Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Antivirus 2010 removal help needed


  • Please log in to reply

#1
shiena

shiena

    New Member

  • Member
  • Pip
  • 1 posts

Every time I open my PC a message always popped out saying "The application or DLL c:\program files\settings manager\smdmf\x64\syapcrt.dll is not a valid Windows image. Please check this against your installation diskette.

How can I fixed this? Hope you'd help me. Thanks a lot!

 

OTL logfile created on: 1/8/2015 3:34:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = e:\Documents and Settings\Neneng Ebarle\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
510.98 Mb Total Physical Memory | 146.23 Mb Available Physical Memory | 28.62% Memory free
1.41 Gb Paging File | 0.68 Gb Available in Paging File | 48.63% Paging File free
Paging file location(s): C:\pagefile.sys 960 1920 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 18.39 Gb Free Space | 49.36% Space Free | Partition Type: NTFS
Drive E: | 37.26 Gb Total Space | 14.61 Gb Free Space | 39.22% Space Free | Partition Type: NTFS
 
Computer Name: WINDFIEL-2299EC | User Name: Neneng Ebarle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/01/08 15:34:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- e:\Documents and Settings\Neneng Ebarle\My Documents\Downloads\OTL.scr
PRC - [2015/01/08 15:28:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- e:\Documents and Settings\Neneng Ebarle\My Documents\Downloads\OTL.exe
PRC - [2014/12/24 18:27:11 | 002,665,984 | ---- | M] () -- C:\Program Files\Search Extensions\Client.exe
PRC - [2014/12/06 09:50:53 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/10/05 21:01:25 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\avastui.exe
PRC - [2014/10/03 20:58:24 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2014/09/22 15:19:43 | 003,587,088 | ---- | M] (Aztec Media Inc) -- C:\Program Files\Settings Manager\smdmf\smdmfu.exe
PRC - [2014/09/22 15:19:39 | 003,572,240 | ---- | M] (Aztec Media Inc) -- C:\Program Files\Settings Manager\smdmf\SmdmFService.exe
PRC - [2012/06/22 21:55:48 | 000,265,952 | ---- | M] () -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
PRC - [2011/10/28 12:18:46 | 000,049,208 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe
PRC - [2010/09/03 04:18:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.189\SSScheduler.exe
PRC - [2010/07/27 19:11:18 | 000,991,232 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\Edimax\11n USB Wireless LAN Utility\RtWLan.exe
PRC - [2009/03/10 22:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2008/11/26 03:58:40 | 000,081,920 | R--- | M] () -- C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
PRC - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/06/24 16:06:06 | 001,840,424 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008/04/14 13:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/07/23 11:25:06 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
PRC - [2003/12/13 08:50:34 | 000,033,792 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2003/02/11 08:10:00 | 000,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/01/08 10:42:36 | 002,909,696 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\15010701\algo.dll
MOD - [2014/12/24 18:27:11 | 002,665,984 | ---- | M] () -- C:\Program Files\Search Extensions\Client.exe
MOD - [2014/12/06 09:50:50 | 009,009,480 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
MOD - [2014/12/06 09:50:44 | 001,677,128 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
MOD - [2014/10/05 17:30:13 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll
MOD - [2014/10/03 20:58:39 | 019,329,904 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\libcef.dll
MOD - [2014/10/03 20:58:30 | 000,301,152 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\aswProperty.dll
MOD - [2014/10/02 14:48:36 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1cdfe1998ad6794db3237006906c6fa2\System.Windows.Forms.ni.dll
MOD - [2014/10/01 14:17:44 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll
MOD - [2014/10/01 14:14:43 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\424bff3295c6e7539cc6df62b9425bd0\System.Drawing.ni.dll
MOD - [2014/09/30 16:34:18 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
MOD - [2014/09/30 16:31:42 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
MOD - [2014/09/22 15:19:47 | 000,489,488 | ---- | M] () -- C:\Program Files\Settings Manager\smdmf\sysapcrt.dll
MOD - [2014/09/22 15:19:41 | 000,019,472 | ---- | M] () -- C:\Program Files\Settings Manager\smdmf\smdmfldr.dll
MOD - [2012/06/22 21:55:48 | 000,265,952 | ---- | M] () -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
MOD - [2010/06/01 10:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2009/12/09 21:20:06 | 000,126,976 | ---- | M] () -- C:\Program Files\Edimax\11n USB Wireless LAN Utility\EnumDevLib.dll
MOD - [2008/11/26 03:58:40 | 000,081,920 | R--- | M] () -- C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
MOD - [2008/04/14 13:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 13:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/07/12 11:11:54 | 001,163,264 | ---- | M] () -- C:\Program Files\Edimax\11n USB Wireless LAN Utility\acAuth.dll
MOD - [2003/12/13 08:50:34 | 000,033,792 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2014/12/29 15:41:09 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/10/03 20:58:24 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/09/22 15:19:39 | 003,572,240 | ---- | M] (Aztec Media Inc) [Auto | Running] -- C:\Program Files\Settings Manager\smdmf\SmdmFService.exe -- (SmdmFService)
SRV - [2012/06/22 21:55:48 | 000,265,952 | ---- | M] () [Auto | Running] -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)
SRV - [2010/09/03 04:18:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.189\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/11/26 03:58:40 | 000,081,920 | R--- | M] () [Auto | Running] -- C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe -- (Autorun CDROM Monitor)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2014/11/22 11:29:14 | 000,779,536 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsnx.sys -- (aswSnx)
DRV - [2014/10/05 21:01:18 | 000,414,520 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsp.sys -- (aswSP)
DRV - [2014/10/03 20:58:46 | 000,192,352 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/10/03 20:58:46 | 000,057,800 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/10/03 20:58:45 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/10/03 20:58:45 | 000,055,112 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2014/10/03 20:58:45 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014/10/03 20:58:45 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2014/09/22 15:19:40 | 000,034,192 | ---- | M] (Aztec Media Inc) [Kernel | System | Running] -- C:\Program Files\Settings Manager\smdmf\smdmfmgrc2.cfg -- (F06DEFF2-5B9C-490D-910F-35D3A9119622)
DRV - [2010/08/06 14:45:28 | 000,907,496 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8192cu.sys -- (RTL8192cu)
DRV - [2009/10/13 20:00:00 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/10/13 19:59:34 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/10/13 19:59:22 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008/04/14 08:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/14 08:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 22:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2001/08/23 22:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/23 22:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/08/17 22:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}: "URL" = http://www.default-s...p={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.startn...ion=5.1-x86-SP3
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {ABD93EAF-D775-BC54-E63B-2804F22FD156}
IE - HKCU\..\SearchScopes\{04B15F68-2B31-4830-8945-3791D4C79520}: "URL" = https://ph.search.ya...p={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://ph.search.yah...p={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}: "URL" = http://www.default-s...p={searchTerms}
IE - HKCU\..\SearchScopes\{ABD93EAF-D775-BC54-E63B-2804F22FD156}: "URL" = http://search.startn...eferrer:source}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:1053;https=127.0.0.1:1053;
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "default-search.net"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.selectedEngine: "StartNow "
FF - prefs.js..browser.startup.homepage: "http://search.startn...on=5.1-x86-SP3"
FF - prefs.js..extensions.enabledAddons: %7B4D6A6C8E-1EB2-46e1-8CAA-40DAFDE3ED93%7D:1.5
FF - prefs.js..extensions.enabledAddons: %7B5911488E-9D1E-40ec-8CBB-06B231CC153F%7D:2.5.3
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:3.2.4.20140604103324
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0.5
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: [email protected]:5.4
FF - prefs.js..extensions.enabledItems: [email protected]:5.4
FF - prefs.js..extensions.enabledItems: {5911488E-9D1E-40ec-8CBB-06B231CC153F}:2.3.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.20.00
FF - prefs.js..keyword.URL: "http://search.startn...on=5.1-x86-SP3"
FF - prefs.js..browser.search.order.1: "StartNow "
FF - prefs.js..browser.search.useDBForOrder: false
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Neneng Ebarle\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2014/10/03 20:58:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/12/29 15:40:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/12/29 15:40:36 | 000,000,000 | ---D | M]
 
[2011/03/12 09:59:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Neneng Ebarle\Application Data\Mozilla\Extensions
[2015/01/08 11:20:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Neneng Ebarle\Application Data\Mozilla\Firefox\Profiles\01ba0utr.default\extensions
[2014/10/19 18:24:17 | 000,000,000 | ---D | M] (Address Bar Search) -- C:\Documents and Settings\Neneng Ebarle\Application Data\Mozilla\Firefox\Profiles\01ba0utr.default\extensions\{4D6A6C8E-1EB2-46e1-8CAA-40DAFDE3ED93}
[2012/08/20 15:43:54 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Documents and Settings\Neneng Ebarle\Application Data\Mozilla\Firefox\Profiles\01ba0utr.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2014/10/07 19:59:35 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Neneng Ebarle\Application Data\Mozilla\Firefox\Profiles\01ba0utr.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2015/01/08 11:20:34 | 000,000,000 | ---D | M] (Linkey for Firefox) -- C:\Documents and Settings\Neneng Ebarle\Application Data\Mozilla\Firefox\Profiles\01ba0utr.default\extensions\[email protected]
[2014/08/31 16:50:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Neneng Ebarle\Application Data\Mozilla\Firefox\Profiles\01ba0utr.default\extensions\[email protected]\content
[2014/08/31 16:50:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Neneng Ebarle\Application Data\Mozilla\Firefox\Profiles\01ba0utr.default\extensions\[email protected]\skin
[2011/10/02 17:33:27 | 000,001,945 | ---- | M] () -- C:\Documents and Settings\Neneng Ebarle\Application Data\Mozilla\Firefox\Profiles\01ba0utr.default\searchplugins\bing-zugo.xml
[2015/01/08 11:19:53 | 000,002,579 | ---- | M] () -- C:\Documents and Settings\Neneng Ebarle\Application Data\Mozilla\Firefox\Profiles\01ba0utr.default\searchplugins\default-search.xml
[2015/01/08 15:06:34 | 000,000,940 | ---- | M] () -- C:\Documents and Settings\Neneng Ebarle\Application Data\Mozilla\Firefox\Profiles\01ba0utr.default\searchplugins\startnow.xml
[2013/06/18 20:02:24 | 000,000,910 | ---- | M] () -- C:\Documents and Settings\Neneng Ebarle\Application Data\Mozilla\Firefox\Profiles\01ba0utr.default\searchplugins\yahoo.xml
[2014/12/24 11:00:02 | 000,008,139 | ---- | M] () -- C:\Documents and Settings\Neneng Ebarle\Application Data\Mozilla\Firefox\Profiles\01ba0utr.default\searchplugins\yahoo_ff.xml
[2014/12/29 15:40:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/12/29 15:40:27 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2014/12/29 15:40:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/12/29 15:41:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = ,
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\39.0.2171.95\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Documents and Settings\Neneng Ebarle\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: No name found = C:\Documents and Settings\Neneng Ebarle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Documents and Settings\Neneng Ebarle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fpmeembnagmagppkgghhfjfdfajdfcah\1.0.0.5_0\
CHR - Extension: No name found = C:\Documents and Settings\Neneng Ebarle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2502.149_0\
CHR - Extension: No name found = C:\Documents and Settings\Neneng Ebarle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2001/08/23 22:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll File not found
O2 - BHO: (Linkey) - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\Documents and Settings\Neneng Ebarle\Local Settings\Application Data\Linkey\IEExtension\iedll.dll (Aztec Media Inc)
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll File not found
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll File not found
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll File not found
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll File not found
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [StartNowToolbarHelper] "C:\Program Files\StartNow Toolbar\ToolbarHelper.exe" File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [StartNow Search Protect] C:\Program Files\StartNow Toolbar\search_protect.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Edimax 11n USB Wireless LAN Utility.lnk = C:\Program Files\Edimax\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.189\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 121.1.3.81 121.1.3.16 121.1.3.66
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00E2E920-3FF5-4B00-8604-B7EBE84B9962}: DhcpNameServer = 121.1.3.81 121.1.3.16 121.1.3.66
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O20 - AppInit_DLLs: (C:\DOCUME~1\NENENG~1\LOCALS~1\APPLIC~1\Linkey\IEEXTE~1\iedll.dll) - C:\Documents and Settings\Neneng Ebarle\Local Settings\Application Data\Linkey\IEExtension\iedll.dll (Aztec Media Inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Neneng Ebarle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Neneng Ebarle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/12 10:05:49 | 000,000,051 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{06d3378c-4c8e-11e0-a1cf-00e04c800192}\Shell\AutoRun\command - "" = SafeDrvll.exe
O33 - MountPoints2\{06d3378c-4c8e-11e0-a1cf-00e04c800192}\Shell\Explore\Command - "" = SafeDrvll.exe
O33 - MountPoints2\{06d3378c-4c8e-11e0-a1cf-00e04c800192}\Shell\Open\Command - "" = SafeDrvll.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: x64 - (c:\program files\settings manager\smdmf\x64\sysapcrt.dll) - c:\Program Files\Settings Manager\smdmf\x64\sysapcrt.dll ()
O36 - AppCertDlls: x86 - (C:\Program Files\Settings Manager\smdmf\sysapcrt.dll) - C:\Program Files\Settings Manager\smdmf\sysapcrt.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/01/08 12:02:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2014
[2015/01/08 11:50:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neneng Ebarle\Local Settings\Application Data\TuneUp Software
[2015/01/08 11:50:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neneng Ebarle\Application Data\TuneUp Software
[2015/01/08 11:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2014
[2015/01/08 11:41:05 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2015/01/08 11:27:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
[2015/01/08 11:26:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2015/01/08 11:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2015/01/08 11:20:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neneng Ebarle\Local Settings\Application Data\Linkey
[2015/01/08 11:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neneng Ebarle\Application Data\FirefoxToolbar
[2015/01/08 11:18:55 | 000,000,000 | ---D | C] -- C:\Program Files\Settings Manager
[2015/01/08 11:18:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\smdmf
[2015/01/08 11:13:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neneng Ebarle\Application Data\How Inc
[2015/01/08 11:12:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neneng Ebarle\My Documents
[2014/12/29 15:40:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/12/24 11:57:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neneng Ebarle\Desktop\New Folder
[2014/12/24 10:41:27 | 000,000,000 | ---D | C] -- C:\5004c7c220667a7c81
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[2 C:\Documents and Settings\Neneng Ebarle\Desktop\*.tmp files -> C:\Documents and Settings\Neneng Ebarle\Desktop\*.tmp -> ]
[1 e:\Documents and Settings\Neneng Ebarle\My Documents\*.tmp files -> e:\Documents and Settings\Neneng Ebarle\My Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/08 16:13:58 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/08 15:10:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/08 15:05:27 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2015/01/08 15:02:42 | 000,001,665 | ---- | M] () -- C:\Documents and Settings\Neneng Ebarle\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1510 series.lnk
[2015/01/08 15:02:37 | 000,000,774 | ---- | M] () -- C:\WINDOWS\tasks\RocketTab Update Task.job
[2015/01/08 15:01:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2015/01/08 15:01:25 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2015/01/08 14:59:38 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\RocketTab.job
[2015/01/08 14:59:38 | 000,000,238 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2015/01/08 14:58:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015/01/08 14:58:32 | 535,875,584 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/08 12:03:05 | 000,001,753 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
[2015/01/08 12:03:05 | 000,001,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2014.lnk
[2015/01/08 12:02:51 | 000,001,765 | ---- | M] () -- C:\Documents and Settings\Neneng Ebarle\Application Data\Microsoft\Internet Explorer\Quick Launch\TuneUp Utilities 2014.lnk
[2015/01/05 20:40:20 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2015/01/04 10:10:03 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2015/01/04 09:23:02 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2015/01/04 08:15:42 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Neneng Ebarle\Desktop\Microsoft Office Excel 2007 (2).lnk
[2015/01/04 08:13:16 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Neneng Ebarle\Desktop\Microsoft Office Word 2007.lnk
[2015/01/04 08:12:46 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Neneng Ebarle\Desktop\Microsoft Office Publisher 2007.lnk
[2015/01/04 08:07:01 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Neneng Ebarle\Desktop\Microsoft Office PowerPoint 2007.lnk
[2015/01/04 08:06:47 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Neneng Ebarle\Desktop\Microsoft Office Excel 2007.lnk
[2015/01/03 14:00:41 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2015/01/01 22:46:20 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/12/24 11:50:19 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/12/23 18:52:56 | 000,000,010 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2014/12/23 18:22:33 | 000,000,155 | ---- | M] () -- C:\WINDOWS\winamp.ini
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 e:\Documents and Settings\Neneng Ebarle\My Documents\*.tmp files -> e:\Documents and Settings\Neneng Ebarle\My Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015/01/08 12:03:05 | 000,001,753 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
[2015/01/08 12:03:04 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2014.lnk
[2015/01/08 12:02:52 | 000,001,753 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2014.lnk
[2015/01/08 12:02:47 | 000,001,765 | ---- | C] () -- C:\Documents and Settings\Neneng Ebarle\Application Data\Microsoft\Internet Explorer\Quick Launch\TuneUp Utilities 2014.lnk
[2014/10/13 09:20:46 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2014/10/03 20:59:40 | 000,024,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014/10/03 20:30:14 | 000,192,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/10/03 20:30:13 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/04/09 17:56:34 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2013/04/08 21:14:14 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2011/05/31 21:36:22 | 000,000,171 | ---- | C] () -- C:\Documents and Settings\Neneng Ebarle\Application Data\default.pls
[2011/03/12 09:53:50 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Neneng Ebarle\.rnd
[2011/03/12 06:14:33 | 000,051,200 | ---- | C] () -- C:\Documents and Settings\Neneng Ebarle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2011/03/12 00:18:30 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011/12/19 16:53:33 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 20:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 13:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011/03/11 23:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2014/10/03 20:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/05/01 20:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2015/01/08 11:26:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/04/27 18:14:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2015/01/08 16:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\smdmf
[2012/03/30 22:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2015/01/08 11:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2014/10/13 09:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2014/09/28 19:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YTD Video Downloader
[2015/01/08 11:29:19 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
[2014/10/05 16:56:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Neneng Ebarle\Application Data\AVAST Software
[2012/02/05 18:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Neneng Ebarle\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2015/01/08 11:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Neneng Ebarle\Application Data\FirefoxToolbar
[2015/01/08 15:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Neneng Ebarle\Application Data\How Inc
[2011/03/11 23:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Neneng Ebarle\Application Data\InterTrust
[2011/10/02 17:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Neneng Ebarle\Application Data\OpenCandy
[2012/08/23 15:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Neneng Ebarle\Application Data\PhotoScape
[2012/04/17 21:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Neneng Ebarle\Application Data\Rovio
[2012/08/20 15:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Neneng Ebarle\Application Data\StartNow Toolbar
[2015/01/08 11:50:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Neneng Ebarle\Application Data\TuneUp Software
[2012/10/25 14:27:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Neneng Ebarle\Application Data\Wildfire
[2012/06/21 19:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Neneng Ebarle\Application Data\wtxpcom
[2012/08/05 10:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Neneng Ebarle\Application Data\YTD
 
========== Purity Check ==========
 
 
 
< End of report >
 

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
 
Copy the text in the code box by highlighting and Ctrl + c
 
 
:OTL
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}: "URL" = http://www.default-s...p={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.startn...ion=5.1-x86-SP3
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}: "URL" = http://www.default-s...p={searchTerms}
IE - HKCU\..\SearchScopes\{ABD93EAF-D775-BC54-E63B-2804F22FD156}: "URL" = http://search.startn...eferrer:source}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:1053;https=127.0.0.1:1053;
FF - prefs.js..browser.search.defaultenginename: "default-search.net"
FF - prefs.js..browser.search.selectedEngine: "StartNow "
FF - prefs.js..browser.startup.homepage: "http://search.startn...on=5.1-x86-SP3"
FF - prefs.js..keyword.URL: "http://search.startn...on=5.1-x86-SP3"
FF - prefs.js..browser.search.order.1: "StartNow "
[2014/10/19 18:24:17 | 000,000,000 | ---D | M] (Address Bar Search) -- C:\Documents and Settings\Neneng Ebarle\Application Data\Mozilla\Firefox\Profiles\01ba0utr.default\extensions\{4D6A6C8E-1EB2-46e1-8CAA-40DAFDE3ED93}
[2012/08/20 15:43:54 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Documents and Settings\Neneng Ebarle\Application Data\Mozilla\Firefox\Profiles\01ba0utr.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2014/10/07 19:59:35 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Neneng Ebarle\Application Data\Mozilla\Firefox\Profiles\01ba0utr.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/10/02 17:33:27 | 000,001,945 | ---- | M] () -- C:\Documents and Settings\Neneng Ebarle\Application Data\Mozilla\Firefox\Profiles\01ba0utr.default\searchplugins\bing-zugo.xml
[2015/01/08 11:19:53 | 000,002,579 | ---- | M] () -- C:\Documents and Settings\Neneng Ebarle\Application Data\Mozilla\Firefox\Profiles\01ba0utr.default\searchplugins\default-search.xml
[2015/01/08 15:06:34 | 000,000,940 | ---- | M] () -- C:\Documents and Settings\Neneng Ebarle\Application Data\Mozilla\Firefox\Profiles\01ba0utr.default\searchplugins\startnow.xml
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll File not found
O2 - BHO: (Linkey) - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\Documents and Settings\Neneng Ebarle\Local Settings\Application Data\Linkey\IEExtension\iedll.dll (Aztec Media Inc)
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll File not found
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll File not found
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll File not found
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll File not found
[2015/01/08 11:20:34 | 000,000,000 | ---D | M] (Linkey for Firefox) -- C:\Documents and Settings\Neneng Ebarle\Application Data\Mozilla\Firefox\Profiles\01ba0utr.default\extensions\[email protected]
O4 - HKLM..\Run: [StartNowToolbarHelper] "C:\Program Files\StartNow Toolbar\ToolbarHelper.exe" File not found
O4 - HKCU..\Run: [StartNow Search Protect] C:\Program Files\StartNow Toolbar\search_protect.exe ()
O20 - AppInit_DLLs: (C:\DOCUME~1\NENENG~1\LOCALS~1\APPLIC~1\Linkey\IEEXTE~1\iedll.dll) - C:\Documents and Settings\Neneng Ebarle\Local Settings\Application Data\Linkey\IEExtension\iedll.dll (Aztec Media Inc)
O33 - MountPoints2\{06d3378c-4c8e-11e0-a1cf-00e04c800192}\Shell\AutoRun\command - "" = SafeDrvll.exe
O33 - MountPoints2\{06d3378c-4c8e-11e0-a1cf-00e04c800192}\Shell\Explore\Command - "" = SafeDrvll.exe
O33 - MountPoints2\{06d3378c-4c8e-11e0-a1cf-00e04c800192}\Shell\Open\Command - "" = SafeDrvll.exe
O36 - AppCertDlls: x64 - (c:\program files\settings manager\smdmf\x64\sysapcrt.dll) - c:\Program Files\Settings Manager\smdmf\x64\sysapcrt.dll ()
O36 - AppCertDlls: x86 - (C:\Program Files\Settings Manager\smdmf\sysapcrt.dll) - C:\Program Files\Settings Manager\smdmf\sysapcrt.dll ()
[2015/01/08 14:59:38 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\RocketTab.job
[2015/01/08 15:02:37 | 000,000,774 | ---- | M] () -- C:\WINDOWS\tasks\RocketTab Update Task.job
[2015/01/05 20:40:20 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2015/01/04 10:10:03 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2015/01/04 09:23:02 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2015/01/03 14:00:41 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/08/20 15:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Neneng Ebarle\Application Data\StartNow Toolbar
[2011/10/02 17:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Neneng Ebarle\Application Data\OpenCandy
 
 
:files
c:\Program Files\Settings Manager
 
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]
 
 
then Double on OTL to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply. 
 
 

 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
  •  

    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP