 - 10:44 AM

I have an ASUS laptop with Windows 7 and now when booting up I get a popup. It is a small box with Run DLL at the top. There is a red dot with an X in it. It also has (There was a problem . The specific module could not be found.)  The system seems to load fine and it doesn't indicate what module it can't find. Help.Please



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:23 AM

Posted 30 January 2015 - 10:47 AM

Hello, were you removing malware?
Does the specific module (DLL) have a ame?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 WilliamP

WilliamP
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:23 AM

Posted 30 January 2015 - 11:04 AM

Yes I did remove some malware. The pop up gives no name to the DLL or the module.



#4 Phantom010

Phantom010

  • Members
  • 1,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cyberspace
  • Local time:10:23 AM

Posted 30 January 2015 - 12:43 PM

Please run Autoruns. No installation required. Simply run the executable file.

Run the program.

Select File in the upper left corner.

Click Save...

Change the File Type to: Text (*.txt)

Save the file to your desktop.

Attach it to your next reply.


Edited by Phantom010, 30 January 2015 - 12:44 PM.


#5 WilliamP

WilliamP
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:23 AM

Posted 30 January 2015 - 01:58 PM

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""    "1/29/2015 2:14 PM"    ""
+ "EeeStorageBackup"    " "    ""    "c:\program files (x86)\asus\asus webstorage\service\asuswsservice.exe"    "11/26/2009 8:52 AM"    ""
+ "ETDWare"    "ETD Control Center"    "ELAN Microelectronic Corp."    "c:\program files\elantech\etdctrl.exe"    "1/13/2010 7:19 AM"    ""
+ "IntelliPoint"    "IPoint.exe"    "Microsoft Corporation"    "c:\program files\microsoft intellipoint\ipoint.exe"    "11/3/2009 9:49 PM"    ""
+ "Microsoft Pinyin IME Migration"    "Microsoft Pinyin IME 2007"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\ime12\imesc\imscmig.exe"    "5/26/2011 9:57 AM"    ""
+ "SmartAudio"    "SAIICpl MFC Application"    ""    "c:\program files\conexant\saii\saiicpl.exe"    "11/19/2009 4:36 PM"    ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""    "1/29/2015 6:24 PM"    ""
+ "Adobe ARM"    "Adobe Reader and Acrobat Manager"    "Adobe Systems Incorporated"    "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"    "4/4/2013 4:05 PM"    ""
+ "Adobe Reader Speed Launcher"    "Adobe Acrobat SpeedLauncher"    "Adobe Systems Incorporated"    "c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe"    "5/8/2013 4:19 PM"    ""
+ "APSDaemon"    "Apple Push"    "Apple Inc."    "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"    "4/16/2013 10:13 PM"    ""
+ "ATKMEDIA"    "ATK Media"    "ASUS"    "c:\program files (x86)\asus\atk package\atk media\dmedia.exe"    "1/5/2010 12:57 AM"    ""
+ "ATKOSD2"    "ATKOSD2"    "ASUS"    "c:\program files (x86)\asus\atk package\atkosd2\atkosd2.exe"    "2/4/2010 12:50 AM"    ""
+ "avgnt"    "Avira system tray application"    "Avira Operations GmbH & Co. KG"    "c:\program files (x86)\avira\antivir desktop\avgnt.exe"    "11/19/2014 5:53 AM"    ""
+ "HControlUser"    "HControlUser"    "ASUS"    "c:\program files (x86)\asus\atk package\atk hotkey\hcontroluser.exe"    "4/1/2009 8:05 AM"    ""
+ "iTunesHelper"    "iTunesHelper"    "Apple Inc."    "c:\program files (x86)\itunes\ituneshelper.exe"    "5/31/2013 1:27 PM"    ""
+ "Microsoft Pinyin IME Migration"    "Microsoft Pinyin IME 2007"    "Microsoft Corporation"    "c:\program files (x86)\common files\microsoft shared\ime12\imesc\imscmig.exe"    "5/26/2011 10:18 AM"    ""
+ "StartCCC"    "Catalyst® Control Center Launcher"    "Advanced Micro Devices, Inc."    "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe"    "1/22/2010 8:50 AM"    ""
+ "Wondershare Helper Compact.exe"    "Wondershare Studio"    "Wondershare"    "c:\program files (x86)\common files\wondershare\wondershare helper compact\wshelper.exe"    "3/26/2012 11:20 PM"    ""
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup"    ""    ""    ""    "2/25/2010 3:58 AM"    ""
+ "FancyStart daemon.lnk"    ""    ""    "c:\windows\installer\{2b81872b-a054-48da-be3b-fa5c164c303a}\_c4a2fc3e3722966204fdd8.exe"    "2/25/2010 3:58 AM"    ""
+ "SRS Premium Sound.lnk"    "InstallShield"    "Acresso Software Inc."    "c:\windows\installer\{e5cf6b9c-3abe-43c9-9413-ad5ffc98f049}\newshortcut5_21c7b668029a47458b27645fe6e4a715.exe"    "5/9/2008 11:43 PM"    ""
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components"    ""    ""    ""    "5/8/2014 9:40 PM"    ""
+ "Microsoft Windows"    "Windows Mail"    "Microsoft Corporation"    "c:\program files\windows mail\winmail.exe"    "7/13/2009 6:58 PM"    ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components"    ""    ""    ""    "5/8/2014 9:40 PM"    ""
+ "Internet Explorer"    ""    ""    "File not found: C:\Windows\system32\ie4uinit.exe"    ""    ""
+ "Microsoft Windows"    "Windows Mail"    "Microsoft Corporation"    "c:\program files (x86)\windows mail\winmail.exe"    "7/13/2009 6:42 PM"    ""
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""    "1/30/2015 10:11 AM"    ""
+ "BackgroundContainerV2"    ""    ""    ""    "1/30/2015 10:11 AM"    ""
+ "CCleaner Monitoring"    "CCleaner"    "Piriform Ltd"    "c:\program files (x86)\ccleaner\ccleaner64.exe"    "1/19/2015 5:47 PM"    ""
+ "Facebook Update"    "Facebook Installer"    "Facebook Inc."    "c:\users\lou lou\appdata\local\facebook\update\facebookupdate.exe"    "7/2/2012 4:07 PM"    ""
+ "Gadwin PrintScreen (64-bit)"    "Gadwin PrintScreen"    "Gadwin Systems"    "c:\program files\gadwin\gadwin printscreen\printscreen64.exe"    "10/15/2014 2:15 AM"    ""
"HKLM\SOFTWARE\Classes\Protocols\Filter"    ""    ""    ""    "4/10/2011 3:36 PM"    ""
+ "text/xml"    "Microsoft Office XML MIME Filter"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"    "2/26/2009 6:28 AM"    ""
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers"    ""    ""    ""    "1/29/2015 2:57 PM"    ""
+ "BackupContextMenuExtension"    ""    ""    "File not found: :/Program Files (x86)/ASUS/ASUS WebStorage/XPClient.DLL"    ""    ""
+ "SASContextMenu Class"    "SUPERAntiSpyware Context Menu Extension"    "SUPERAntiSpyware.com"    "c:\program files\superantispyware\sasctxmn64.dll"    "6/6/2014 1:40 PM"    ""
+ "Shell Extension for Malware scanning"    "AntiVirus context menu"    "Avira Operations GmbH & Co. KG"    "c:\program files (x86)\avira\antivir desktop\shlext64.dll"    "10/2/2014 6:19 AM"    ""
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers"    ""    ""    ""    "1/29/2015 7:17 PM"    ""
+ "BackupContextMenuExtension"    ""    ""    "File not found: :/Program Files (x86)/ASUS/ASUS WebStorage/XPClient.DLL"    ""    ""
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers"    ""    ""    ""    "7/27/2013 8:57 PM"    ""
+ "SASContextMenu Class"    "SUPERAntiSpyware Context Menu Extension"    "SUPERAntiSpyware.com"    "c:\program files\superantispyware\sasctxmn64.dll"    "6/6/2014 1:40 PM"    ""
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers"    ""    ""    ""    "2/25/2010 3:52 AM"    ""
+ "ACE"    "AMD Desktop Control Panel"    "Advanced Micro Devices, Inc."    "c:\program files (x86)\ati technologies\ati.ace\core-static\atiacm64.dll"    "1/22/2010 8:52 AM"    ""
+ "Gadgets"    "Sidebar droptarget"    "Microsoft Corporation"    "c:\program files\windows sidebar\sbdrop.dll"    "7/13/2009 8:32 PM"    ""
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers"    ""    ""    ""    "2/25/2010 3:52 AM"    ""
+ "Gadgets"    "Sidebar droptarget"    "Microsoft Corporation"    "c:\program files (x86)\windows sidebar\sbdrop.dll"    "7/13/2009 8:09 PM"    ""
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers"    ""    ""    ""    "2/25/2010 3:32 AM"    ""
+ "PDF Shell Extension"    "PDF Shell Extension"    "Adobe Systems, Inc."    "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"    "5/8/2013 5:17 AM"    ""
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers"    ""    ""    ""    "1/29/2015 7:17 PM"    ""
+ "Shell Extension for Malware scanning"    "AntiVirus context menu"    "Avira Operations GmbH & Co. KG"    "c:\program files (x86)\avira\antivir desktop\shlext64.dll"    "10/2/2014 6:19 AM"    ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers"    ""    ""    ""    "6/11/2013 6:56 PM"    ""
+ "AsusWSShellExt_B"    "AsusWSShellExt64"    "eCareme Technologies, Inc."    "c:\program files (x86)\asus\asus webstorage\service\asuswsshellext64.dll"    "11/26/2009 12:49 AM"    ""
+ "AsusWSShellExt_O"    "AsusWSShellExt64"    "eCareme Technologies, Inc."    "c:\program files (x86)\asus\asus webstorage\service\asuswsshellext64.dll"    "11/26/2009 12:49 AM"    ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"    ""    ""    ""    "7/27/2013 9:01 PM"    ""
+ "Windows Live ID Sign-in Helper"    "Microsoft® Windows Live ID Login Helper"    "Microsoft Corp."    "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"    "7/17/2012 5:11 PM"    ""
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"    ""    ""    ""    "1/30/2015 9:03 AM"    ""
+ "Adobe PDF Link Helper"    "Adobe PDF Helper for Internet Explorer"    "Adobe Systems Incorporated"    "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"    "5/8/2013 4:58 AM"    ""
+ "Java™ Plug-In 2 SSV Helper"    "Java™ Platform SE binary"    "Oracle Corporation"    "c:\program files (x86)\java\jre1.8.0_31\bin\jp2ssv.dll"    "12/18/2014 12:31 AM"    ""
+ "Java™ Plug-In SSV Helper"    "Java™ Platform SE binary"    "Oracle Corporation"    "c:\program files (x86)\java\jre1.8.0_31\bin\ssv.dll"    "12/18/2014 12:31 AM"    ""
+ "Unit"    ""    ""    "c:\users\lou lou\appdata\local\unitlayers\temp.dat"    "4/6/2013 10:18 PM"    ""
+ "Windows Live ID Sign-in Helper"    "Microsoft® Windows Live ID Login Helper"    "Microsoft Corp."    "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"    "7/17/2012 4:46 PM"    ""
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions"    ""    ""    ""    "7/27/2013 4:12 PM"    ""
+ "&Blog This in Windows Live Writer"    "Windows Live Writer Blog This Extension"    "Microsoft Corporation"    "c:\program files (x86)\windows live\writer\writerbrowserextension.dll"    "2/6/2013 1:43 AM"    ""
"Task Scheduler"    ""    ""    ""    ""    ""
+ "\Apple\AppleSoftwareUpdate"    "Apple Software Update"    "Apple Inc."    "c:\program files (x86)\apple software update\softwareupdate.exe"    "6/1/2011 7:46 PM"    ""
+ "\CCleanerSkipUAC"    "CCleaner"    "Piriform Ltd"    "c:\program files (x86)\ccleaner\ccleaner.exe"    "1/19/2015 5:43 PM"    ""
+ "\DigitalSite"    ""    ""    "File not found: C:\Users\LOULOU~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE"    ""    ""
+ "\DSite"    ""    ""    "File not found: C:\Users\LOULOU~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE"    ""    ""
+ "\FacebookUpdateTaskUserS-1-5-21-3766824117-4272595567-3208360276-1001Core"    "Facebook Installer"    "Facebook Inc."    "c:\users\lou lou\appdata\local\facebook\update\facebookupdate.exe"    "7/2/2012 4:07 PM"    ""
+ "\FacebookUpdateTaskUserS-1-5-21-3766824117-4272595567-3208360276-1001UA"    "Facebook Installer"    "Facebook Inc."    "c:\users\lou lou\appdata\local\facebook\update\facebookupdate.exe"    "7/2/2012 4:07 PM"    ""
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task"    "Windows Live Social Object Extractor Engine"    "Microsoft Corporation"    "c:\program files (x86)\windows live\soxe\wlsoxe.dll"    "2/6/2013 1:43 AM"    ""
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo"    ""    ""    "c:\windows\system32\gathernetworkinfo.vbs"    "6/10/2009 3:36 PM"    ""
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary"    "Windows Media Player Network Sharing Service Configuration Application"    "Microsoft Corporation"    "c:\program files\windows media player\wmpnscfg.exe"    "7/13/2009 7:24 PM"    ""
+ "\Microsoft_Hardware_Launch_IPoint_exe"    "IPoint.exe"    "Microsoft Corporation"    "c:\program files\microsoft intellipoint\ipoint.exe"    "11/3/2009 9:49 PM"    ""
+ "\SidebarExecute"    "Windows Desktop Gadgets"    "Microsoft Corporation"    "c:\program files\windows sidebar\sidebar.exe"    "11/20/2010 5:24 AM"    ""
+ "\Software Updater Ui"    "Software Updater"    ""    "c:\program files (x86)\softwareupdater\softwareupdater.ui.exe"    "12/18/2013 9:06 AM"    ""
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""    "1/30/2015 11:59 AM"    ""
+ "!SASCORE"    "SUPERAntiSpyware Core Service"    "SUPERAntiSpyware.com"    "c:\program files\superantispyware\sascore64.exe"    "7/22/2014 6:31 PM"    ""
+ "AdobeFlashPlayerUpdateSvc"    "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes."    "Adobe Systems Incorporated"    "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"    "1/23/2015 2:44 PM"    ""
+ "AFBAgent"    "ASUS FastBoot"    "ASUSTeK Computer Inc."    "c:\windows\system32\fbagent.exe"    "12/7/2009 3:15 AM"    ""
+ "AMD External Events Utility"    "AMD External Events Service Module"    "AMD"    "c:\windows\system32\atiesrxx.exe"    "1/22/2010 9:01 AM"    ""
+ "AntiVirMailService"    "Offers permanent protection against viruses and malware for email clients with the Avira search engine."    "Avira Operations GmbH & Co. KG"    "c:\program files (x86)\avira\antivir desktop\avmailc.exe"    "11/21/2014 5:58 AM"    ""
+ "AntiVirSchedulerService"    "Service to schedule Avira Antivirus Premium jobs and updates."    "Avira Operations GmbH & Co. KG"    "c:\program files (x86)\avira\antivir desktop\sched.exe"    "11/21/2014 5:58 AM"    ""
+ "AntiVirService"    "Offers permanent protection against viruses and malware with the Avira search engine."    "Avira Operations GmbH & Co. KG"    "c:\program files (x86)\avira\antivir desktop\avguard.exe"    "11/21/2014 5:58 AM"    ""
+ "AntiVirWebService"    "Offers permanent protection against viruses and malware for web browsers with the Avira search engine."    "Avira Operations GmbH & Co. KG"    "c:\program files (x86)\avira\antivir desktop\avwebgrd.exe"    "11/21/2014 5:57 AM"    ""
+ "Apple Mobile Device"    "Provides the interface to Apple mobile devices."    "Apple Inc."    "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"    "5/17/2012 10:06 PM"    ""
+ "ASLDRService"    "ASLDR Service"    "ASUS"    "c:\program files (x86)\asus\atk package\atk hotkey\asldrsrv.exe"    "6/15/2009 4:29 AM"    ""
+ "ATKGFNEXSrv"    "GFNEXSrv"    "ASUS"    "c:\program files (x86)\asus\atk package\atkgfnex\gfnexsrv.exe"    "12/14/2009 9:39 PM"    ""
+ "fsssvc"    "This service enables Family Safety on the computer. If this service is not running, Family Safety will not work."    "Microsoft Corporation"    "c:\program files (x86)\windows live\family safety\fsssvc.exe"    "2/6/2013 1:39 AM"    ""
+ "iPod Service"    "iPod hardware management services"    "Apple Inc."    "c:\program files\ipod\bin\ipodservice.exe"    "5/31/2013 1:27 PM"    ""
+ "LMS"    "Allows applications to access the local Intel® Management and Security Application using its locally-available selected network interfaces."    "Intel Corporation"    "c:\program files (x86)\intel\intel® management engine components\lms\lms.exe"    "9/30/2009 9:33 PM"    ""
+ "MozillaMaintenance"    "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled."    "Mozilla Foundation"    "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"    "1/23/2015 2:03 AM"    ""
+ "odserv"    "Run portions of Microsoft Office Diagnostics."    "Microsoft Corporation"    "c:\program files (x86)\common files\microsoft shared\office12\odserv.exe"    "7/20/2011 12:12 AM"    ""
+ "ose"    "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports."    "Microsoft Corporation"    "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"    "10/26/2006 4:00 PM"    ""
+ "SystemStoreService"    "Ensures the quality of the installed software."    ""    "c:\program files (x86)\softwareupdater\systemstore.exe"    "11/27/2013 5:31 AM"    ""
+ "TurboBoost"    "Turbo Boost Monitor Service"    "Intel® Corporation"    "c:\program files\intel\turboboost\turboboost.exe"    "8/6/2009 4:17 PM"    ""
+ "UNS"    "Intel® Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel® Management and Security Application Device."    "Intel Corporation"    "c:\program files (x86)\intel\intel® management engine components\uns\uns.exe"    "9/30/2009 9:34 PM"    ""
+ "WinDefend"    "Protection against spyware and potentially unwanted software"    "Microsoft Corporation"    "c:\program files\windows defender\mpsvc.dll"    "5/27/2013 12:51 AM"    ""
+ "wlidsvc"    "Enables Windows Live ID authentication."    "Microsoft Corp."    "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"    "7/17/2012 5:11 PM"    ""
+ "WMPNetworkSvc"    "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play"    "Microsoft Corporation"    "c:\program files\windows media player\wmpnetwk.exe"    "11/20/2010 6:18 AM"    ""
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""    "1/30/2015 11:59 AM"    ""
+ "adp94xx"    "Adaptec Windows SAS/SATA Storport Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\adp94xx.sys"    "12/5/2008 6:54 PM"    ""
+ "adpahci"    "Adaptec Windows SATA Storport Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\adpahci.sys"    "5/1/2007 12:30 PM"    ""
+ "adpu320"    "Adaptec StorPort Ultra320 SCSI Driver (X64)"    "Adaptec, Inc."    "c:\windows\system32\drivers\adpu320.sys"    "2/27/2007 7:04 PM"    ""
+ "aliide"    "ALi mini IDE Driver"    "Acer Laboratories Inc."    "c:\windows\system32\drivers\aliide.sys"    "7/13/2009 6:19 PM"    ""
+ "amdkmdag"    "ATI Radeon Kernel Mode Driver"    "ATI Technologies Inc."    "c:\windows\system32\drivers\atipmdag.sys"    "1/22/2010 8:46 AM"    ""
+ "amdkmdap"    "AMD multi-vendor Miniport Driver"    "Advanced Micro Devices, Inc."    "c:\windows\system32\drivers\atikmpag.sys"    "1/22/2010 8:07 AM"    ""
+ "amdsata"    "AHCI 1.2 Device Driver"    "Advanced Micro Devices"    "c:\windows\system32\drivers\amdsata.sys"    "3/18/2010 7:45 PM"    ""
+ "amdsbs"    "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform"    "AMD Technologies Inc."    "c:\windows\system32\drivers\amdsbs.sys"    "3/20/2009 1:36 PM"    ""
+ "amdxata"    "Storage Filter Driver"    "Advanced Micro Devices"    "c:\windows\system32\drivers\amdxata.sys"    "3/19/2010 11:18 AM"    ""
+ "arc"    "Adaptec RAID Storport Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\arc.sys"    "5/24/2007 4:27 PM"    ""
+ "arcsas"    "Adaptec SAS RAID WS03 Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\arcsas.sys"    "1/14/2009 2:27 PM"    ""
+ "ASMMAP64"    "Memory mapping Driver"    "ASUS"    "c:\program files (x86)\asus\atk package\atkgfnex\asmmap64.sys"    "7/2/2009 4:13 AM"    ""
+ "athr"    "Atheros Extensible Wireless LAN device driver"    "Atheros Communications, Inc."    "c:\windows\system32\drivers\athrx.sys"    "10/5/2009 11:33 AM"    ""
+ "AtiHdmiService"    "ATI High Definition Audio Function Driver"    "ATI Technologies, Inc."    "c:\windows\system32\drivers\atihdmi.sys"    "9/30/2009 8:54 AM"    ""
+ "atikmdag"    "ATI Radeon Kernel Mode Driver"    "ATI Technologies Inc."    "c:\windows\system32\drivers\atikmdag.sys"    "1/22/2010 8:46 AM"    ""
+ "avgntflt"    "Avira mini-filter driver"    "Avira Operations GmbH & Co. KG"    "c:\windows\system32\drivers\avgntflt.sys"    "7/11/2014 10:46 AM"    ""
+ "avipbb"    "Avira Security Enhancement Driver"    "Avira Operations GmbH & Co. KG"    "c:\windows\system32\drivers\avipbb.sys"    "8/6/2014 2:31 AM"    ""
+ "avkmgr"    "Avira Manager Driver"    "Avira Operations GmbH & Co. KG"    "c:\windows\system32\drivers\avkmgr.sys"    "9/16/2013 6:14 AM"    ""
+ "b06bdrv"    "Broadcom NetXtreme II GigE VBD"    "Broadcom Corporation"    "c:\windows\system32\drivers\bxvbda.sys"    "2/13/2009 5:18 PM"    ""
+ "b57nd60a"    "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver."    "Broadcom Corporation"    "c:\windows\system32\drivers\b57nd60a.sys"    "4/26/2009 6:14 AM"    ""
+ "BrFiltLo"    "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver"    "Brother Industries, Ltd."    "c:\windows\system32\drivers\brfiltlo.sys"    "8/6/2006 8:51 PM"    ""
+ "BrFiltUp"    "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver"    "Brother Industries, Ltd."    "c:\windows\system32\drivers\brfiltup.sys"    "8/6/2006 8:51 PM"    ""
+ "Brserid"    "Brotehr Serial I/F Driver (WDM)"    "Brother Industries Ltd."    "c:\windows\system32\drivers\brserid.sys"    "8/6/2006 8:51 PM"    ""
+ "BrSerWdm"    "Brother Serial driver (WDM version)"    "Brother Industries Ltd."    "c:\windows\system32\drivers\brserwdm.sys"    "8/6/2006 8:51 PM"    ""
+ "BrUsbMdm"    "Brother USB MDM Driver "    "Brother Industries Ltd."    "c:\windows\system32\drivers\brusbmdm.sys"    "8/6/2006 8:51 PM"    ""
+ "BrUsbSer"    "Brother USB Serial Driver"    "Brother Industries Ltd."    "c:\windows\system32\drivers\brusbser.sys"    "8/9/2006 7:11 AM"    ""
+ "cmdide"    "CMD PCI IDE Bus Driver"    "CMD Technology, Inc."    "c:\windows\system32\drivers\cmdide.sys"    "7/13/2009 6:19 PM"    ""
+ "CnxtHdAudService"    "64-bit High Definition Audio Function Driver"    "Conexant Systems Inc."    "c:\windows\system32\drivers\chdrt64.sys"    "10/30/2009 12:50 PM"    ""
+ "ebdrv"    "Broadcom NetXtreme II 10 GigE VBD"    "Broadcom Corporation"    "c:\windows\system32\drivers\evbda.sys"    "12/31/2008 11:29 AM"    ""
+ "elxstor"    "Storport Miniport Driver for LightPulse HBAs"    "Emulex"    "c:\windows\system32\drivers\elxstor.sys"    "2/3/2009 5:52 PM"    ""
+ "ETD"    "ETD Control Center"    "ELAN Microelectronic Corp."    "c:\windows\system32\drivers\etd.sys"    "1/18/2010 7:37 AM"    ""
+ "GEARAspiWDM"    "CD DVD Filter"    "GEAR Software Inc."    "c:\windows\system32\drivers\gearaspiwdm.sys"    "5/3/2012 2:56 PM"    ""
+ "hcw85cir"    "Hauppauge WinTV 885 Consumer IR Driver for eHome"    "Hauppauge Computer Works, Inc."    "c:\windows\system32\drivers\hcw85cir.sys"    "5/11/2009 3:26 AM"    ""
+ "HECIx64"    "Intel® Management Engine Interface"    "Intel Corporation"    "c:\windows\system32\drivers\hecix64.sys"    "9/17/2009 2:54 PM"    ""
+ "HpSAMD"    "Smart Array SAS/SATA Controller Media Driver"    "Hewlett-Packard Company"    "c:\windows\system32\drivers\hpsamd.sys"    "4/20/2010 1:32 PM"    ""
+ "iaStor"    "Intel Matrix Storage Manager driver - x64"    "Intel Corporation"    "c:\windows\system32\drivers\iastor.sys"    "12/17/2009 1:41 PM"    ""
+ "iaStorV"    "Intel Matrix Storage Manager driver - x64"    "Intel Corporation"    "c:\windows\system32\drivers\iastorv.sys"    "6/10/2010 7:46 PM"    ""
+ "iirsp"    "Intel/ICP Raid Storport Driver"    "Intel Corp./ICP vortex GmbH"    "c:\windows\system32\drivers\iirsp.sys"    "12/13/2005 4:47 PM"    ""
+ "Impcd"    "Intel® Turbo Boost Technology Driver"    "Intel Corporation"    "c:\windows\system32\drivers\impcd.sys"    "10/26/2009 3:39 PM"    ""
+ "JMCR"    "JMicron JMB38X Flash Media Controller Driver"    "JMicron Technology Corporation"    "c:\windows\system32\drivers\jmcr.sys"    "8/18/2009 3:23 AM"    ""
+ "JME"    "JMicron NDIS6.20 Driver"    "JMicron Technology Corp."    "c:\windows\system32\drivers\jme.sys"    "12/3/2009 9:14 PM"    ""
+ "kbfiltr"    "Keyboard Filter Driver"    " "    "c:\windows\system32\drivers\kbfiltr.sys"    "7/20/2009 4:21 AM"    ""
+ "LSI_FC"    "LSI Fusion-MPT FC Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_fc.sys"    "12/9/2008 5:46 PM"    ""
+ "LSI_SAS"    "LSI Fusion-MPT SAS Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_sas.sys"    "5/18/2009 7:20 PM"    ""
+ "LSI_SAS2"    "LSI SAS Gen2 Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_sas2.sys"    "5/18/2009 7:31 PM"    ""
+ "LSI_SCSI"    "LSI Fusion-MPT SCSI Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_scsi.sys"    "4/16/2009 5:13 PM"    ""
+ "lullaby"    "lullabyFilter mini-filter driver"    "Windows ® Win 7 DDK provider"    "c:\windows\system32\drivers\lullaby.sys"    "6/17/2009 9:45 PM"    ""
+ "megasas"    "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64"    "LSI Corporation"    "c:\windows\system32\drivers\megasas.sys"    "5/18/2009 8:09 PM"    ""
+ "MegaSR"    "LSI MegaRAID Software RAID Driver"    "LSI Corporation, Inc."    "c:\windows\system32\drivers\megasr.sys"    "5/18/2009 8:25 PM"    ""
+ "MTsensor"    "ATK0100 ACPI Utility"    "ASUS"    "c:\windows\system32\drivers\atk64amd.sys"    "5/12/2009 8:04 PM"    ""
+ "netr7364"    "Ralink 802.11 USB Wireless Adapter Driver"    "Ralink Technology, Corp."    "c:\windows\system32\drivers\netr7364.sys"    "3/12/2009 10:13 PM"    ""
+ "nfrd960"    "IBM ServeRAID Controller Driver"    "IBM Corporation"    "c:\windows\system32\drivers\nfrd960.sys"    "6/6/2006 4:11 PM"    ""
+ "nvraid"    "NVIDIA® nForce™ RAID Driver"    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvraid.sys"    "3/19/2010 3:59 PM"    ""
+ "nvstor"    "NVIDIA® nForce™ Sata Performance Driver"    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvstor.sys"    "3/19/2010 3:45 PM"    ""
+ "ql2300"    "QLogic Fibre Channel Stor Miniport Driver"    "QLogic Corporation"    "c:\windows\system32\drivers\ql2300.sys"    "1/22/2009 6:05 PM"    ""
+ "ql40xx"    "QLogic iSCSI Storport Miniport Driver"    "QLogic Corporation"    "c:\windows\system32\drivers\ql40xx.sys"    "5/18/2009 8:18 PM"    ""
+ "SASDIFSV"    "SASDIFSV64.SYS"    "SUPERAdBlocker.com and SUPERAntiSpyware.com"    "c:\program files\superantispyware\sasdifsv64.sys"    "7/21/2011 6:03 PM"    ""
+ "SASKUTIL"    "SASKUTIL64.SYS"    "SUPERAdBlocker.com and SUPERAntiSpyware.com"    "c:\program files\superantispyware\saskutil64.sys"    "7/12/2011 4:00 PM"    ""
+ "secdrv"    "Macrovision SECURITY Driver"    "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K."    "c:\windows\system32\drivers\secdrv.sys"    "9/13/2006 8:18 AM"    ""
+ "SiSGbeLH"    "NDIS 6.0 Miniport Driver for SiS191/SiS190 Ethernet Device"    "Silicon Integrated Systems Corp."    "c:\windows\system32\drivers\sisg664.sys"    "2/26/2009 4:42 AM"    ""
+ "SiSRaid2"    "SiS RAID Stor Miniport Driver"    "Silicon Integrated Systems Corp."    "c:\windows\system32\drivers\sisraid2.sys"    "9/24/2008 1:28 PM"    ""
+ "SiSRaid4"    "SiS AHCI Stor-Miniport Driver"    "Silicon Integrated Systems"    "c:\windows\system32\drivers\sisraid4.sys"    "10/1/2008 4:56 PM"    ""
+ "SNP2UVC"    "UVC Camera Streaming Driver"    ""    "c:\windows\system32\drivers\snp2uvc.sys"    "8/19/2009 9:41 PM"    ""
+ "stexstor"    "Promise  SuperTrak EX Series Driver for Windows "    "Promise Technology"    "c:\windows\system32\drivers\stexstor.sys"    "2/17/2009 6:03 PM"    ""
+ "SWDUMon"    "Driver Update Installer Monitor"    ""    "c:\windows\system32\drivers\swdumon.sys"    "6/22/2013 3:06 PM"    ""
+ "TBIMount"    "TBIMount for TeraByte Image Files"    "TeraByte, Inc."    "c:\windows\system32\drivers\tbimount.sys"    "12/1/2010 9:49 PM"    ""
+ "TurboB"    "Turbo Boost UI Monitor driver"    ""    "c:\windows\system32\drivers\turbob.sys"    "8/6/2009 4:17 PM"    ""
+ "USBAAPL64"    "Apple Mobile Device USB Driver"    "Apple, Inc."    "c:\windows\system32\drivers\usbaapl64.sys"    "11/27/2012 6:38 PM"    ""
+ "viaide"    "VIA Generic PCI IDE Bus Driver"    "VIA Technologies, Inc."    "c:\windows\system32\drivers\viaide.sys"    "7/13/2009 6:19 PM"    ""
+ "vsmraid"    "VIA RAID DRIVER FOR AMD-X86-64"    "VIA Technologies Inc.,Ltd"    "c:\windows\system32\drivers\vsmraid.sys"    "1/30/2009 8:18 PM"    ""
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32"    ""    ""    ""    "10/9/2013 10:39 AM"    ""
+ "msacm.l3acm"    "MPEG Layer-3 Audio Codec for MSACM"    "Fraunhofer Institut Integrierte Schaltungen IIS"    "c:\windows\system32\l3codeca.acm"    "7/13/2009 8:28 PM"    ""
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32"    ""    ""    ""    "8/18/2013 8:30 PM"    ""
+ "msacm.l3acm"    "MPEG Layer-3 Audio Codec for MSACM"    "Fraunhofer Institut Integrierte Schaltungen IIS"    "c:\windows\syswow64\l3codeca.acm"    "7/13/2009 8:06 PM"    ""
+ "vidc.cvid"    "Cinepak® Codec"    "Radius Inc."    "c:\windows\syswow64\iccvid.dll"    "11/20/2010 6:59 AM"    ""
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance"    ""    ""    ""    "2/25/2010 3:58 AM"    ""
+ "ASUS Color Preview Filter"    "ASUS Color Preview Filter"    "ASUSTek"    "c:\program files (x86)\asus\splendid\rgbtran.ax"    "10/9/2006 6:19 AM"    ""
+ "ATI MPEG Audio Encoder"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"    "1/22/2010 9:08 AM"    ""
+ "ATI MPEG File Writer"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"    "1/22/2010 9:08 AM"    ""
+ "ATI MPEG Multiplexer"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"    "1/22/2010 9:08 AM"    ""
+ "ATI MPEG Video Decoder"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"    "1/22/2010 9:08 AM"    ""
+ "ATI MPEG Video Encoder"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"    "1/22/2010 9:08 AM"    ""
+ "ATI Video Rotation Filter"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"    "1/22/2010 9:08 AM"    ""
+ "ATI Video Scaler Filter"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"    "1/22/2010 9:08 AM"    ""
+ "Color Convert"    "ASUS Color Preview Filter"    "ASUSTek"    "c:\program files (x86)\asus\splendid\rgbtran.ax"    "10/9/2006 6:19 AM"    ""
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance"    ""    ""    ""    "1/29/2015 2:44 PM"    ""
+ "ASUS SplitVCam Pump"    ""    ""    "c:\program files (x86)\asus\virtualcamera\virtualcamera.ax"    "9/22/2009 10:07 PM"    ""
+ "ASUS SplitVCam Relayer"    ""    ""    "c:\program files (x86)\asus\virtualcamera\virtualcamera.ax"    "9/22/2009 10:07 PM"    ""
+ "ASUS SplitVCam Renderer"    ""    ""    "c:\program files (x86)\asus\virtualcamera\splitvcamrenderer.ax"    "9/22/2009 10:07 PM"    ""
+ "ASUS Virtual Camera"    ""    ""    "c:\program files (x86)\asus\virtualcamera\virtualcamera.ax"    "9/22/2009 10:07 PM"    ""
+ "ATI MPEG Audio Encoder"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files\common files\ati technologies\multimedia\atimpenc.dll"    "1/22/2010 9:03 AM"    ""
+ "ATI MPEG File Writer"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files\common files\ati technologies\multimedia\atimpenc.dll"    "1/22/2010 9:03 AM"    ""
+ "ATI MPEG Multiplexer"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files\common files\ati technologies\multimedia\atimpenc.dll"    "1/22/2010 9:03 AM"    ""
+ "ATI MPEG Video Decoder"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files\common files\ati technologies\multimedia\atimpenc.dll"    "1/22/2010 9:03 AM"    ""
+ "ATI MPEG Video Encoder"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files\common files\ati technologies\multimedia\atimpenc.dll"    "1/22/2010 9:03 AM"    ""
+ "ATI Ticker"    ""    ""    "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\ticker.ax"    "1/22/2010 8:51 AM"    ""
+ "ATI Video Rotation Filter"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files\common files\ati technologies\multimedia\atimpenc.dll"    "1/22/2010 9:03 AM"    ""
+ "ATI Video Scaler Filter"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files\common files\ati technologies\multimedia\atimpenc.dll"    "1/22/2010 9:03 AM"    ""
+ "Capture File Writer"    "Photo Gallery Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"    "2/6/2013 1:40 AM"    ""
+ "Gargle"    "Gargle Filter (Sample)"    "Microsoft Corporation"    "c:\program files (x86)\asus\asus lifeframe3\lifeframeaudio.ax"    "8/7/2006 3:44 AM"    ""
+ "LifeFrame Image Effects"    "Camera Filter"    "ASUS"    "c:\program files (x86)\asus\asus lifeframe3\camera_effect.ax"    "11/27/2007 7:25 AM"    ""
+ "Logon Effects"    "SmartLogon Filter"    "ASUS"    "c:\program files (x86)\asus\smartlogon\face_filter.ax"    "6/17/2008 8:23 AM"    ""
+ "MMACE Deinterlace"    ""    ""    "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"    "1/22/2010 8:51 AM"    ""
+ "MMACE ProcAmp"    ""    ""    "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"    "1/22/2010 8:51 AM"    ""
+ "MMACE SoftEmu"    ""    ""    "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"    "1/22/2010 8:51 AM"    ""
+ "MotionDetect"    ""    ""    "c:\program files (x86)\asus\asus lifeframe3\motiondetect.ax"    "3/7/2006 12:50 AM"    ""
+ "Record Queue"    "Photo Gallery Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"    "2/6/2013 1:40 AM"    ""
+ "WM VIH2 Fix"    "Photo Gallery Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"    "2/6/2013 1:40 AM"    ""
+ "WMT DV Extract Filter"    "Photo Gallery Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"    "2/6/2013 1:40 AM"    ""
+ "WMT Sample Info Filter"    "Photo Gallery Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"    "2/6/2013 1:40 AM"    ""
+ "WMT Switch Filter"    "Photo Gallery Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"    "2/6/2013 1:40 AM"    ""
+ "WMT Virtual Renderer"    "Photo Gallery Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"    "2/6/2013 1:40 AM"    ""
+ "WMT Virtual Source"    "Photo Gallery Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"    "2/6/2013 1:40 AM"    ""
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute"    ""    ""    ""    "1/30/2015 10:05 AM"    ""
+ "chkvdisk"    ""    ""    "File not found: chkvdisk"    ""    ""
"HKLM\SOFTWARE\Classes\Htmlfile\Shell\Open\Command\(Default)"    ""    ""    ""    "4/1/2013 9:07 PM"    ""
+ "C:\Program Files\Internet Explorer\iexplore.exe"    "Internet Explorer"    "Microsoft Corporation"    "c:\program files\internet explorer\iexplore.exe"    "11/21/2014 7:57 PM"    ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers"    ""    ""    ""    "6/11/2013 7:02 PM"    ""
+ "FaceCredentialProvider64"    "SmartLogon Dynamic Link Library"    "ASUS"    "c:\program files (x86)\asus\smartlogon\system\facecredentialprovider64.dll"    "4/30/2009 4:28 AM"    ""
+ "WLIDCredentialProvider"    "Microsoft® Windows Live ID Credential Provider"    "Microsoft Corp."    "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"    "7/17/2012 5:11 PM"    ""
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries"    ""    ""    ""    "10/24/2012 1:32 PM"    ""
+ "AVSDA"    "AntiVir layered service provider"    "Avira Operations GmbH & Co. KG"    "c:\program files (x86)\avira\antivir desktop\avsda.dll"    "4/30/2014 10:28 AM"    ""
+ "AVSDA over [MSAFD Tcpip [TCP/IP]]"    "AntiVir layered service provider"    "Avira Operations GmbH & Co. KG"    "c:\program files (x86)\avira\antivir desktop\avsda.dll"    "4/30/2014 10:28 AM"    ""
+ "AVSDA over [MSAFD Tcpip [TCP/IPv6]]"    "AntiVir layered service provider"    "Avira Operations GmbH & Co. KG"    "c:\program files (x86)\avira\antivir desktop\avsda.dll"    "4/30/2014 10:28 AM"    ""
+ "AVSDA over [MSAFD Tcpip [UDP/IP]]"    "AntiVir layered service provider"    "Avira Operations GmbH & Co. KG"    "c:\program files (x86)\avira\antivir desktop\avsda.dll"    "4/30/2014 10:28 AM"    ""
+ "AVSDA over [MSAFD Tcpip [UDP/IPv6]]"    "AntiVir layered service provider"    "Avira Operations GmbH & Co. KG"    "c:\program files (x86)\avira\antivir desktop\avsda.dll"    "4/30/2014 10:28 AM"    ""
+ "AVSDA over [RSVP TCP Service Provider]"    "AntiVir layered service provider"    "Avira Operations GmbH & Co. KG"    "c:\program files (x86)\avira\antivir desktop\avsda.dll"    "4/30/2014 10:28 AM"    ""
+ "AVSDA over [RSVP TCPv6 Service Provider]"    "AntiVir layered service provider"    "Avira Operations GmbH & Co. KG"    "c:\program files (x86)\avira\antivir desktop\avsda.dll"    "4/30/2014 10:28 AM"    ""
+ "AVSDA over [RSVP UDP Service Provider]"    "AntiVir layered service provider"    "Avira Operations GmbH & Co. KG"    "c:\program files (x86)\avira\antivir desktop\avsda.dll"    "4/30/2014 10:28 AM"    ""
+ "AVSDA over [RSVP UDPv6 Service Provider]"    "AntiVir layered service provider"    "Avira Operations GmbH & Co. KG"    "c:\program files (x86)\avira\antivir desktop\avsda.dll"    "4/30/2014 10:28 AM"    ""
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries"    ""    ""    ""    "1/29/2015 2:41 PM"    ""
+ "WindowsLive Local NSP"    "Microsoft® Windows Live ID Namespace Provider"    "Microsoft Corp."    "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"    "7/17/2012 4:45 PM"    ""
+ "WindowsLive NSP"    "Microsoft® Windows Live ID Namespace Provider"    "Microsoft Corp."    "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"    "7/17/2012 4:45 PM"    ""
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64"    ""    ""    ""    "10/24/2012 1:32 PM"    ""
+ "AVSDA"    "AntiVir layered service provider"    "Avira Operations GmbH & Co. KG"    "c:\program files (x86)\avira\antivir desktop\avsda64.dll"    "4/30/2014 10:30 AM"    ""
+ "AVSDA over [MSAFD Tcpip [TCP/IP]]"    "AntiVir layered service provider"    "Avira Operations GmbH & Co. KG"    "c:\program files (x86)\avira\antivir desktop\avsda64.dll"    "4/30/2014 10:30 AM"    ""
+ "AVSDA over [MSAFD Tcpip [TCP/IPv6]]"    "AntiVir layered service provider"    "Avira Operations GmbH & Co. KG"    "c:\program files (x86)\avira\antivir desktop\avsda64.dll"    "4/30/2014 10:30 AM"    ""
+ "AVSDA over [MSAFD Tcpip [UDP/IP]]"    "AntiVir layered service provider"    "Avira Operations GmbH & Co. KG"    "c:\program files (x86)\avira\antivir desktop\avsda64.dll"    "4/30/2014 10:30 AM"    ""
+ "AVSDA over [MSAFD Tcpip [UDP/IPv6]]"    "AntiVir layered service provider"    "Avira Operations GmbH & Co. KG"    "c:\program files (x86)\avira\antivir desktop\avsda64.dll"    "4/30/2014 10:30 AM"    ""
+ "AVSDA over [RSVP TCP Service Provider]"    "AntiVir layered service provider"    "Avira Operations GmbH & Co. KG"    "c:\program files (x86)\avira\antivir desktop\avsda64.dll"    "4/30/2014 10:30 AM"    ""
+ "AVSDA over [RSVP TCPv6 Service Provider]"    "AntiVir layered service provider"    "Avira Operations GmbH & Co. KG"    "c:\program files (x86)\avira\antivir desktop\avsda64.dll"    "4/30/2014 10:30 AM"    ""
+ "AVSDA over [RSVP UDP Service Provider]"    "AntiVir layered service provider"    "Avira Operations GmbH & Co. KG"    "c:\program files (x86)\avira\antivir desktop\avsda64.dll"    "4/30/2014 10:30 AM"    ""
+ "AVSDA over [RSVP UDPv6 Service Provider]"    "AntiVir layered service provider"    "Avira Operations GmbH & Co. KG"    "c:\program files (x86)\avira\antivir desktop\avsda64.dll"    "4/30/2014 10:30 AM"    ""
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64"    ""    ""    ""    "1/29/2015 2:41 PM"    ""
+ "WindowsLive Local NSP"    "Microsoft® Windows Live ID Namespace Provider"    "Microsoft Corp."    "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"    "7/17/2012 5:09 PM"    ""
+ "WindowsLive NSP"    "Microsoft® Windows Live ID Namespace Provider"    "Microsoft Corp."    "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"    "7/17/2012 5:09 PM"    ""
 



#6 Phantom010

Phantom010

  • Members
  • 1,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cyberspace
  • Local time:10:23 AM

Posted 30 January 2015 - 02:25 PM

Please run Autoruns again.

 

Select the Scheduled Tasks tab.

 

Right-click and delete both the following entries:

DigitalSite"    ""    ""    "File not found: C:\Users\LOULOU~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE"
DSite"    ""    ""    "File not found: C:\Users\LOULOU~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE"

Restart the computer.

 

Still getting the RunDLL pop-up?



#7 WilliamP

WilliamP
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:23 AM

Posted 30 January 2015 - 02:45 PM

It won't let me delete them.



#8 Phantom010

Phantom010

  • Members
  • 1,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cyberspace
  • Local time:10:23 AM

Posted 30 January 2015 - 02:49 PM

Can you simply remove the check marks?

 

What was the malware removal program you ran before having this issue?


Edited by Phantom010, 30 January 2015 - 02:50 PM.


#9 WilliamP

WilliamP
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:23 AM

Posted 30 January 2015 - 03:00 PM

I had to right click on Autoruns and cick on Run as Administrator. Iwas able to delete them but I still got the pop up. I ran Superantispyware, Maleware Bytes and Avira Prem.



#10 Phantom010

Phantom010

  • Members
  • 1,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cyberspace
  • Local time:10:23 AM

Posted 30 January 2015 - 03:09 PM

Please download AdwCleaner.

  • Double-click the adwcleaner.exe to run the tool.
  • Click Scan.
  • When the scan is finished, click Clean.
  • When the cleaning process is over, click Report and a Notepad window will be opened.
  • Please post the contents into your next reply.


#11 WilliamP

WilliamP
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:23 AM

Posted 30 January 2015 - 03:42 PM

 AdwCleaner v4.109 - Report created 30/01/2015 at 15:39:48
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Lou Lou - LOULOU-PC
# Running from : C:\Users\Lou Lou\Downloads\adwcleaner_4.109.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : SystemStoreService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\wincert
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Program Files (x86)\SoftwareUpdater
Folder Deleted : C:\Program Files (x86)\WebCake
Folder Deleted : C:\Program Files (x86)\OnlineVault
Folder Deleted : C:\Program Files (x86)\Common Files\337
Folder Deleted : C:\Users\Lou Lou\AppData\Local\Conduit
Folder Deleted : C:\Users\Lou Lou\AppData\Local\Software_Updater
Folder Deleted : C:\Users\Lou Lou\AppData\Local\SoftwareUpdater
Folder Deleted : C:\Users\Lou Lou\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Lou Lou\AppData\Local\unitlayers
Folder Deleted : C:\Users\Lou Lou\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Lou Lou\AppData\LocalLow\Delta
Folder Deleted : C:\Users\Lou Lou\AppData\Roaming\BabSolution
Folder Deleted : C:\Users\Lou Lou\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Lou Lou\AppData\Roaming\digitalsite
Folder Deleted : C:\Users\Lou Lou\AppData\Roaming\DigitalSites
Folder Deleted : C:\Users\Lou Lou\AppData\Roaming\DSite
Folder Deleted : C:\Users\Lou Lou\AppData\Roaming\eIntaller
Folder Deleted : C:\Users\Lou Lou\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Lou Lou\AppData\Roaming\xVidly
Folder Deleted : C:\Users\Lou Lou\AppData\Roaming\SmartPCFix
Folder Deleted : C:\Users\Lou Lou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
Folder Deleted : C:\Users\Lou Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh
File Deleted : C:\END
File Deleted : C:\Users\Lou Lou\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\xVidly.lnk
File Deleted : C:\Users\Lou Lou\AppData\Roaming\Mozilla\Firefox\Profiles\30yav3pm.default\invalidprefs.js
File Deleted : C:\Users\Lou Lou\AppData\Roaming\Mozilla\Firefox\Profiles\30yav3pm.default\searchplugins\Ask.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\Ask.xml
File Deleted : C:\Users\Lou Lou\AppData\Roaming\Mozilla\Firefox\Profiles\30yav3pm.default\searchplugins\BrowserDefender.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\Lou Lou\AppData\Roaming\Mozilla\Firefox\Profiles\30yav3pm.default\user.js

***** [ Scheduled Tasks ] *****

Task Deleted : Dealply
Task Deleted : Desk 365 RunAsStdUser
Task Deleted : EPUpdater
Task Deleted : Software Updater Ui
Task Deleted : Software Updater

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Lou Lou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainerV2]
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BackgroundHost.EXE
Key Deleted : HKCU\Software\5eed7ddbd38e448
Key Deleted : HKLM\SOFTWARE\5eed7ddbd38e448
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{756C097C-6BDB-45DE-A8F1-83E01AB86BA4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C17A0751-580B-466B-8271-5C73EFDC1295}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F74E6442-E998-4144-AAF2-4D653061239A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C17A0751-580B-466B-8271-5C73EFDC1295}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2002}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2002}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0CF97251-3EE3-4DB0-804E-8C0926EBD35B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3D75010A-DEEA-4A1A-AC8C-F7FDC63B3B2C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2002}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Tbccint_HKLM
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\LyricsFinder
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainerV2
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Desksvc
Key Deleted : HKLM\SOFTWARE\eSafeSecControl
Key Deleted : HKLM\SOFTWARE\hdcode
Key Deleted : HKLM\SOFTWARE\iLividSRTB
Key Deleted : HKLM\SOFTWARE\torch
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DigitalSite
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0.1 (x86 en-US)

[30yav3pm.default\prefs.js] - Line Deleted : user_pref("extentions.webcake.installId", "5c2b4f9e-cc3b-425f-8aee-f71a739bc19e");

-\\ Google Chrome v

[C:\Users\Lou Lou\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN25177255827603149&ctid=CT3297947&UM=2
[C:\Users\Lou Lou\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : gjkpcnacdgdlpfejlgflolpaigoicibh

*************************

AdwCleaner[R0].txt - [16741 octets] - [30/01/2015 15:38:10]
AdwCleaner[S0].txt - [15155 octets] - [30/01/2015 15:39:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15216 octets] ##########
 



#12 WilliamP

WilliamP
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:23 AM

Posted 30 January 2015 - 03:45 PM

That stopped the pop up. Thank you.



#13 Phantom010

Phantom010

  • Members
  • 1,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cyberspace
  • Local time:10:23 AM

Posted 30 January 2015 - 03:51 PM

I had seen the following entry in Autoruns, which was probably the one persisting, but I wasn't sure what it was. Deleting the task in Autoruns might have fixed the RunDLL issue as well.

Software Updater Ui"    "Software Updater"    ""    "c:\program files (x86)\softwareupdater\softwareupdater.ui.exe"

Anyway, AdwCleaner fixed it and removed a lot more...

 

Glad it's fixed! :thumbup2:



#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:23 AM

Posted 30 January 2015 - 03:59 PM

Moved to Am I Infected. As it was and others will find it there.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users