Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

expanding hal.dll

Started by babyfaceassassin , Feb 03 2011 03:27 PM

  • This topic is locked This topic is locked

#16
JSntgRvr
Posted 05 February 2011 - 10:26 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Sometimes the system requires time to recover. Allow it to hang for at least 30 minutes. If it persists, then, download the enclosed file [attachment=47650:Scan.txt] and save it in your USB drive. It is another text file, Scan.txt. Overwrite the existing one.

  • Boot to the OTLPE CD
  • Please double-click OTLPE.exe to run it as you did before.
  • Once on OTLPE double click on the Custom Scans window. You will be asked if you want to load a file. Select Yes
  • Select the Scan.txt in the USB drive. Its contents will be displayed in the window.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt. Open that report and post its contents in a reply.

  • 0

Advertisements

#17
babyfaceassassin
Posted 06 February 2011 - 03:22 AM

babyfaceassassin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
i let it run for 30 mins but it still hung. here is my log:

OTL logfile created on: 2/6/2011 4:41:46 PM - Run
OTLPE by OldTimer - Version 3.1.44.2 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 83.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.24 Gb Total Space | 24.85 Gb Free Space | 47.57% Space Free | Partition Type: FAT32
Drive D: | 1.86 Gb Total Space | 1.81 Gb Free Space | 97.24% Space Free | Partition Type: FAT
Drive X: | 284.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [Disabled] -- -- (HidServ)
SRV - [2010/11/25 09:49:46 | 000,517,448 | ---- | M] () [On_Demand] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/11/23 13:34:14 | 006,128,208 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/09/28 14:02:58 | 000,220,128 | ---- | M] () [Auto] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService)
SRV - [2010/08/18 19:33:54 | 000,008,704 | ---- | M] (Vodafone) [Auto] -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005/11/28 11:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2005/11/28 11:29:00 | 000,114,753 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2005/11/28 11:28:14 | 000,217,164 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2005/10/24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) [Auto] -- C:\Acer\Empowering Technology\admServ.exe -- (AWService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | System] -- -- (tqrwfmjc)
DRV - File not found [Kernel | System] -- -- (qhekepep)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (OsaFsLoc)
DRV - File not found [Kernel | Boot] -- -- (lugva)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (jmbvdeas)
DRV - File not found [Kernel | Boot] -- -- (gennrrsj)
DRV - File not found [Kernel | On_Demand] -- -- (FreshIO)
DRV - File not found [Kernel | On_Demand] -- -- (EraserUtilRebootDrv)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | System] -- -- (bqaunrca)
DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/11/09 14:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/09/28 14:03:22 | 000,015,328 | ---- | M] (Macrium Software) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pssnap.sys -- (pssnap)
DRV - [2010/09/13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/08/11 11:44:02 | 000,114,688 | R--- | M] (ZTE Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2010/08/11 11:44:02 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2010/08/11 11:44:02 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/08/11 11:44:02 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/08/11 11:44:02 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/08/11 11:44:02 | 000,009,216 | R--- | M] (MBB Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2010/07/15 08:44:20 | 000,013,192 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 08:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/07/12 04:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/07/09 13:18:56 | 000,020,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\cpuz134_x32.sys -- (cpuz134)
DRV - [2010/05/20 14:40:26 | 000,080,000 | ---- | M] (Vodafone) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vodafone_K380x-z_dc_enum.sys -- (vodafone_K380x-z_dc_enum)
DRV - [2008/04/14 02:36:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp)
DRV - [2008/04/14 02:36:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp)
DRV - [2008/04/14 00:36:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2006/09/24 21:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/08/18 22:40:50 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2006/06/28 16:25:24 | 004,304,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/06/16 19:17:38 | 000,074,752 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/06/16 19:17:38 | 000,040,064 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/06/16 19:17:36 | 000,061,056 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/04/03 12:17:24 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2006/03/03 12:52:30 | 000,192,672 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/01/23 12:41:42 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2006/01/23 12:41:04 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2006/01/23 12:41:04 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2005/11/28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/10/31 14:17:00 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/10/31 14:16:00 | 000,046,080 | ---- | M] (SMSC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2005/10/24 10:20:52 | 000,218,496 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/18 16:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/18 16:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/09/13 15:34:40 | 000,004,392 | ---- | M] (OSA Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NdisFilt.sys -- (NdisFilt)
DRV - [2005/06/30 16:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\OSAIO.SYS -- (osaio)
DRV - [2005/05/02 12:13:42 | 000,009,600 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETMNT.sys -- (NETMNT)
DRV - [2005/01/14 15:57:16 | 000,004,010 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2004/12/17 17:14:44 | 000,013,952 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2004/12/08 14:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2004/08/10 20:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/10 20:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280)
DRV - [2004/08/10 20:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160)
DRV - [2004/08/10 20:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080)
DRV - [2004/08/10 20:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra)
DRV - [2004/08/10 20:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx)
DRV - [2004/08/10 20:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3)
DRV - [2004/08/10 20:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi)
DRV - [2004/08/10 20:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc.sys -- (asc)
DRV - [2004/08/10 20:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow)
DRV - [2004/08/10 20:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x)
DRV - [2004/08/10 20:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810)
DRV - [2004/08/10 20:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550)
DRV - [2004/08/10 20:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde)
DRV - [2004/08/10 20:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde)
DRV - [1996/04/04 03:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sg.yahoo.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Search,CustomSearch =

IE - HKU\drogba_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com/
IE - HKU\drogba_ON_C\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\drogba_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\drogba_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\drogba_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\lia_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://sg.rd.yahoo.c...://sg.yahoo.com
IE - HKU\lia_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
IE - HKU\lia_ON_C\Software\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKU\lia_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/11/04 23:16:34 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/12/03 17:37:30 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\Administrator_ON_C\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\drogba_ON_C\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\drogba_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\drogba_ON_C\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKU\drogba_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\drogba_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\lia_ON_C\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\lia_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\lia_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
O4 - HKU\drogba_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\lia_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] File not found
O4 - Startup: C:\Documents and Settings\drogba\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\drogba_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\lia_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/18 22:41:54 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2011/01/20 06:37:44 | 000,000,000 | RH-- | M] () - D:\autorun.wbcat -- [ FAT ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/05 04:48:17 | 000,105,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hal.dll
[2011/02/04 22:51:32 | 000,105,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hall.dll
[2011/02/04 22:51:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/16 17:48:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\drogba\Application Data\Toolbar4
[2011/01/16 17:48:33 | 000,000,000 | ---D | C] -- C:\Program Files\HyperCam Toolbar
[2011/01/16 17:48:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\drogba\Start Menu\Programs\HyperCam 2
[2011/01/16 17:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\HyCam2
[2011/01/16 17:11:18 | 006,113,439 | ---- | C] (InstallShield Software Corporation) -- C:\Documents and Settings\drogba\My Documents\pci_filerecovery.exe
[2011/01/16 17:07:37 | 000,516,784 | R--- | C] (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com) -- C:\WINDOWS\System32\XceedCry.dll
[2011/01/16 17:07:37 | 000,217,088 | ---- | C] (Dart Communications) -- C:\WINDOWS\System32\DartSock.dll
[2011/01/16 17:07:37 | 000,140,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMDLG32.OCX
[2011/01/16 17:07:37 | 000,118,784 | ---- | C] (Dart Communications) -- C:\WINDOWS\System32\DartWeb.dll
[2011/01/16 17:07:37 | 000,000,000 | ---D | C] -- C:\Program Files\Convar
[2011/01/16 17:07:36 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB5DB.DLL
[2011/01/16 17:06:27 | 006,383,200 | ---- | C] (InstallShield Software Corporation) -- C:\Documents and Settings\drogba\My Documents\pci_us_smartrecovery.exe
[2011/01/16 16:08:32 | 001,755,648 | ---- | C] (Budy Setiawan Kusumah) -- C:\Documents and Settings\drogba\Desktop\dd.exe
[2011/01/16 07:00:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\drogba\My Documents\double_driver_4.1.0_portable
[2011/01/16 06:39:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\drogba\My Documents\ProcessExplorer
[2011/01/16 05:51:55 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2011/01/14 21:02:18 | 002,291,568 | ---- | C] (Beepa Pty Ltd) -- C:\Documents and Settings\drogba\My Documents\setupfraps.exe
[2011/01/14 16:58:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/01/14 16:57:26 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/01/14 16:56:12 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\drogba\My Documents\erunt-setup.exe
[2011/01/10 22:57:47 | 000,000,000 | ---D | C] -- C:\Program Files\CD-DVD-BlueRay Recovery
[2011/01/10 22:55:38 | 000,579,254 | ---- | C] (Martik Panosian ) -- C:\Documents and Settings\drogba\My Documents\CD-DVD-BlueRay Recovery Installer.exe
[2011/01/09 23:12:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\drogba\My Documents\Autoruns
[2011/01/08 03:25:03 | 010,696,968 | ---- | C] (Lavalys, Inc. ) -- C:\Documents and Settings\drogba\My Documents\everestcorporate550.exe
[2011/01/08 02:26:00 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2011/01/08 02:22:36 | 002,411,456 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\drogba\My Documents\rcsetup139.exe
[2011/01/07 19:26:27 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2010/09/30 18:07:16 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczserv.dll
[2010/09/30 18:07:16 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczusb1.dll
[2010/09/30 18:07:16 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczhbn3.dll
[2010/09/30 18:07:16 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczpmui.dll
[2010/09/30 18:07:16 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczlmpm.dll
[2010/09/30 18:07:16 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczinpa.dll
[2010/09/30 18:07:16 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcziesc.dll
[2010/09/30 18:07:16 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXCZhcp.dll
[2010/09/30 18:07:16 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczprox.dll
[2010/09/30 18:07:16 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczpplc.dll
[2010/09/30 18:07:15 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczcomc.dll
[2010/09/30 18:07:15 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczcomm.dll
[49 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/05 16:14:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/04 13:12:22 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2011/02/04 13:08:08 | 1600,245,760 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/03 22:53:42 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/17 21:44:18 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\drogba\Desktop\Macrium Reflect.lnk
[2011/01/17 18:26:40 | 038,871,410 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\clip0007.avi
[2011/01/17 18:25:22 | 052,050,750 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\clip0006.avi
[2011/01/17 18:24:18 | 017,498,208 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\clip0005.avi
[2011/01/16 17:55:06 | 040,566,740 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\clip0004.avi
[2011/01/16 17:53:56 | 014,089,494 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\clip0003.avi
[2011/01/16 17:52:24 | 010,970,844 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\clip0002.avi
[2011/01/16 17:51:20 | 015,774,906 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\clip0001.avi
[2011/01/16 17:46:42 | 002,576,256 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\HC2Setup.exe
[2011/01/16 17:11:20 | 006,113,439 | ---- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\drogba\My Documents\pci_filerecovery.exe
[2011/01/16 17:06:28 | 006,383,200 | ---- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\drogba\My Documents\pci_us_smartrecovery.exe
[2011/01/16 17:00:44 | 001,554,889 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\CDCheckSetup.exe
[2011/01/16 06:57:58 | 002,165,485 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\double_driver_4.1.0_portable.zip
[2011/01/16 06:38:14 | 001,843,055 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\ProcessExplorer.zip
[2011/01/16 05:51:58 | 000,001,674 | ---- | M] () -- C:\Documents and Settings\drogba\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2011/01/16 05:48:42 | 002,373,128 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\belarcadvisor.exe
[2011/01/15 04:23:10 | 003,267,488 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\PandoraRecovery2.1.1Setup.exe
[2011/01/14 21:02:16 | 002,291,568 | ---- | M] (Beepa Pty Ltd) -- C:\Documents and Settings\drogba\My Documents\setupfraps.exe
[2011/01/14 20:39:44 | 000,000,991 | -H-- | M] () -- C:\WINDOWS\EPMBatch.ept
[2011/01/14 16:57:34 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\drogba\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/01/14 16:57:30 | 000,000,500 | ---- | M] () -- C:\Documents and Settings\drogba\Desktop\ERUNT.lnk
[2011/01/14 16:56:22 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\drogba\My Documents\erunt-setup.exe
[2011/01/13 20:07:06 | 000,455,024 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/10 22:55:40 | 000,579,254 | ---- | M] (Martik Panosian ) -- C:\Documents and Settings\drogba\My Documents\CD-DVD-BlueRay Recovery Installer.exe
[2011/01/09 23:17:18 | 000,000,564 | ---- | M] () -- C:\Documents and Settings\drogba\Desktop\Shortcut to autoruns.lnk
[2011/01/09 23:09:34 | 000,620,465 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\Autoruns.zip
[2011/01/08 03:25:02 | 010,696,968 | ---- | M] (Lavalys, Inc. ) -- C:\Documents and Settings\drogba\My Documents\everestcorporate550.exe
[2011/01/08 02:22:50 | 002,411,456 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\drogba\My Documents\rcsetup139.exe
[2011/01/07 19:26:30 | 000,000,590 | ---- | M] () -- C:\Documents and Settings\drogba\Desktop\SpeedFan.lnk
[2011/01/07 19:26:28 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2011/01/07 19:26:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\drogba\Desktop\initdebug.nfo
[2011/01/07 19:24:46 | 001,975,752 | ---- | M] () -- C:\Documents and Settings\drogba\My Documents\installspeedfan442.exe
[49 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/17 18:25:57 | 038,871,410 | ---- | C] () -- C:\Documents and Settings\drogba\My Documents\clip0007.avi
[2011/01/17 18:24:37 | 052,050,750 | ---- | C] () -- C:\Documents and Settings\drogba\My Documents\clip0006.avi
[2011/01/17 18:23:51 | 017,498,208 | ---- | C] () -- C:\Documents and Settings\drogba\My Documents\clip0005.avi
[2011/01/16 17:54:29 | 040,566,740 | ---- | C] () -- C:\Documents and Settings\drogba\My Documents\clip0004.avi
[2011/01/16 17:53:29 | 014,089,494 | ---- | C] () -- C:\Documents and Settings\drogba\My Documents\clip0003.avi
[2011/01/16 17:51:56 | 010,970,844 | ---- | C] () -- C:\Documents and Settings\drogba\My Documents\clip0002.avi
[2011/01/16 17:50:35 | 015,774,906 | ---- | C] () -- C:\Documents and Settings\drogba\My Documents\clip0001.avi
[2011/01/16 17:46:31 | 002,576,256 | ---- | C] () -- C:\Documents and Settings\drogba\My Documents\HC2Setup.exe
[2011/01/16 17:07:37 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2011/01/16 17:07:37 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\DartWeb.oca
[2011/01/16 17:00:36 | 001,554,889 | ---- | C] () -- C:\Documents and Settings\drogba\My Documents\CDCheckSetup.exe
[2011/01/16 06:57:56 | 002,165,485 | ---- | C] () -- C:\Documents and Settings\drogba\My Documents\double_driver_4.1.0_portable.zip
[2011/01/16 06:38:13 | 001,843,055 | ---- | C] () -- C:\Documents and Settings\drogba\My Documents\ProcessExplorer.zip
[2011/01/16 05:51:57 | 000,001,674 | ---- | C] () -- C:\Documents and Settings\drogba\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2011/01/16 05:51:55 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2011/01/16 05:48:41 | 002,373,128 | ---- | C] () -- C:\Documents and Settings\drogba\My Documents\belarcadvisor.exe
[2011/01/14 20:40:47 | 1600,245,760 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/14 20:32:57 | 000,000,991 | -H-- | C] () -- C:\WINDOWS\EPMBatch.ept
[2011/01/14 16:57:32 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\drogba\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/01/14 16:57:29 | 000,000,500 | ---- | C] () -- C:\Documents and Settings\drogba\Desktop\ERUNT.lnk
[2011/01/09 23:17:17 | 000,000,564 | ---- | C] () -- C:\Documents and Settings\drogba\Desktop\Shortcut to autoruns.lnk
[2011/01/09 23:09:31 | 000,620,465 | ---- | C] () -- C:\Documents and Settings\drogba\My Documents\Autoruns.zip
[2011/01/07 19:26:28 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\drogba\Desktop\SpeedFan.lnk
[2011/01/07 19:26:26 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2011/01/07 19:26:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\drogba\Desktop\initdebug.nfo
[2011/01/07 19:24:40 | 001,975,752 | ---- | C] () -- C:\Documents and Settings\drogba\My Documents\installspeedfan442.exe
[2011/01/06 06:10:27 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2011/01/06 06:10:23 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys
[2010/12/20 05:26:41 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010/12/20 05:26:40 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010/12/20 05:26:40 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/11/30 04:04:23 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\lia\Local Settings\Application Data\fusioncache.dat
[2010/11/29 00:12:52 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2010/11/13 00:20:05 | 000,455,024 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/30 13:44:34 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\drogba\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/27 14:32:44 | 000,000,493 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2010/10/24 22:11:31 | 000,000,270 | ---- | C] () -- C:\WINDOWS\System32\lxczcoin.ini
[2010/09/30 18:07:41 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxczvs.dll
[2010/09/30 18:07:31 | 000,039,899 | ---- | C] () -- C:\WINDOWS\System32\rtsicis.ini
[2010/09/30 18:07:30 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv7.dll
[2010/09/30 18:07:30 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv6.dll
[2010/09/30 18:07:30 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv5.dll
[2010/09/30 18:07:30 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv4.dll
[2010/09/30 18:07:16 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\LXCZinst.dll
[2010/09/30 11:52:47 | 000,000,076 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2010/09/30 11:52:46 | 000,000,335 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2010/09/22 03:20:37 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
[2010/09/22 03:20:37 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SC_res.dll
[2010/09/22 03:20:37 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EN_res.dll
[2010/09/22 03:20:37 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TC_res.dll
[2010/09/22 03:20:37 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\MSNChatHook.dll
[2010/09/22 03:17:48 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2010/09/22 03:12:33 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll
[2010/09/22 03:11:56 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\drogba\Local Settings\Application Data\fusioncache.dat
[2006/08/19 08:21:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/18 22:42:20 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2006/08/18 22:40:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2006/08/18 22:40:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2006/08/18 22:40:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2006/08/18 22:40:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2006/08/18 22:08:14 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2006/08/18 21:54:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/06/16 19:17:32 | 000,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll
[2005/12/14 20:59:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/10/26 14:59:46 | 000,037,706 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/05 14:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/28 15:45:26 | 000,000,081 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2004/08/10 20:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/12/29 20:45:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ServiceControl.dll
[2001/12/26 16:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1996/04/04 03:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2006/08/18 22:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Acer
[2006/08/18 22:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\drogba\Application Data\Acer
[2010/10/26 17:04:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\drogba\Application Data\OpenCandy
[2010/11/23 21:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\drogba\Application Data\Canon
[2010/11/24 15:25:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\drogba\Application Data\AVG10
[2010/12/17 07:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\drogba\Application Data\InfraRecorder
[2010/12/18 18:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\drogba\Application Data\ImgBurn
[2010/12/25 00:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\drogba\Application Data\Vodafone
[2011/01/01 05:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\drogba\Application Data\Aventail
[2011/01/03 15:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\drogba\Application Data\PandoraRecovery
[2011/01/16 17:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\drogba\Application Data\Toolbar4
[2006/08/18 22:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lia\Application Data\Acer
[2010/11/30 04:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lia\Application Data\AVG10
[2010/12/29 04:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lia\Application Data\Vodafone
[2010/12/16 02:45:58 | 000,000,512 | ---- | M] () -- C:\WINDOWS\Tasks\pota.job
[2010/12/16 03:55:34 | 000,000,758 | ---- | M] () -- C:\WINDOWS\Tasks\buradoka.job
[2010/12/16 04:31:22 | 000,000,742 | ---- | M] () -- C:\WINDOWS\Tasks\fd.job
[2011/01/03 02:25:02 | 000,000,714 | ---- | M] () -- C:\WINDOWS\Tasks\drogis.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: BROWSEUI.DLL >
[2006/01/09 11:01:58 | 001,022,976 | ---- | M] (Microsoft Corporation) MD5=45D980F264195CBD23159F7BD3AC9E16 -- C:\WINDOWS\ie8\browseui.dll
[2004/08/10 20:00:00 | 001,016,832 | ---- | M] (Microsoft Corporation) MD5=AD93D4A84960163CD14E94B1EC3F6D33 -- C:\WINDOWS\$NtUninstallKB912945$\browseui.dll
[2009/01/07 18:20:52 | 001,022,976 | ---- | M] (Microsoft Corporation) MD5=B99FF349BF53BD91FBDDCD6B1EDE8980 -- C:\4699a9a6992d325802bdd28eb07674\browseui.dll
[2009/01/07 18:20:52 | 001,022,976 | ---- | M] (Microsoft Corporation) MD5=B99FF349BF53BD91FBDDCD6B1EDE8980 -- C:\WINDOWS\$NtServicePackUninstall$\browseui.dll
[2008/04/14 08:11:50 | 001,025,024 | ---- | M] (Microsoft Corporation) MD5=E392E172687BE172F8600C5F41AB03D9 -- C:\WINDOWS\ServicePackFiles\i386\browseui.dll
[2008/04/14 08:11:50 | 001,025,024 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\browseui.dll

< MD5 for: CSCDLL.DLL >
[2008/04/14 08:11:52 | 000,101,888 | ---- | M] (Microsoft Corporation) MD5=515A7FAE2070C2B0242B2353443E2F11 -- C:\WINDOWS\ServicePackFiles\i386\cscdll.dll
[2004/08/10 20:00:00 | 000,101,888 | ---- | M] (Microsoft Corporation) MD5=587729679B4FE04CE06A5C61D6C56DCD -- C:\WINDOWS\$NtServicePackUninstall$\cscdll.dll
[2008/04/14 08:11:52 | 000,101,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\cscdll.dll

< MD5 for: CSCUI.DLL >
[2008/04/14 08:11:52 | 000,326,656 | ---- | M] (Microsoft Corporation) MD5=085ED2E391A871C7BAE87E0228B546BA -- C:\WINDOWS\ServicePackFiles\i386\cscui.dll
[2004/08/10 20:00:00 | 000,326,656 | ---- | M] (Microsoft Corporation) MD5=51230212AE7F8159A90F06A7EA30DD8A -- C:\WINDOWS\$NtServicePackUninstall$\cscui.dll
[2008/04/14 08:11:52 | 000,326,656 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\cscui.dll

< MD5 for: DNSAPI.DLL >
[2008/04/14 08:11:52 | 000,147,968 | ---- | M] (Microsoft Corporation) MD5=0A3325D38DB90792BBBE01334F273974 -- C:\WINDOWS\$NtUninstallKB951748$\dnsapi.dll
[2008/04/14 08:11:52 | 000,147,968 | ---- | M] (Microsoft Corporation) MD5=0A3325D38DB90792BBBE01334F273974 -- C:\WINDOWS\ServicePackFiles\i386\dnsapi.dll
[2008/06/21 01:41:10 | 000,148,992 | ---- | M] (Microsoft Corporation) MD5=176497D0E7AE618860552A4B5635B206 -- C:\WINDOWS\$NtServicePackUninstall$\dnsapi.dll
[2008/06/21 01:43:06 | 000,147,968 | ---- | M] (Microsoft Corporation) MD5=1C2A6C104E6184B05EEB0C114BE4F150 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
[2008/06/21 01:46:58 | 000,147,968 | ---- | M] (Microsoft Corporation) MD5=5D3FDE8FB2801A2041D1B965372C4928 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
[2008/06/21 01:46:58 | 000,147,968 | ---- | M] (Microsoft Corporation) MD5=5D3FDE8FB2801A2041D1B965372C4928 -- C:\WINDOWS\system32\dllcache\dnsapi.dll
[2004/08/10 20:00:00 | 000,148,480 | ---- | M] (Microsoft Corporation) MD5=C76735BFB7214907B4590DD35AE64A79 -- C:\WINDOWS\$NtUninstallKB951748_0$\dnsapi.dll
[2008/06/21 01:36:12 | 000,147,968 | ---- | M] (Microsoft Corporation) MD5=D803BDB34C060035D4753DDA046D5C72 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
[2008/06/21 01:46:58 | 000,147,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll

< MD5 for: IEFRAME.DLL >
[2010/11/06 05:57:34 | 011,082,752 | ---- | M] (Microsoft Corporation) MD5=19CAF5284FDF79E52FDD6F4E8FF9ECFC -- C:\WINDOWS\$hf_mig$\KB2416400-IE8\SP3QFE\ieframe.dll
[2010/11/06 08:26:58 | 011,080,704 | ---- | M] (Microsoft Corporation) MD5=2EF237A6B7232F45A7DF000C54974BF1 -- C:\WINDOWS\system32\dllcache\ieframe.dll
[2010/05/06 18:41:50 | 011,076,096 | ---- | M] (Microsoft Corporation) MD5=4939E99C1B61017E37A006EEC2E7632D -- C:\WINDOWS\ie8updates\KB2416400-IE8\ieframe.dll
[2009/03/08 04:39:48 | 011,063,808 | ---- | M] (Microsoft Corporation) MD5=729DA5D23A9AD20A6AA353156A126420 -- C:\4699a9a6992d325802bdd28eb07674\ieframe.dll
[2009/03/08 04:39:48 | 011,063,808 | ---- | M] (Microsoft Corporation) MD5=729DA5D23A9AD20A6AA353156A126420 -- C:\WINDOWS\ie8updates\KB982381-IE8\ieframe.dll
[2010/05/06 16:06:24 | 011,078,144 | ---- | M] (Microsoft Corporation) MD5=829BC36DEC43E7A9F53E826BAC991540 -- C:\WINDOWS\$hf_mig$\KB982381-IE8\SP3QFE\ieframe.dll
[2010/11/06 08:26:58 | 011,080,704 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll

< MD5 for: IERTUTIL.DLL >
[2009/03/08 04:32:22 | 001,985,024 | ---- | M] (Microsoft Corporation) MD5=58BD4689E1DCD40A903721D7EF45F2EC -- C:\4699a9a6992d325802bdd28eb07674\iertutil.dll
[2009/03/08 04:32:22 | 001,985,024 | ---- | M] (Microsoft Corporation) MD5=58BD4689E1DCD40A903721D7EF45F2EC -- C:\WINDOWS\ie8updates\KB982381-IE8\iertutil.dll
[2010/05/06 18:41:50 | 001,985,536 | ---- | M] (Microsoft Corporation) MD5=7FBE659ECDC2E61BDA3AA930C1532516 -- C:\WINDOWS\ie8updates\KB2416400-IE8\iertutil.dll
[2010/05/06 18:36:24 | 001,986,048 | ---- | M] (Microsoft Corporation) MD5=AA9B8D2F3BEB369DB82E48C689D7A8FC -- C:\WINDOWS\$hf_mig$\KB982381-IE8\SP3QFE\iertutil.dll
[2010/11/06 08:26:58 | 001,991,680 | ---- | M] (Microsoft Corporation) MD5=B8A72ABACA96B56FBE83AC2801586E50 -- C:\WINDOWS\system32\dllcache\iertutil.dll
[2010/11/06 08:27:34 | 001,992,192 | ---- | M] (Microsoft Corporation) MD5=D97111913A882D57C6BA46444EC4BF9F -- C:\WINDOWS\$hf_mig$\KB2416400-IE8\SP3QFE\iertutil.dll
[2010/11/06 08:26:58 | 001,991,680 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll

< MD5 for: MSTASK.DLL >
[2008/04/14 08:12:00 | 000,274,944 | ---- | M] (Microsoft Corporation) MD5=4044E880593FE1AC9942190FCE414BE7 -- C:\WINDOWS\ServicePackFiles\i386\mstask.dll
[2004/08/10 20:00:00 | 000,274,944 | ---- | M] (Microsoft Corporation) MD5=DAD1CEF1B77539B4EF734A1041CF95ED -- C:\WINDOWS\$NtServicePackUninstall$\mstask.dll
[2008/04/14 08:12:00 | 000,274,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll

< MD5 for: NTDSAPI.DLL >
[2004/08/10 20:00:00 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6201BACF384292A5FE94CE73364AE53A -- C:\WINDOWS\$NtServicePackUninstall$\ntdsapi.dll
[2008/04/14 08:12:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=EC4C0D9BFD9F7E33F8B395AD54E13063 -- C:\WINDOWS\ServicePackFiles\i386\ntdsapi.dll
[2008/04/14 08:12:02 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll

< MD5 for: SHELL32.DLL >
[2008/07/03 21:03:30 | 008,460,800 | ---- | M] (Microsoft Corporation) MD5=06DA8C5383AAF17127FC4B1658BA3F4F -- C:\WINDOWS\$hf_mig$\KB967715\SP2QFE\shell32.dll
[2008/06/18 03:02:20 | 008,461,312 | ---- | M] (Microsoft Corporation) MD5=08B99916C98E15F6C28D24D73E53B45A -- C:\WINDOWS\$hf_mig$\KB967715\SP3GDR\shell32.dll
[2008/06/18 03:02:20 | 008,461,312 | ---- | M] (Microsoft Corporation) MD5=08B99916C98E15F6C28D24D73E53B45A -- C:\WINDOWS\$NtUninstallKB2286198$\shell32.dll
[2008/04/14 08:12:06 | 008,461,312 | ---- | M] (Microsoft Corporation) MD5=0CF50B1F45DAB08430C1DBB79FE2CA5B -- C:\WINDOWS\$NtUninstallKB967715$\shell32.dll
[2008/04/14 08:12:06 | 008,461,312 | ---- | M] (Microsoft Corporation) MD5=0CF50B1F45DAB08430C1DBB79FE2CA5B -- C:\WINDOWS\ServicePackFiles\i386\shell32.dll
[2008/06/18 03:04:34 | 008,461,824 | ---- | M] (Microsoft Corporation) MD5=270CE1BFDF019A3D7527F1DA6FB1FA96 -- C:\WINDOWS\$hf_mig$\KB967715\SP3QFE\shell32.dll
[2010/07/27 14:30:36 | 008,462,336 | ---- | M] (Microsoft Corporation) MD5=304CFF53C9C9BEB03607ABE94A8FC781 -- C:\WINDOWS\system32\dllcache\shell32.dll
[2008/07/03 21:16:58 | 008,454,656 | ---- | M] (Microsoft Corporation) MD5=56B6333DDA2576803F99F0EA373D0A7B -- C:\WINDOWS\$NtServicePackUninstall$\shell32.dll
[2010/07/27 14:28:54 | 008,463,360 | ---- | M] (Microsoft Corporation) MD5=B65D8CE7C75835906CD21C974B875503 -- C:\WINDOWS\$hf_mig$\KB2286198\SP3QFE\shell32.dll
[2004/08/10 20:00:00 | 008,384,000 | ---- | M] (Microsoft Corporation) MD5=D5988A5048E4DC7175BCA9F29FC144AE -- C:\WINDOWS\$NtUninstallKB967715_0$\shell32.dll
[2010/07/27 14:30:36 | 008,462,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
< End of report >
  • 0

#18
JSntgRvr
Posted 06 February 2011 - 10:11 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Download the enclosed file [attachment=47671:Fix.txt] and save it in the USB drive. It is a text file, Fix.txt.
  • Boot to the OTLPE CD
  • Please double-click OTLPE.exe to run it as you did before.
  • Once on OTLPE double click on the Custom Scans window. You will be asked if you want to load a file. Select Yes
  • Select the Fix.txt in the USB drive. Its contents will be displayed in the window.
  • Click the red Run Fix button.
  • A report will be produced and saved in the C:\_OTL\MovedFiles folder in the form of Date_Time.log. Open that report and post its contents in a reply.

If the fix successfully replaced the files, attempt to restart in Normal Mode.

If unsuccessful, lets then check the Master Boot Record(MBR). See if you can follow these instructions:

Download MBRFix from here.

Save and extract its contents to the USB drive.

Boot the computer with the Reatogo CD and insert the USB drive. There are three files in the MBRFix folder. From these, only copy the MBRFix.exe to the root directory of the Local Drive, (C:\).

When saved, the MBRFix.exe should appear as C:\MBRFix.exe.

Bring the computer to a Command Prompt (Click on the Start button, then on Run. Type CMD and click OK).

At the prompt type the following and press Enter after each line:

C:
cd C:\
MbrFix /drive 0 savembr MBRDUMP.txt

The last command is as follows:

MbrFix[Space]/drive[Space]0[Space]savembr[Space]MBRDUMP.txt

The drive is Drive zero (Drive 0)

This will create a file in the C:\ folder labeled MBRDUMP.txt. Copy this file to the USB and attach it to a reply.
  • 0

#19
babyfaceassassin
Posted 07 February 2011 - 05:16 AM

babyfaceassassin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Hi JSntgRvr thanks for the time and effort on helping us to solve our pc problem. My bro ( owner of broken pc) needs his pc now. so we decided to just clean install our xp. though we know he will lost his programs and data but he really needs to use his pc now. we appreciate your help so much. again thank you
  • 0

#20
JSntgRvr
Posted 07 February 2011 - 07:28 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
I can understand. Thanks for the feedback.

He can always backup those important documents using the Reatogo environment.
  • 0

#21
babyfaceassassin
Posted 08 February 2011 - 12:28 AM

babyfaceassassin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Hi JSntgRvr i didnt realize that we can use it to backup our data. maybe because the data that he has on it are not really important. But now i realize that reatogo tools is a very powerful tool. i just want to ask if do we have a tutorial on how to use all its functions here in G2G?? i want to learn how to use it and fix computer. the reason why i deleted the hal.dll in the first place. To learn. thanks
  • 0

#22
JSntgRvr
Posted 08 February 2011 - 11:18 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
There are no tutorial on the site. Reatogo-X-PE is a Live CD builder. It can create a Live CD of Windows XP and is based on BartPE.

Goggle these terms and you will find your answers.
  • 0

#23
babyfaceassassin
Posted 08 February 2011 - 04:51 PM

babyfaceassassin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
ok. thanks for being generous and helpful.
  • 0

#24
JSntgRvr
Posted 21 February 2011 - 09:47 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Computer Won't Boot - Malware Related · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Computer Won't Boot - Malware Related

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP