Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

expanding hal.dll

Started by babyfaceassassin , Feb 03 2011 03:27 PM

This topic is locked

#1
babyfaceassassin

Posted 03 February 2011 - 03:27 PM

Member

Member
56 posts

i purposely deleted my hal.dll so i can try to troubleshoot it using recovery console. i tried the recommended fixes that i have searched on the web. i try to rebuild the bootconfiguration first but it doesnt fix it. so i try to expand hal.dll to my C drive, unfortunately it says that 0 files expanded. i dont know why it cant expand. so i try to copy it instead of expanding but when i did that it that solve my problem. it doesnt show that hal.dll is missing but rather the system just hang on windows screen. can you help me to give another idea how to fix this?? and why it i can expand hal.dll but i can copy it?? thanks..

#2
JSntgRvr

Posted 03 February 2011 - 04:54 PM

Global Moderator

Global Moderator
11,579 posts

Boot to the Recovery Console with the installation CD. At the prompt type MAP and press Enter. It should give you a list of drives available. Take note of your CD_ROM drive letter, then type the following and press Enter:

Expand X:\i386\hal.dl_ C:\WINDOWS\System32\hal.dll

Where X is the letter assigned to your CD_ROM. You must type the entire line and if you notice, the last character on the source (CD) is an underscore.

Let me know the outcome.

#3
babyfaceassassin

Posted 03 February 2011 - 09:14 PM

Member

Topic Starter
Member
56 posts

Hi JSntgRvr thanks for quick reply. that is exactly what i did. to avoid confusion i'll type exactly what i did first i rebuild my bootcfg by doing this:
1. Attrib -h-r-s c:\boot.ini
2. del c:\boot.ini
3. bootcfg /rebuild
4. os idntifier where i put windows xp
5. /fastdetect
6. fixboot
when i exit to see if it fixed it but it didnt so i try to expand it.
e:\i386\hal.dl_ c:\windows\system32\hal.dll
but it say 0 files has been expanded something like that forget the exact word.
e: drive is my dvd drive.
so i try copy the hal.dl_ instead to c:
1. copy:\i386\hal.dl_ c:\windows\system32\hal.dll
it copied 1 file. maybe expand is the better or right command but it is not working saying 0 files expanded.
by the way after i copied the hal.dl_ while the pc seems going to start it just hangs on windows screen so im force to press the power button. and just restarted the pc but it hangs again and again.

#4
JSntgRvr

Posted 03 February 2011 - 09:35 PM

Global Moderator

Global Moderator
11,579 posts

You are using the wrong syntax. If your Installation CD is in the DVD drive (e: ), then the syntax should be:

Expand E:\i386\hal.dl_ C:\WINDOWS\System32\hal.dll

#5
babyfaceassassin

Posted 03 February 2011 - 10:19 PM

Member

Topic Starter
Member
56 posts

my apologies. i put expand to it. what you want me to put is the exact thing i already typed.
expand e:\i386\hal.dl_ c:\windows\system32\hal.dll. but it cant expand saying 0 files expanded

#6
JSntgRvr

Posted 03 February 2011 - 10:47 PM

Global Moderator

Global Moderator
11,579 posts

Since you use the Copy command, lets first delete the file you copied and then expand a copy of it:

Del C:\WINDOWS\System32\hal.dll
Expand E:\i386\hal.dl_ C:\WINDOWS\System32\hal.dll

Leave a space between the underscore and C:\. If successful Type Exit to restart the computer.

#7
babyfaceassassin

Posted 03 February 2011 - 11:20 PM

Member

Topic Starter
Member
56 posts

i delete and then expand it but it say unable to expand hal.dll
0 files expanded

#8
JSntgRvr

Posted 04 February 2011 - 01:09 AM

Global Moderator

Global Moderator
11,579 posts

Lets give this a try throughout an External Environment, which simply means you will need to burn a boot CD with especial tools. You will also need a flash drive to move information from the troubled computer to a working computer. It is the only way we can see the progress of our actions. Save these instructions in your flash drive as a text file (use notepad) so you can have access to these while in an external environment (PE).

Here is what you need to do.

Download OTLPEStd.exe to your desktop. NOTE: This file is 93.5MB in size so it may take some time to download.
Once downloaded, insert a blank CD in your burner and click on OTLPEStd.exe.The executable includes the OTLPE_New_Std.iso and a copy of imgburn, a program to burn .iso files. When executed, the application will extract both and start the burning process automatically.
Once the CD is burned, boot the Non working computer using the boot CD you just created.
In order to do so, the computer must be set to boot from the CD first
Note : For information click here
Your system should now display a REATOGO-X-PE desktop.
Double-click on the OTLPE icon.
When asked "Do you wish to load the remote registry", select Yes
When asked "Do you wish to load remote user profile(s) for scanning", select Yes
Ensure the box "Automatically Load All Remaining Users" is checked and press OK
OTL should now start. Change the following settings
- Change Drivers to All
- Change Standard Registry to All
- Under the Custom Scan box paste this in
  
  /md5start
  hal.dll
  /md5stop
Press Run Scan to start the scan.
When finished, the file will be saved in drive C:\OTL.txt
Copy this file to your USB drive.
Please post the contents of the C:\OTL.txt file in your reply.

#9
babyfaceassassin

Posted 04 February 2011 - 03:05 AM

Member

Topic Starter
Member
56 posts

hi here is the log:

OTL logfile created on: 2/4/2011 4:52:48 PM - Run
OTLPE by OldTimer - Version 3.1.44.2 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 83.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.24 Gb Total Space | 24.85 Gb Free Space | 47.57% Space Free | Partition Type: FAT32
Drive X: | 284.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [Disabled] -- -- (HidServ)
SRV - [2010/11/25 09:49:46 | 000,517,448 | ---- | M] () [On_Demand] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/11/23 13:34:14 | 006,128,208 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/09/28 14:02:58 | 000,220,128 | ---- | M] () [Auto] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService)
SRV - [2010/08/18 19:33:54 | 000,008,704 | ---- | M] (Vodafone) [Auto] -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005/11/28 11:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2005/11/28 11:29:00 | 000,114,753 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2005/11/28 11:28:14 | 000,217,164 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2005/10/24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) [Auto] -- C:\Acer\Empowering Technology\admServ.exe -- (AWService)

========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | System] -- -- (tqrwfmjc)
DRV - File not found [Kernel | Disabled] -- -- (Simbad)
DRV - File not found [Kernel | System] -- -- (qhekepep)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (OsaFsLoc)
DRV - File not found [Kernel | Boot] -- -- (lugva)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (jmbvdeas)
DRV - File not found [Kernel | Boot] -- -- (gennrrsj)
DRV - File not found [Kernel | On_Demand] -- -- (FreshIO)
DRV - File not found [Kernel | On_Demand] -- -- (EraserUtilRebootDrv)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | System] -- -- (bqaunrca)
DRV - File not found [File_System | Disabled] -- -- (Avgrkx86)
DRV - File not found [Kernel | Disabled] -- -- (AVGIDSShim)
DRV - File not found [Kernel | Disabled] -- -- (AVGIDSFilter)
DRV - File not found [Kernel | Disabled] -- -- (AVGIDSDriver)
DRV - File not found [Kernel | Disabled] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled] -- -- (Abiosdsk)
DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/11/09 14:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/11/02 23:17:02 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2010/09/28 15:44:52 | 000,041,984 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2010/09/28 14:03:22 | 000,015,328 | ---- | M] (Macrium Software) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pssnap.sys -- (pssnap)
DRV - [2010/09/22 03:17:28 | 000,021,275 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2010/09/13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/08/26 21:39:50 | 000,357,248 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2010/08/11 11:44:02 | 000,114,688 | R--- | M] (ZTE Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2010/08/11 11:44:02 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2010/08/11 11:44:02 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/08/11 11:44:02 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/08/11 11:44:02 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/08/11 11:44:02 | 000,009,216 | R--- | M] (MBB Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2010/07/15 08:44:20 | 000,013,192 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 08:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/07/12 04:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/07/09 13:18:56 | 000,020,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\cpuz134_x32.sys -- (cpuz134)
DRV - [2010/05/20 14:40:26 | 000,080,000 | ---- | M] (Vodafone) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vodafone_K380x-z_dc_enum.sys -- (vodafone_K380x-z_dc_enum)
DRV - [2010/02/24 21:11:08 | 000,455,680 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2009/10/21 00:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/07/14 10:35:16 | 000,444,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000)
DRV - [2009/06/24 19:18:42 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2009/05/18 13:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/08/14 18:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2008/06/20 19:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/06/13 19:05:52 | 000,272,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bthport.sys -- (BTHPORT)
DRV - [2008/04/14 08:13:22 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2008/04/14 08:13:22 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/14 08:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/14 08:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/14 03:28:40 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2008/04/14 03:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/14 03:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/04/14 03:20:38 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/14 03:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2008/04/14 03:19:44 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2008/04/14 03:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/04/14 03:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/04/14 03:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2008/04/14 03:17:06 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup)
DRV - [2008/04/14 03:15:56 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2008/04/14 03:15:54 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/04/14 03:15:46 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\serial.sys -- (Serial)
DRV - [2008/04/14 03:14:30 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/14 03:14:22 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/14 03:00:20 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem)
DRV - [2008/04/14 02:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/14 02:57:28 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/14 02:57:28 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2008/04/14 02:57:22 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/04/14 02:57:16 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/14 02:57:08 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2008/04/14 02:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2008/04/14 02:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2008/04/14 02:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/04/14 02:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/14 02:54:36 | 000,088,192 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\irda.sys -- (irda)
DRV - [2008/04/14 02:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/14 02:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2008/04/14 02:51:34 | 000,101,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bthpan.sys -- (BthPan) Bluetooth Device (Personal Area Network)
DRV - [2008/04/14 02:51:26 | 000,061,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nic1394.sys -- (NIC1394)
DRV - [2008/04/14 02:51:26 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\arp1394.sys -- (Arp1394)
DRV - [2008/04/14 02:51:26 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/14 02:47:38 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbprint.sys -- (usbprint)
DRV - [2008/04/14 02:46:34 | 000,017,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BthEnum.sys -- (BthEnum)
DRV - [2008/04/14 02:46:32 | 000,059,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rfcomm.sys -- (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI)
DRV - [2008/04/14 02:46:30 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bthusb.sys -- (BTHUSB)
DRV - [2008/04/14 02:46:18 | 000,061,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ohci1394.sys -- (ohci1394)
DRV - [2008/04/14 02:45:40 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2008/04/14 02:45:38 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2008/04/14 02:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (USBSTOR)
DRV - [2008/04/14 02:45:36 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2008/04/14 02:45:36 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/04/14 02:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan)
DRV - [2008/04/14 02:45:28 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb)
DRV - [2008/04/14 02:45:14 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/04/14 02:45:10 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2008/04/14 02:45:10 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2008/04/14 02:45:08 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/14 02:45:02 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DMusic.sys -- (DMusic)
DRV - [2008/04/14 02:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/14 02:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/14 02:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/14 02:41:22 | 000,018,560 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\i2omp.sys -- (i2omp)
DRV - [2008/04/14 02:41:22 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\i2omgmt.sys -- (i2omgmt)
DRV - [2008/04/14 02:41:02 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/14 02:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2008/04/14 02:40:50 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/14 02:40:48 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2008/04/14 02:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/14 02:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2008/04/14 02:40:32 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\viaide.sys -- (ViaIde)
DRV - [2008/04/14 02:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2008/04/14 02:40:30 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\intelide.sys -- (IntelIde)
DRV - [2008/04/14 02:40:28 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/14 02:40:26 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\fdc.sys -- (Fdc)
DRV - [2008/04/14 02:40:26 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/14 02:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\parport.sys -- (Parport)
DRV - [2008/04/14 02:39:54 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2008/04/14 02:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/04/14 02:39:52 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/04/14 02:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/04/14 02:39:48 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/14 02:39:48 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008/04/14 02:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2008/04/14 02:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/14 02:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\sr.sys -- (sr)
DRV - [2008/04/14 02:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/04/14 02:36:44 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/14 02:36:44 | 000,079,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus)
DRV - [2008/04/14 02:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI)
DRV - [2008/04/14 02:36:42 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/04/14 02:36:40 | 000,044,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\agpcpq.sys -- (agpCPQ)
DRV - [2008/04/14 02:36:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp)
DRV - [2008/04/14 02:36:40 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\viaagp.sys -- (viaagp)
DRV - [2008/04/14 02:36:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp)
DRV - [2008/04/14 02:36:38 | 000,042,752 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\alim1541.sys -- (alim1541)
DRV - [2008/04/14 02:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\agp440.sys -- (agp440)
DRV - [2008/04/14 02:36:38 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CmBatt.sys -- (CmBatt)
DRV - [2008/04/14 02:36:38 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\compbatt.sys -- (Compbatt)
DRV - [2008/04/14 02:36:38 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2008/04/14 02:36:36 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2008/04/14 02:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips)
DRV - [2008/04/14 02:33:00 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\fltMgr.sys -- (FltMgr)
DRV - [2008/04/14 02:32:52 | 000,196,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/04/14 02:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/14 02:32:40 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/14 02:32:40 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/14 02:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/14 02:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/04/14 00:39:24 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2008/04/14 00:39:16 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/14 00:36:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2006/09/24 21:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/08/18 22:40:50 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2006/06/28 16:25:24 | 004,304,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/06/16 19:17:38 | 000,074,752 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/06/16 19:17:38 | 000,040,064 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/06/16 19:17:36 | 000,061,056 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/04/03 12:17:24 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2006/03/23 12:47:06 | 001,166,972 | R--- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2006/03/03 12:52:30 | 000,192,672 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/01/23 12:41:42 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2006/01/23 12:41:04 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2006/01/23 12:41:04 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2005/11/28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/10/31 14:17:00 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/10/31 14:16:00 | 000,046,080 | ---- | M] (SMSC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2005/10/24 10:20:52 | 000,218,496 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/18 16:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/18 16:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/10/05 15:57:08 | 000,012,544 | ---- | M] (Conexant) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/09/13 15:34:40 | 000,004,392 | ---- | M] (OSA Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NdisFilt.sys -- (NdisFilt)
DRV - [2005/06/30 16:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\OSAIO.SYS -- (osaio)
DRV - [2005/05/12 18:54:10 | 000,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20)
DRV - [2005/05/02 12:13:42 | 000,009,600 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETMNT.sys -- (NETMNT)
DRV - [2005/01/14 15:57:16 | 000,004,010 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2004/12/17 17:14:44 | 000,013,952 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2004/12/08 14:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2004/08/10 20:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/10 20:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2004/08/10 20:00:00 | 000,101,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2004/08/10 20:00:00 | 000,056,960 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aic78xx.sys -- (aic78xx)
DRV - [2004/08/10 20:00:00 | 000,055,168 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aic78u2.sys -- (aic78u2)
DRV - [2004/08/10 20:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280)
DRV - [2004/08/10 20:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160)
DRV - [2004/08/10 20:00:00 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1240.sys -- (ql1240)
DRV - [2004/08/10 20:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080)
DRV - [2004/08/10 20:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra)
DRV - [2004/08/10 20:00:00 | 000,033,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql10wnt.sys -- (Ql10wnt)
DRV - [2004/08/10 20:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2004/08/10 20:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx)
DRV - [2004/08/10 20:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2004/08/10 20:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3)
DRV - [2004/08/10 20:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi)
DRV - [2004/08/10 20:00:00 | 000,027,296 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\perc2.sys -- (perc2)
DRV - [2004/08/10 20:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc.sys -- (asc)
DRV - [2004/08/10 20:00:00 | 000,025,952 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\hpn.sys -- (hpn)
DRV - [2004/08/10 20:00:00 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ABP480N5.SYS -- (abp480n5)
DRV - [2004/08/10 20:00:00 | 000,022,400 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc3350p.sys -- (asc3350p)
DRV - [2004/08/10 20:00:00 | 000,020,192 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dpti2o.sys -- (dpti2o)
DRV - [2004/08/10 20:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow)
DRV - [2004/08/10 20:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2004/08/10 20:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/10 20:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x)
DRV - [2004/08/10 20:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2004/08/10 20:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810)
DRV - [2004/08/10 20:00:00 | 000,016,000 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ini910u.sys -- (ini910u)
DRV - [2004/08/10 20:00:00 | 000,014,976 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\cpqarray.sys -- (Cpqarray)
DRV - [2004/08/10 20:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550)
DRV - [2004/08/10 20:00:00 | 000,014,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dac960nt.sys -- (dac960nt)
DRV - [2004/08/10 20:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004/08/10 20:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf)
DRV - [2004/08/10 20:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aha154x.sys -- (Aha154x)
DRV - [2004/08/10 20:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2004/08/10 20:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\amsint.sys -- (amsint)
DRV - [2004/08/10 20:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2004/08/10 20:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2004/08/10 20:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\System32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2004/08/10 20:00:00 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\cd20xrnt.sys -- (cd20xrnt)
DRV - [2004/08/10 20:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2004/08/10 20:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde)
DRV - [2004/08/10 20:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2004/08/10 20:00:00 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\perc2hib.sys -- (perc2hib)
DRV - [2004/08/10 20:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde)
DRV - [2004/08/10 20:00:00 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\toside.sys -- (TosIde)
DRV - [2004/08/10 20:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2004/08/10 20:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2004/08/10 20:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep)
DRV - [2004/08/10 20:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde)
DRV - [2004/08/10 20:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\null.sys -- (Null)
DRV - [2004/08/10 20:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\System32\winsock.dll -- (Winsock)
DRV - [2004/08/10 03:45:04 | 000,011,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mhndrv.sys -- (MHNDRV)
DRV - [2001/08/17 13:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
DRV - [2001/08/17 13:51:32 | 000,019,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rasirda.sys -- (Rasirda) WAN Miniport (IrDA)
DRV - [2001/08/17 13:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [1996/04/04 03:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sg.yahoo.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKU\Administrator_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKU\drogba_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\drogba_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\drogba_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com/
IE - HKU\drogba_ON_C\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\drogba_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\drogba_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\drogba_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\drogba_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\lia_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\lia_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://sg.rd.yahoo.c...://sg.yahoo.com
IE - HKU\lia_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
IE - HKU\lia_ON_C\Software\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKU\lia_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\lia_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage

FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/11/07 16:05:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/11/04 23:16:34 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010/12/03 17:37:30 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\Administrator_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\drogba_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\drogba_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\drogba_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\drogba_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\drogba_ON_C\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKU\drogba_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\drogba_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\lia_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\lia_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\lia_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKU\drogba_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\drogba_ON_C..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\drogba_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\lia_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\lia_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] File not found
O4 - Startup: C:\Documents and Settings\drogba\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\drogba_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\lia_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/18 22:41:54 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/16 17:48:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\drogba\Application Data\Toolbar4
[2011/01/16 17:48:33 | 000,000,000 | ---D | C] -- C:\Program Files\HyperCam Toolbar
[2011/01/16 17:48:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\drogba\Start Menu\Programs\HyperCam 2
[2011/01/16 17:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\HyCam2
[2011/01/16 17:11:18 | 006,113,439 | ---- | C] (InstallShield Software Corporation) -- C:\Documents and Settings\drogba\My Documents\pci_filerecovery.exe
[2011/01/16 17:07:37 | 000,516,784 | R--- | C] (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com) -- C:\WINDOWS\System32\XceedCry.dll
[2011/01/16 17:07:37 | 000,217,088 | ---- | C] (Dart Communications) -- C:\WINDOWS\System32\DartSock.dll
[2011/01/16 17:07:37 | 000,140,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMDLG32.OCX
[2011/01/16 17:07:37 | 000,118,784 | ---- | C] (Dart Communications) -- C:\WINDOWS\System32\DartWeb.dll
[2011/01/16 17:07:37 | 000,000,000 | ---D | C] -- C:\Program Files\Convar
[2011/01/16 17:07:36 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB5DB.DLL
[2011/01/16 17:06:27 | 006,383,200 | ---- | C] (InstallShield Software Corporation) -- C:\Documents and Settings\drogba\My Documents\pci_us_smartrecovery.exe
[2011/01/16 16:08:32 | 001,755,648 | ---- | C] (Budy Setiawan Kusumah) -- C:\Documents and Settings\drogba\Desktop\dd.exe
[2011/01/16 07:00:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\drogba\My Documents\double_driver_4.1.0_portable
[2011/01/16 06:39:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\drogba\My Documents\ProcessExplorer
[2011/01/16 05:51:55 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2011/01/14 21:02:18 | 002,291,568 | ---- | C] (Beepa Pty Ltd) -- C:\Documents and Settings\drogba\My Documents\setupfraps.exe
[2011/01/14 16:58:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/01/14 16:57:26 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/01/14 16:56:12 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\drogba\My Documents\erunt-setup.exe
[2011/01/10 22:57:47 | 000,000,000 | ---D | C] -- C:\Program Files\CD-DVD-BlueRay Recovery
[2011/01/10 22:55:38 | 000,579,254 | ---- | C] (Martik Panosian ) -- C:\Documents and Settings\drogba\My Documents\CD-DVD-BlueRay Recovery Installer.exe
[2011/01/09 23:12:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\drogba\My Documents\Autoruns
[2011/01/08 03:25:03 | 010,696,968 | ---- | C] (Lavalys, Inc. ) -- C:\Documents and Settings\drogba\My Documents\everestcorporate550.exe
[2011/01/08 02:26:00 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2011/01/08 02:22:36 | 002,411,456 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\drogba\My Documents\rcsetup139.exe
[2011/01/07 19:26:27 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2011/01/06 19:09:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\drogba\Application Data\Apple Computer
[2011/01/06 19:09:07 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2011/01/06 19:08:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/01/06 19:08:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/01/06 19:07:43 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/01/06 19:07:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\drogba\Local Settings\Application Data\Apple
[2011/01/06 19:07:31 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/01/06 19:07:12 | 004,184,352 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2011/01/06 19:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/01/06 19:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/01/06 18:58:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\drogba\Local Settings\Application Data\Apple Computer
[2011/01/06 18:57:40 | 081,876,264 | ---- | C] (Apple Inc.) -- C:\Documents and Settings\drogba\My Documents\iTunesSetup.exe
[2011/01/06 06:10:27 | 000,013,568 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\s24trans.sys
[2011/01/06 06:10:27 | 000,004,010 | ---- | C] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\osanbm.sys
[2011/01/06 06:10:23 | 000,032,512 | ---- | C] (CACE Technologies) -- C:\WINDOWS\System32\drivers\npf.sys
[2011/01/06 06:10:23 | 000,006,144 | ---- | C] (NewTech Infosystems, Inc.) -- C:\WINDOWS\System32\drivers\NTIDrvr.sys
[2011/01/06 06:09:28 | 000,078,208 | ---- | C] (Acer Value Labs, USA) -- C:\WINDOWS\System32\drivers\epm-shd.sys
[2011/01/06 06:09:28 | 000,004,096 | ---- | C] (Acer Value Labs, USA) -- C:\WINDOWS\System32\drivers\epm-psd.sys
[2011/01/06 02:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\Memory Games 5
[2011/01/06 02:24:09 | 000,696,346 | ---- | C] (www.5-games.com ) -- C:\Documents and Settings\drogba\My Documents\5-games-setup.exe
[2011/01/06 01:23:38 | 000,004,392 | ---- | C] (OSA Technologies) -- C:\WINDOWS\System32\drivers\NdisFilt.sys
[2011/01/05 22:25:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\drogba\Desktop\unsigned drivery
[2010/09/30 18:07:16 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczserv.dll
[2010/09/30 18:07:16 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczusb1.dll
[2010/09/30 18:07:16 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczhbn3.dll
[2010/09/30 18:07:16 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczpmui.dll
[2010/09/30 18:07:16 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczlmpm.dll
[2010/09/30 18:07:16 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczinpa.dll
[2010/09/30 18:07:16 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcziesc.dll
[2010/09/30 18:07:16 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXCZhcp.dll
[2010/09/30 18:07:16 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczprox.dll
[2010/09/30 18:07:16 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczpplc.dll
[2010/09/30 18:07:15 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczcomc.dll
[2010/09/30 18:07:15 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczcomm.dll
[49 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/04 13:12:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/04 13:12:22 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2011/02/04 13:08:08 | 1600,245,760 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/03 22:53:42 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/17 21:44:18 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\drogba\Desktop\Macrium Reflect.lnk
[2011/01/17 18:26:40 | 038,871,410 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\clip0007.avi
[2011/01/17 18:25:22 | 052,050,750 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\clip0006.avi
[2011/01/17 18:24:18 | 017,498,208 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\clip0005.avi
[2011/01/16 17:55:06 | 040,566,740 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\clip0004.avi
[2011/01/16 17:53:56 | 014,089,494 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\clip0003.avi
[2011/01/16 17:52:24 | 010,970,844 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\clip0002.avi
[2011/01/16 17:51:20 | 015,774,906 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\clip0001.avi
[2011/01/16 17:46:42 | 002,576,256 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\HC2Setup.exe
[2011/01/16 17:11:20 | 006,113,439 | ---- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\drogba\My Documents\pci_filerecovery.exe
[2011/01/16 17:06:28 | 006,383,200 | ---- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\drogba\My Documents\pci_us_smartrecovery.exe
[2011/01/16 17:00:44 | 001,554,889 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\CDCheckSetup.exe
[2011/01/16 06:57:58 | 002,165,485 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\double_driver_4.1.0_portable.zip
[2011/01/16 06:38:14 | 001,843,055 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\ProcessExplorer.zip
[2011/01/16 05:51:58 | 000,001,674 | ---- | M] () -- C:\Documents and Settings\drogba\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2011/01/16 05:48:42 | 002,373,128 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\belarcadvisor.exe
[2011/01/15 04:23:10 | 003,267,488 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\PandoraRecovery2.1.1Setup.exe
[2011/01/14 21:02:16 | 002,291,568 | ---- | M] (Beepa Pty Ltd) -- C:\Documents and Settings\drogba\My Documents\setupfraps.exe
[2011/01/14 20:39:44 | 000,000,991 | -H-- | M] () -- C:\WINDOWS\EPMBatch.ept
[2011/01/14 16:57:34 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\drogba\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/01/14 16:57:30 | 000,000,500 | ---- | M] () -- C:\Documents and Settings\drogba\Desktop\ERUNT.lnk
[2011/01/14 16:56:22 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\drogba\My Documents\erunt-setup.exe
[2011/01/13 20:07:06 | 000,455,024 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/10 22:55:40 | 000,579,254 | ---- | M] (Martik Panosian ) -- C:\Documents and Settings\drogba\My Documents\CD-DVD-BlueRay Recovery Installer.exe
[2011/01/09 23:17:18 | 000,000,564 | ---- | M] () -- C:\Documents and Settings\drogba\Desktop\Shortcut to autoruns.lnk
[2011/01/09 23:09:34 | 000,620,465 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\Autoruns.zip
[2011/01/08 03:25:02 | 010,696,968 | ---- | M] (Lavalys, Inc. ) -- C:\Documents and Settings\drogba\My Documents\everestcorporate550.exe
[2011/01/08 02:22:50 | 002,411,456 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\drogba\My Documents\rcsetup139.exe
[2011/01/07 19:26:30 | 000,000,590 | ---- | M] () -- C:\Documents and Settings\drogba\Desktop\SpeedFan.lnk
[2011/01/07 19:26:28 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2011/01/07 19:26:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\drogba\Desktop\initdebug.nfo
[2011/01/07 19:24:46 | 001,975,752 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\installspeedfan442.exe
[2011/01/06 18:57:42 | 081,876,264 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\drogba\My Documents\iTunesSetup.exe
[2011/01/06 02:24:10 | 000,696,346 | ---- | M] (www.5-games.com ) -- C:\Documents and Settings\drogba\My Documents\5-games-setup.exe
[49 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/17 18:25:57 | 038,871,410 | ---- | C] () -- C:\Documents and Settings\drogba\My Documents\clip0007.avi
[2011/01/17 18:24:37 | 052,050,750 | ---- | C] () -- C:\Documents and Settings\drogba\My Documents\clip0006.avi
[2011/01/17 18:23:51 | 017,498,208 | ---- | C] () -- C:\Documents and Settings\drogba\My Documents\clip0005.avi
[2011/01/16 17:54:29 | 040,566,740 | ---- | C] () -- C:\Documents and Settings\drogba\My Documents\clip0004.avi
[2011/01/16 17:53:29 | 014,089,494 | ---- | C] () -- C:\Documents and Settings\drogba\My Documents\clip0003.avi
[2011/01/16 17:51:56 | 010,970,844 | ---- | C] () -- C:\Documents and Settings\drogba\My Documents\clip0002.avi
[2011/01/16 17:50:35 | 015,774,906 | ---- | C] () -- C:\Documents and Settings\drogba\My Documents\clip0001.avi
[2011/01/16 17:46:31 | 002,576,256 | ---- | C] () -- C:\Documents and Settings\drogba\My Documents\HC2Setup.exe
[2011/01/16 17:07:37 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2011/01/16 17:07:37 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\DartWeb.oca
[2011/01/16 17:00:36 | 001,554,889 | ---- | C] () -- C:\Documents and Settings\drogba\My Documents\CDCheckSetup.exe
[2011/01/16 06:57:56 | 002,165,485 | ---- | C] () -- C:\Documents and Settings\drogba\My Documents\double_driver_4.1.0_portable.zip
[2011/01/16 06:38:13 | 001,843,055 | ---- | C] () -- C:\Documents and Settings\drogba\My Documents\ProcessExplorer.zip
[2011/01/16 05:51:57 | 000,001,674 | ---- | C] () -- C:\Documents and Settings\drogba\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2011/01/16 05:51:55 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2011/01/16 05:48:41 | 002,373,128 | ---- | C] () -- C:\Documents and Settings\drogba\My Documents\belarcadvisor.exe
[2011/01/14 20:40:47 | 1600,245,760 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/14 20:32:57 | 000,000,991 | -H-- | C] () -- C:\WINDOWS\EPMBatch.ept
[2011/01/14 16:57:32 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\drogba\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/01/14 16:57:29 | 000,000,500 | ---- | C] () -- C:\Documents and Settings\drogba\Desktop\ERUNT.lnk
[2011/01/09 23:17:17 | 000,000,564 | ---- | C] () -- C:\Documents and Settings\drogba\Desktop\Shortcut to autoruns.lnk
[2011/01/09 23:09:31 | 000,620,465 | ---- | C] () -- C:\Documents and Settings\drogba\My Documents\Autoruns.zip
[2011/01/07 19:26:28 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\drogba\Desktop\SpeedFan.lnk
[2011/01/07 19:26:26 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2011/01/07 19:26:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\drogba\Desktop\initdebug.nfo
[2011/01/07 19:24:40 | 001,975,752 | ---- | C] () -- C:\Documents and Settings\drogba\My Documents\installspeedfan442.exe
[2011/01/06 06:10:27 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2011/01/06 06:10:27 | 000,001,038 | ---- | C] () -- C:\WINDOWS\System32\drivers\tzflybll.dat
[2011/01/06 06:10:23 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys
[2011/01/06 06:09:28 | 000,001,038 | ---- | C] () -- C:\WINDOWS\System32\drivers\hhofgrph.dat
[2011/01/06 06:09:28 | 000,001,038 | ---- | C] () -- C:\WINDOWS\System32\drivers\hbzymspx.dat
[2011/01/06 06:09:28 | 000,001,038 | ---- | C] () -- C:\WINDOWS\System32\drivers\gzzfmpte.dat
[2011/01/06 06:09:28 | 000,001,038 | ---- | C] () -- C:\WINDOWS\System32\drivers\brskxfge.dat
[2010/12/20 05:26:41 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010/12/20 05:26:40 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010/12/20 05:26:40 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/11/30 04:04:23 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\lia\Local Settings\Application Data\fusioncache.dat
[2010/11/29 00:12:52 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2010/11/13 00:20:05 | 000,455,024 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/30 13:44:34 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\drogba\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/27 14:32:44 | 000,000,493 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2010/10/24 22:11:31 | 000,000,270 | ---- | C] () -- C:\WINDOWS\System32\lxczcoin.ini
[2010/09/30 18:07:41 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxczvs.dll
[2010/09/30 18:07:31 | 000,039,899 | ---- | C] () -- C:\WINDOWS\System32\rtsicis.ini
[2010/09/30 18:07:30 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv7.dll
[2010/09/30 18:07:30 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv6.dll
[2010/09/30 18:07:30 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv5.dll
[2010/09/30 18:07:30 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv4.dll
[2010/09/30 18:07:16 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\LXCZinst.dll
[2010/09/30 11:52:47 | 000,000,076 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2010/09/30 11:52:46 | 000,000,335 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2010/09/22 03:20:37 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
[2010/09/22 03:20:37 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SC_res.dll
[2010/09/22 03:20:37 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EN_res.dll
[2010/09/22 03:20:37 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TC_res.dll
[2010/09/22 03:20:37 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\MSNChatHook.dll
[2010/09/22 03:17:48 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2010/09/22 03:12:33 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll
[2010/09/22 03:11:56 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\drogba\Local Settings\Application Data\fusioncache.dat
[2006/08/19 08:21:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/18 22:42:20 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2006/08/18 22:40:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2006/08/18 22:40:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2006/08/18 22:40:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2006/08/18 22:40:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2006/08/18 22:08:14 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2006/08/18 21:54:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/06/16 19:17:32 | 000,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll
[2005/12/14 20:59:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/10/26 14:59:46 | 000,037,706 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/05 14:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/28 15:45:26 | 000,000,081 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2004/08/10 20:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/12/29 20:45:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ServiceControl.dll
[2001/12/26 16:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1996/04/04 03:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2006/08/18 22:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Acer
[2006/08/18 22:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\drogba\Application Data\Acer
[2010/10/26 17:04:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\drogba\Application Data\OpenCandy
[2010/11/23 21:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\drogba\Application Data\Canon
[2010/11/24 15:25:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\drogba\Application Data\AVG10
[2010/12/17 07:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\drogba\Application Data\InfraRecorder
[2010/12/18 18:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\drogba\Application Data\ImgBurn
[2010/12/25 00:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\drogba\Application Data\Vodafone
[2011/01/01 05:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\drogba\Application Data\Aventail
[2011/01/03 15:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\drogba\Application Data\PandoraRecovery
[2011/01/16 17:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\drogba\Application Data\Toolbar4
[2006/08/18 22:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lia\Application Data\Acer
[2010/11/30 04:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lia\Application Data\AVG10
[2010/12/29 04:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lia\Application Data\Vodafone
[2010/12/16 02:45:58 | 000,000,512 | ---- | M] () -- C:\WINDOWS\Tasks\pota.job
[2010/12/16 03:55:34 | 000,000,758 | ---- | M] () -- C:\WINDOWS\Tasks\buradoka.job
[2010/12/16 04:31:22 | 000,000,742 | ---- | M] () -- C:\WINDOWS\Tasks\fd.job
[2011/01/03 02:25:02 | 000,000,714 | ---- | M] () -- C:\WINDOWS\Tasks\drogis.job

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: HAL.DLL >
[2004/08/10 20:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\I386\sp2.cab:hal.dll
[2010/12/29 19:57:28 | 023,852,652 | ---- | M] () .cab file -- C:\I386\sp3.cab:hal.dll
[2004/08/10 20:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2010/12/29 19:57:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008/04/14 02:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\HAL.DLL
[2008/04/14 02:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2005/09/28 16:35:26 | 000,134,272 | ---- | M] (Microsoft Corporation) MD5=A3961B9456DE472D2F152C9DE950FFA5 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
[2004/08/10 20:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtUninstallKB896256$\hal.dll
< End of report >

#10
JSntgRvr

Posted 04 February 2011 - 07:54 AM

Global Moderator

Global Moderator
11,579 posts

Download the enclosed file [attachment=47630:Fix.txt] and save it in the USB drive. It is a text file, Fix.txt.

Boot to the OTLPE CD
Please double-click OTLPE.exe to run it as you did before.
Once on OTLPE double click on the Custom Scans window. You will be asked if you want to load a file. Select Yes
Select the Fix.txt in the USB drive. Its contents will be displayed in the window.
Click the red Run Fix button.
A report will be produced and saved in the C:\_OTL\MovedFiles folder in the form of Date_Time.log. Open that report and post its contents in a reply.

If the fix successfully replaced the files, attempt to restart in Normal Mode.

Keep me posted.

#11
babyfaceassassin

Posted 04 February 2011 - 11:40 AM

Member

Topic Starter
Member
56 posts

it successfully moved the hal.dll but when i reboot hal.dll is still missing
C:\WINDOWS\HAL.DLL moved successfully.
File C:\Windows\System32\hall.dll successfully replaced with C:\WINDOWS\ServicePackFiles\i386\hal.dll

OTLPE by OldTimer - Version 3.1.44.2 log created on 02042011_225131

#12
JSntgRvr

Posted 04 February 2011 - 12:02 PM

Global Moderator

Global Moderator
11,579 posts

Download the enclosed file [attachment=47632:Scan.txt] and save it in the USB drive. It is a text file, Scan.txt.

Boot to the OTLPE CD
Please double-click OTLPE.exe to run it as you did before.
Once on OTLPE double click on the Custom Scans window. You will be asked if you want to load a file. Select Yes
Select the Scan.txt in the USB drive. Its contents will be displayed in the window.
Press Run Scan to start the scan.
When finished, the file will be saved in drive C:\OTL.txt. Open that report and post its contents in a reply.

#13
babyfaceassassin

Posted 04 February 2011 - 01:14 PM

Member

Topic Starter
Member
56 posts

it still has missing hal.dll after that scan. here is the log
OTL logfile created on: 2/5/2011 2:37:39 AM - Run
OTLPE by OldTimer - Version 3.1.44.2 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 83.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.24 Gb Total Space | 24.85 Gb Free Space | 47.57% Space Free | Partition Type: FAT32
Drive D: | 1.86 Gb Total Space | 1.81 Gb Free Space | 97.25% Space Free | Partition Type: FAT
Drive X: | 284.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [Disabled] -- -- (HidServ)
SRV - [2010/11/25 09:49:46 | 000,517,448 | ---- | M] () [On_Demand] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/11/23 13:34:14 | 006,128,208 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/09/28 14:02:58 | 000,220,128 | ---- | M] () [Auto] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService)
SRV - [2010/08/18 19:33:54 | 000,008,704 | ---- | M] (Vodafone) [Auto] -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005/11/28 11:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2005/11/28 11:29:00 | 000,114,753 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2005/11/28 11:28:14 | 000,217,164 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2005/10/24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) [Auto] -- C:\Acer\Empowering Technology\admServ.exe -- (AWService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | System] -- -- (tqrwfmjc)
DRV - File not found [Kernel | System] -- -- (qhekepep)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (OsaFsLoc)
DRV - File not found [Kernel | Boot] -- -- (lugva)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (jmbvdeas)
DRV - File not found [Kernel | Boot] -- -- (gennrrsj)
DRV - File not found [Kernel | On_Demand] -- -- (FreshIO)
DRV - File not found [Kernel | On_Demand] -- -- (EraserUtilRebootDrv)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | System] -- -- (bqaunrca)
DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/11/09 14:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/09/28 14:03:22 | 000,015,328 | ---- | M] (Macrium Software) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pssnap.sys -- (pssnap)
DRV - [2010/09/13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/08/11 11:44:02 | 000,114,688 | R--- | M] (ZTE Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2010/08/11 11:44:02 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2010/08/11 11:44:02 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/08/11 11:44:02 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/08/11 11:44:02 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/08/11 11:44:02 | 000,009,216 | R--- | M] (MBB Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2010/07/15 08:44:20 | 000,013,192 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 08:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/07/12 04:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/07/09 13:18:56 | 000,020,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\cpuz134_x32.sys -- (cpuz134)
DRV - [2010/05/20 14:40:26 | 000,080,000 | ---- | M] (Vodafone) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vodafone_K380x-z_dc_enum.sys -- (vodafone_K380x-z_dc_enum)
DRV - [2008/04/14 02:36:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp)
DRV - [2008/04/14 02:36:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp)
DRV - [2008/04/14 00:36:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2006/09/24 21:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/08/18 22:40:50 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2006/06/28 16:25:24 | 004,304,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/06/16 19:17:38 | 000,074,752 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/06/16 19:17:38 | 000,040,064 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/06/16 19:17:36 | 000,061,056 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/04/03 12:17:24 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2006/03/03 12:52:30 | 000,192,672 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/01/23 12:41:42 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2006/01/23 12:41:04 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2006/01/23 12:41:04 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2005/11/28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/10/31 14:17:00 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/10/31 14:16:00 | 000,046,080 | ---- | M] (SMSC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2005/10/24 10:20:52 | 000,218,496 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/18 16:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/18 16:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/09/13 15:34:40 | 000,004,392 | ---- | M] (OSA Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NdisFilt.sys -- (NdisFilt)
DRV - [2005/06/30 16:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\OSAIO.SYS -- (osaio)
DRV - [2005/05/02 12:13:42 | 000,009,600 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETMNT.sys -- (NETMNT)
DRV - [2005/01/14 15:57:16 | 000,004,010 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2004/12/17 17:14:44 | 000,013,952 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2004/12/08 14:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2004/08/10 20:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/10 20:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280)
DRV - [2004/08/10 20:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160)
DRV - [2004/08/10 20:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080)
DRV - [2004/08/10 20:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra)
DRV - [2004/08/10 20:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx)
DRV - [2004/08/10 20:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3)
DRV - [2004/08/10 20:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi)
DRV - [2004/08/10 20:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc.sys -- (asc)
DRV - [2004/08/10 20:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow)
DRV - [2004/08/10 20:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x)
DRV - [2004/08/10 20:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810)
DRV - [2004/08/10 20:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550)
DRV - [2004/08/10 20:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde)
DRV - [2004/08/10 20:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde)
DRV - [1996/04/04 03:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sg.yahoo.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Search,CustomSearch =

IE - HKU\drogba_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com/
IE - HKU\drogba_ON_C\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\drogba_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\drogba_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\drogba_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\lia_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://sg.rd.yahoo.c...://sg.yahoo.com
IE - HKU\lia_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
IE - HKU\lia_ON_C\Software\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKU\lia_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/11/04 23:16:34 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010/12/03 17:37:30 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\Administrator_ON_C\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\drogba_ON_C\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\drogba_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\drogba_ON_C\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKU\drogba_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\drogba_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\lia_ON_C\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\lia_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\lia_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
O4 - HKU\drogba_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\lia_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] File not found
O4 - Startup: C:\Documents and Settings\drogba\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\drogba_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\lia_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/18 22:41:54 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2011/01/20 06:37:44 | 000,000,000 | RH-- | M] () - D:\autorun.wbcat -- [ FAT ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/04 22:51:32 | 000,105,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hall.dll
[2011/02/04 22:51:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/16 17:48:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\drogba\Application Data\Toolbar4
[2011/01/16 17:48:33 | 000,000,000 | ---D | C] -- C:\Program Files\HyperCam Toolbar
[2011/01/16 17:48:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\drogba\Start Menu\Programs\HyperCam 2
[2011/01/16 17:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\HyCam2
[2011/01/16 17:11:18 | 006,113,439 | ---- | C] (InstallShield Software Corporation) -- C:\Documents and Settings\drogba\My Documents\pci_filerecovery.exe
[2011/01/16 17:07:37 | 000,516,784 | R--- | C] (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com) -- C:\WINDOWS\System32\XceedCry.dll
[2011/01/16 17:07:37 | 000,217,088 | ---- | C] (Dart Communications) -- C:\WINDOWS\System32\DartSock.dll
[2011/01/16 17:07:37 | 000,140,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMDLG32.OCX
[2011/01/16 17:07:37 | 000,118,784 | ---- | C] (Dart Communications) -- C:\WINDOWS\System32\DartWeb.dll
[2011/01/16 17:07:37 | 000,000,000 | ---D | C] -- C:\Program Files\Convar
[2011/01/16 17:07:36 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB5DB.DLL
[2011/01/16 17:06:27 | 006,383,200 | ---- | C] (InstallShield Software Corporation) -- C:\Documents and Settings\drogba\My Documents\pci_us_smartrecovery.exe
[2011/01/16 16:08:32 | 001,755,648 | ---- | C] (Budy Setiawan Kusumah) -- C:\Documents and Settings\drogba\Desktop\dd.exe
[2011/01/16 07:00:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\drogba\My Documents\double_driver_4.1.0_portable
[2011/01/16 06:39:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\drogba\My Documents\ProcessExplorer
[2011/01/16 05:51:55 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2011/01/14 21:02:18 | 002,291,568 | ---- | C] (Beepa Pty Ltd) -- C:\Documents and Settings\drogba\My Documents\setupfraps.exe
[2011/01/14 16:58:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/01/14 16:57:26 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/01/14 16:56:12 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\drogba\My Documents\erunt-setup.exe
[2011/01/10 22:57:47 | 000,000,000 | ---D | C] -- C:\Program Files\CD-DVD-BlueRay Recovery
[2011/01/10 22:55:38 | 000,579,254 | ---- | C] (Martik Panosian ) -- C:\Documents and Settings\drogba\My Documents\CD-DVD-BlueRay Recovery Installer.exe
[2011/01/09 23:12:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\drogba\My Documents\Autoruns
[2011/01/08 03:25:03 | 010,696,968 | ---- | C] (Lavalys, Inc. ) -- C:\Documents and Settings\drogba\My Documents\everestcorporate550.exe
[2011/01/08 02:26:00 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2011/01/08 02:22:36 | 002,411,456 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\drogba\My Documents\rcsetup139.exe
[2011/01/07 19:26:27 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2011/01/06 19:09:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\drogba\Application Data\Apple Computer
[2011/01/06 19:09:07 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2011/01/06 19:08:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/01/06 19:08:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/01/06 19:07:43 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/01/06 19:07:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\drogba\Local Settings\Application Data\Apple
[2011/01/06 19:07:31 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/01/06 19:07:12 | 004,184,352 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2011/01/06 19:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/01/06 19:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/01/06 18:58:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\drogba\Local Settings\Application Data\Apple Computer
[2011/01/06 18:57:40 | 081,876,264 | ---- | C] (Apple Inc.) -- C:\Documents and Settings\drogba\My Documents\iTunesSetup.exe
[2011/01/06 06:10:27 | 000,013,568 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\s24trans.sys
[2011/01/06 06:10:27 | 000,004,010 | ---- | C] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\osanbm.sys
[2011/01/06 06:10:23 | 000,032,512 | ---- | C] (CACE Technologies) -- C:\WINDOWS\System32\drivers\npf.sys
[2011/01/06 06:10:23 | 000,006,144 | ---- | C] (NewTech Infosystems, Inc.) -- C:\WINDOWS\System32\drivers\NTIDrvr.sys
[2011/01/06 06:09:28 | 000,078,208 | ---- | C] (Acer Value Labs, USA) -- C:\WINDOWS\System32\drivers\epm-shd.sys
[2011/01/06 06:09:28 | 000,004,096 | ---- | C] (Acer Value Labs, USA) -- C:\WINDOWS\System32\drivers\epm-psd.sys
[2010/09/30 18:07:16 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczserv.dll
[2010/09/30 18:07:16 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczusb1.dll
[2010/09/30 18:07:16 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczhbn3.dll
[2010/09/30 18:07:16 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczpmui.dll
[2010/09/30 18:07:16 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczlmpm.dll
[2010/09/30 18:07:16 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczinpa.dll
[2010/09/30 18:07:16 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcziesc.dll
[2010/09/30 18:07:16 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXCZhcp.dll
[2010/09/30 18:07:16 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczprox.dll
[2010/09/30 18:07:16 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczpplc.dll
[2010/09/30 18:07:15 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczcomc.dll
[2010/09/30 18:07:15 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczcomm.dll
[49 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/04 13:12:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/04 13:12:22 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2011/02/04 13:08:08 | 1600,245,760 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/03 22:53:42 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/17 21:44:18 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\drogba\Desktop\Macrium Reflect.lnk
[2011/01/17 18:26:40 | 038,871,410 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\clip0007.avi
[2011/01/17 18:25:22 | 052,050,750 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\clip0006.avi
[2011/01/17 18:24:18 | 017,498,208 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\clip0005.avi
[2011/01/16 17:55:06 | 040,566,740 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\clip0004.avi
[2011/01/16 17:53:56 | 014,089,494 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\clip0003.avi
[2011/01/16 17:52:24 | 010,970,844 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\clip0002.avi
[2011/01/16 17:51:20 | 015,774,906 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\clip0001.avi
[2011/01/16 17:46:42 | 002,576,256 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\HC2Setup.exe
[2011/01/16 17:11:20 | 006,113,439 | ---- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\drogba\My Documents\pci_filerecovery.exe
[2011/01/16 17:06:28 | 006,383,200 | ---- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\drogba\My Documents\pci_us_smartrecovery.exe
[2011/01/16 17:00:44 | 001,554,889 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\CDCheckSetup.exe
[2011/01/16 06:57:58 | 002,165,485 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\double_driver_4.1.0_portable.zip
[2011/01/16 06:38:14 | 001,843,055 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\ProcessExplorer.zip
[2011/01/16 05:51:58 | 000,001,674 | ---- | M] () -- C:\Documents and Settings\drogba\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2011/01/16 05:48:42 | 002,373,128 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\belarcadvisor.exe
[2011/01/15 04:23:10 | 003,267,488 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\PandoraRecovery2.1.1Setup.exe
[2011/01/14 21:02:16 | 002,291,568 | ---- | M] (Beepa Pty Ltd) -- C:\Documents and Settings\drogba\My Documents\setupfraps.exe
[2011/01/14 20:39:44 | 000,000,991 | -H-- | M] () -- C:\WINDOWS\EPMBatch.ept
[2011/01/14 16:57:34 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\drogba\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/01/14 16:57:30 | 000,000,500 | ---- | M] () -- C:\Documents and Settings\drogba\Desktop\ERUNT.lnk
[2011/01/14 16:56:22 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\drogba\My Documents\erunt-setup.exe
[2011/01/13 20:07:06 | 000,455,024 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/10 22:55:40 | 000,579,254 | ---- | M] (Martik Panosian ) -- C:\Documents and Settings\drogba\My Documents\CD-DVD-BlueRay Recovery Installer.exe
[2011/01/09 23:17:18 | 000,000,564 | ---- | M] () -- C:\Documents and Settings\drogba\Desktop\Shortcut to autoruns.lnk
[2011/01/09 23:09:34 | 000,620,465 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\Autoruns.zip
[2011/01/08 03:25:02 | 010,696,968 | ---- | M] (Lavalys, Inc. ) -- C:\Documents and Settings\drogba\My Documents\everestcorporate550.exe
[2011/01/08 02:22:50 | 002,411,456 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\drogba\My Documents\rcsetup139.exe
[2011/01/07 19:26:30 | 000,000,590 | ---- | M] () -- C:\Documents and Settings\drogba\Desktop\SpeedFan.lnk
[2011/01/07 19:26:28 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2011/01/07 19:26:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\drogba\Desktop\initdebug.nfo
[2011/01/07 19:24:46 | 001,975,752 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\installspeedfan442.exe
[2011/01/06 18:57:42 | 081,876,264 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\drogba\My Documents\iTunesSetup.exe
[49 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/17 18:25:57 | 038,871,410 | ---- | C] () -- C:\Documents and Settings\drogba\My Documents\clip0007.avi
[2011/01/17 18:24:37 | 052,050,750 | ---- | C] () -- C:\Documents and Settings\drogba\My Documents\clip0006.avi
[2011/01/17 18:23:51 | 017,498,208 | ---- | C] () -- C:\Documents and Settings\drogba\My Documents\clip0005.avi
[2011/01/16 17:54:29 | 040,566,740 | ---- | C] () -- C:\Documents and Settings\drogba\My Documents\clip0004.avi
[2011/01/16 17:53:29 | 014,089,494 | ---- | C] () -- C:\Documents and Settings\drogba\My Documents\clip0003.avi
[2011/01/16 17:51:56 | 010,970,844 | ---- | C] () -- C:\Documents and Settings\drogba\My Documents\clip0002.avi
[2011/01/16 17:50:35 | 015,774,906 | ---- | C] () -- C:\Documents and Settings\drogba\My Documents\clip0001.avi
[2011/01/16 17:46:31 | 002,576,256 | ---- | C] () -- C:\Documents and Settings\drogba\My Documents\HC2Setup.exe
[2011/01/16 17:07:37 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2011/01/16 17:07:37 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\DartWeb.oca
[2011/01/16 17:00:36 | 001,554,889 | ---- | C] () -- C:\Documents and Settings\drogba\My Documents\CDCheckSetup.exe
[2011/01/16 06:57:56 | 002,165,485 | ---- | C] () -- C:\Documents and Settings\drogba\My Documents\double_driver_4.1.0_portable.zip
[2011/01/16 06:38:13 | 001,843,055 | ---- | C] () -- C:\Documents and Settings\drogba\My Documents\ProcessExplorer.zip
[2011/01/16 05:51:57 | 000,001,674 | ---- | C] () -- C:\Documents and Settings\drogba\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2011/01/16 05:51:55 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2011/01/16 05:48:41 | 002,373,128 | ---- | C] () -- C:\Documents and Settings\drogba\My Documents\belarcadvisor.exe
[2011/01/14 20:40:47 | 1600,245,760 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/14 20:32:57 | 000,000,991 | -H-- | C] () -- C:\WINDOWS\EPMBatch.ept
[2011/01/14 16:57:32 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\drogba\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/01/14 16:57:29 | 000,000,500 | ---- | C] () -- C:\Documents and Settings\drogba\Desktop\ERUNT.lnk
[2011/01/09 23:17:17 | 000,000,564 | ---- | C] () -- C:\Documents and Settings\drogba\Desktop\Shortcut to autoruns.lnk
[2011/01/09 23:09:31 | 000,620,465 | ---- | C] () -- C:\Documents and Settings\drogba\My Documents\Autoruns.zip
[2011/01/07 19:26:28 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\drogba\Desktop\SpeedFan.lnk
[2011/01/07 19:26:26 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2011/01/07 19:26:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\drogba\Desktop\initdebug.nfo
[2011/01/07 19:24:40 | 001,975,752 | ---- | C] () -- C:\Documents and Settings\drogba\My Documents\installspeedfan442.exe
[2011/01/06 06:10:27 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2011/01/06 06:10:27 | 000,001,038 | ---- | C] () -- C:\WINDOWS\System32\drivers\tzflybll.dat
[2011/01/06 06:10:23 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys
[2011/01/06 06:09:28 | 000,001,038 | ---- | C] () -- C:\WINDOWS\System32\drivers\hhofgrph.dat
[2011/01/06 06:09:28 | 000,001,038 | ---- | C] () -- C:\WINDOWS\System32\drivers\hbzymspx.dat
[2011/01/06 06:09:28 | 000,001,038 | ---- | C] () -- C:\WINDOWS\System32\drivers\gzzfmpte.dat
[2011/01/06 06:09:28 | 000,001,038 | ---- | C] () -- C:\WINDOWS\System32\drivers\brskxfge.dat
[2010/12/20 05:26:41 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010/12/20 05:26:40 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010/12/20 05:26:40 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/11/30 04:04:23 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\lia\Local Settings\Application Data\fusioncache.dat
[2010/11/29 00:12:52 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2010/11/13 00:20:05 | 000,455,024 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/30 13:44:34 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\drogba\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/27 14:32:44 | 000,000,493 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2010/10/24 22:11:31 | 000,000,270 | ---- | C] () -- C:\WINDOWS\System32\lxczcoin.ini
[2010/09/30 18:07:41 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxczvs.dll
[2010/09/30 18:07:31 | 000,039,899 | ---- | C] () -- C:\WINDOWS\System32\rtsicis.ini
[2010/09/30 18:07:30 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv7.dll
[2010/09/30 18:07:30 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv6.dll
[2010/09/30 18:07:30 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv5.dll
[2010/09/30 18:07:30 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv4.dll
[2010/09/30 18:07:16 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\LXCZinst.dll
[2010/09/30 11:52:47 | 000,000,076 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2010/09/30 11:52:46 | 000,000,335 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2010/09/22 03:20:37 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
[2010/09/22 03:20:37 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SC_res.dll
[2010/09/22 03:20:37 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EN_res.dll
[2010/09/22 03:20:37 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TC_res.dll
[2010/09/22 03:20:37 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\MSNChatHook.dll
[2010/09/22 03:17:48 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2010/09/22 03:12:33 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll
[2010/09/22 03:11:56 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\drogba\Local Settings\Application Data\fusioncache.dat
[2006/08/19 08:21:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/18 22:42:20 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2006/08/18 22:40:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2006/08/18 22:40:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2006/08/18 22:40:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2006/08/18 22:40:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2006/08/18 22:08:14 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2006/08/18 21:54:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/06/16 19:17:32 | 000,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll
[2005/12/14 20:59:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/10/26 14:59:46 | 000,037,706 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/05 14:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/28 15:45:26 | 000,000,081 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2004/08/10 20:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/12/29 20:45:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ServiceControl.dll
[2001/12/26 16:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1996/04/04 03:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2006/08/18 22:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Acer
[2006/08/18 22:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\drogba\Application Data\Acer
[2010/10/26 17:04:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\drogba\Application Data\OpenCandy
[2010/11/23 21:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\drogba\Application Data\Canon
[2010/11/24 15:25:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\drogba\Application Data\AVG10
[2010/12/17 07:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\drogba\Application Data\InfraRecorder
[2010/12/18 18:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\drogba\Application Data\ImgBurn
[2010/12/25 00:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\drogba\Application Data\Vodafone
[2011/01/01 05:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\drogba\Application Data\Aventail
[2011/01/03 15:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\drogba\Application Data\PandoraRecovery
[2011/01/16 17:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\drogba\Application Data\Toolbar4
[2006/08/18 22:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lia\Application Data\Acer
[2010/11/30 04:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lia\Application Data\AVG10
[2010/12/29 04:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lia\Application Data\Vodafone
[2010/12/16 02:45:58 | 000,000,512 | ---- | M] () -- C:\WINDOWS\Tasks\pota.job
[2010/12/16 03:55:34 | 000,000,758 | ---- | M] () -- C:\WINDOWS\Tasks\buradoka.job
[2010/12/16 04:31:22 | 000,000,742 | ---- | M] () -- C:\WINDOWS\Tasks\fd.job
[2011/01/03 02:25:02 | 000,000,714 | ---- | M] () -- C:\WINDOWS\Tasks\drogis.job

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: AGP440.SYS >
[2004/08/10 20:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2010/12/29 19:57:28 | 023,852,652 | ---- | M] () .cab file -- C:\I386\sp3.cab:AGP440.sys
[2004/08/10 20:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/12/29 19:57:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 02:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 02:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 20:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2010/12/29 19:57:28 | 023,852,652 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys
[2004/08/10 20:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/12/29 19:57:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 02:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 02:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/10 20:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/10 20:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2002/10/24 15:59:48 | 000,087,040 | ---- | M] (Microsoft Corporation) MD5=F1D915C3870E741D83B5142F3B358761 -- C:\UBCD4Win\plugin\!Critical\Large IDE-Fix\files\sp2\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 08:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 08:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 20:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/14 08:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 08:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/10 20:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2004/08/10 20:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\I386\sp2.cab:hal.dll
[2010/12/29 19:57:28 | 023,852,652 | ---- | M] () .cab file -- C:\I386\sp3.cab:hal.dll
[2004/08/10 20:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2010/12/29 19:57:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008/04/14 02:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\_OTL\MovedFiles\02042011_225131\C_WINDOWS\HAL.DLL
[2008/04/14 02:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2005/09/28 16:35:26 | 000,134,272 | ---- | M] (Microsoft Corporation) MD5=A3961B9456DE472D2F152C9DE950FFA5 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
[2004/08/10 20:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtUninstallKB896256$\hal.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 08:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 08:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/07 02:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/07 02:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009/02/07 02:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\SP2QFE\netlogon.dll
[2004/08/10 20:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtUninstallKB968389_1$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 20:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 08:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 08:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USERINIT.EXE >
[2004/08/10 20:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 08:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 08:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: UXTHEME.DLL >
[2004/08/10 20:00:00 | 000,218,624 | ---- | M] (Microsoft Corporation) MD5=2CDE496666A975A2CE8F969F3042C8DB -- C:\WINDOWS\$NtServicePackUninstall$\uxtheme.dll
[2008/04/14 08:12:08 | 000,218,624 | ---- | M] (Microsoft Corporation) MD5=7A2CC3719B255E6B5D74396183B7715B -- C:\WINDOWS\ServicePackFiles\i386\uxtheme.dll
[2008/04/14 08:12:08 | 000,218,624 | ---- | M] (Microsoft Corporation) MD5=7A2CC3719B255E6B5D74396183B7715B -- C:\WINDOWS\system32\uxtheme.dll

< MD5 for: WINLOGON.EXE >
[2004/08/10 20:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 08:12:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 08:12:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %SYSTEMDRIVE%\*.* >
[2010/12/29 20:02:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2004/08/10 20:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/12/31 22:49:00 | 000,000,184 | -HS- | M] () -- C:\boot.ini
[2006/08/18 21:54:18 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/08/18 22:41:54 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/08/18 21:54:18 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/08/18 21:54:18 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/08/18 22:31:32 | 000,000,519 | ---- | M] () -- C:\RHDSetup.log
[2006/08/19 08:27:58 | 000,000,084 | RHS- | M] () -- C:\Preload.aaa
[1999/11/11 00:17:54 | 000,000,049 | ---- | M] () -- C:\MCE.TAG
[2010/09/23 11:59:20 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2010/09/23 11:59:20 | 000,001,024 | -H-- | M] () -- C:\ntuser.dat.LOG
[2010/09/30 11:34:32 | 050,023,497 | ---- | M] () -- C:\print-drivers-hpux11.pkg.gz
[2010/09/30 11:54:58 | 000,000,168 | ---- | M] () -- C:\setupfax.log
[2010/09/30 14:57:46 | 024,697,856 | ---- | M] (Lexmark International, Inc. ) -- C:\cjb1200EN.exe
[2010/09/30 18:05:40 | 042,452,912 | ---- | M] () -- C:\cjr1200EN.exe
[2010/09/30 19:05:26 | 005,277,983 | ---- | M] () -- C:\VGA_Intel_6.14.10.4543_MCE.zip
[2011/01/04 14:46:38 | 000,003,256 | ---- | M] () -- C:\lxcz.log
[2010/12/28 01:32:38 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.50.1.1100.exe
[2010/12/28 07:09:30 | 003,579,408 | ---- | M] ( ) -- C:\hwmonitor_1.17-setup.exe
[2010/12/29 00:10:02 | 000,092,672 | ---- | M] (Option^Explicit Software [email protected]) -- C:\KillBox.exe
[2010/12/29 13:14:20 | 001,110,476 | ---- | M] () -- C:\7z920.exe
[2010/12/29 13:17:34 | 000,039,605 | ---- | M] () -- C:\bootkit_remover.rar
[2010/09/01 15:33:50 | 000,083,968 | ---- | M] (eSage Lab) -- C:\remover.exe
[2010/09/01 18:19:44 | 000,003,641 | ---- | M] () -- C:\readme_ru.txt
[2010/12/29 13:48:04 | 000,055,216 | ---- | M] () -- C:\bootkit_remover_debug_log.txt
[2010/12/29 13:33:36 | 000,000,051 | ---- | M] () -- C:\fixme.bat
[2010/09/01 18:19:10 | 000,003,114 | ---- | M] () -- C:\readme_ex.txt
[2010/12/31 05:59:08 | 000,108,622 | ---- | M] () -- C:\cmspwd.zip
[2009/04/30 20:08:30 | 000,000,299 | ---- | M] () -- C:\readme.txt
[2011/01/02 01:52:56 | 004,562,491 | ---- | M] () -- C:\YouTubeDownloaderSetup265.exe
[2011/02/04 13:08:08 | 1600,245,760 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/04 16:58:08 | 000,177,060 | ---- | M] () -- C:\OTL.Txt

< %systemroot%\System32\config\*.sav >
[2006/08/18 21:39:44 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
[2006/08/18 21:39:44 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/08/18 21:39:44 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/07/27 14:30:36 | 008,462,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[2010/11/06 08:26:58 | 001,991,680 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2010/11/06 08:26:58 | 011,080,704 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2008/04/14 08:11:50 | 001,025,024 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\browseui.dll
[2008/04/14 08:11:52 | 000,101,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\cscdll.dll
[2008/04/14 08:12:00 | 000,274,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/14 08:12:02 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2008/06/21 01:46:58 | 000,147,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2008/04/14 08:11:52 | 000,326,656 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\cscui.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job >
[2010/12/16 02:45:58 | 000,000,512 | ---- | M] () -- C:\WINDOWS\Tasks\pota.job
[2010/12/16 03:55:34 | 000,000,758 | ---- | M] () -- C:\WINDOWS\Tasks\buradoka.job
[2010/12/16 04:31:22 | 000,000,742 | ---- | M] () -- C:\WINDOWS\Tasks\fd.job
[2011/01/03 02:25:02 | 000,000,714 | ---- | M] () -- C:\WINDOWS\Tasks\drogis.job
< End of report >

#14
JSntgRvr

Posted 04 February 2011 - 02:25 PM

Global Moderator

Global Moderator
11,579 posts

The previous fix had an error. Lets try this again. Download the enclosed file [attachment=47636:Fix.txt] and save it in the USB drive. Overwrite the existing one. It is a text file, Fix.txt.

Boot to the OTLPE CD
Please double-click OTLPE.exe to run it as you did before.
Once on OTLPE double click on the Custom Scans window. You will be asked if you want to load a file. Select Yes
Select the Fix.txt in the USB drive. Its contents will be displayed in the window.
Click the red Run Fix button.
A report will be produced and saved in the C:\_OTL\MovedFiles folder in the form of Date_Time.log. Open that report and post its contents in a reply.

If the fix successfully replaced the file, attempt to restart in Normal Mode.

Keep me posted.

#15
babyfaceassassin

Posted 05 February 2011 - 02:38 AM

Member

Topic Starter
Member
56 posts

Hi
it doesnt show the hal.dll is missing anymore though it hangs on windows logo screen. here is the log
File C:\Windows\System32\hal.dll successfully replaced with C:\WINDOWS\ServicePackFiles\i386\hal.dll

OTLPE by OldTimer - Version 3.1.44.2 log created on 02052011_044817