hbhko.sys

View previous topic View next topic Go down

hbhko.sys

Post by ryanjp89 on 11th September 2010, 5:43 pm

Hello. I recently was infected with a few viruses and removed most of them myself, but i'm positive there are more of them.

I scanned with Malwarebytes' Anti-Malware, and it got rid of them most, and a few I had to get rid of. but there's 1 file in drivers folder I cannot delete, it's named "hbhko.sys"

I get the "cannot read from file source, or disk" error. and the "ERROR: A device attached to the system is not functioning." error from command prompt.

I tried several different methods, and programs trying to get rid of it, however nothing worked. I cannot use my wireless internet at all due to it causing problems. any help would be appreciated, thanks.

ryanjp89
Novice
Novice

Posts Posts : 17
Joined Joined : 2010-09-11
Gender Gender : Male
OS OS : Window Vista Home
Points Points : 22985
# Likes # Likes : 0

View user profile

Back to top Go down

Re: hbhko.sys

Post by Sneakyone on 11th September 2010, 11:39 pm

Hi.

Please download [You must be registered and logged in to see this link.] to your Desktop. (If you already have it downloaded, then just follow the instructions below).
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\*.sys
    %systemroot%\system32\drivers\*.dll
    %systemroot%\system32\drivers\*.ini
    %systemroot%\system32\drivers\*.exe
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    %appdata%\*.*
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    disk.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    usbstor.sys
    /md5stop
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time


Note: in the event that OTL fails to run, please use alternate download links to try again:

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56094
# Likes # Likes : 0

View user profile

Back to top Go down

Re: hbhko.sys

Post by ryanjp89 on 12th September 2010, 12:48 am

OTL logfile created on: 9/11/2010 6:09:10 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\Dustin\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.71 Gb Total Space | 60.92 Gb Free Space | 43.61% Space Free | Partition Type: NTFS
Drive D: | 9.34 Gb Total Space | 1.65 Gb Free Space | 17.70% Space Free | Partition Type: NTFS
Drive E: | 7.91 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMP22
Current User Name: Dustin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/11 18:07:54 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Dustin\Desktop\OTL.com
PRC - [2010/09/08 12:46:12 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/09/11 18:07:54 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Dustin\Desktop\OTL.com
MOD - [2010/02/18 07:04:55 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 22:34:21 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/09/06 21:16:26 | 001,355,928 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/06/20 23:47:09 | 000,395,048 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdcoreservice)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/03/05 22:46:04 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010/01/22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Disabled | Stopped] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\FntCache.dll -- (FontCache)
SRV - [2009/03/12 17:36:24 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe -- (mi-raysat_3dsmax2010_32)
SRV - [2008/07/26 01:08:43 | 001,245,064 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/04/26 04:15:26 | 000,361,808 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/26 15:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2003/08/27 11:27:44 | 000,065,536 | ---- | M] (America Online, Inc.) [Disabled | Stopped] -- C:\Windows\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\COH_Mon.sys -- (COH_Mon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Dustin\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/08/12 08:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/07/27 22:52:47 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2010/07/20 05:36:56 | 009,018,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/03/15 21:14:46 | 000,127,488 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2010/02/12 23:36:10 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/07/16 19:22:10 | 000,019,064 | ---- | M] (REALiX(tm)) [Kernel | Auto | Running] -- C:\Program Files\HWiNFO32\HWiNFO32.SYS -- (HWiNFO32)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/07/26 14:30:30 | 000,014,416 | ---- | M] (OpenLibSys.org) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\sensorsview32.sys -- (sensorsview32)
DRV - [2008/06/10 14:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/06/05 12:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/04/29 12:12:38 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/17 14:05:16 | 000,199,344 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/01/20 22:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 22:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 22:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 22:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 22:32:52 | 000,074,808 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 22:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 22:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 22:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 22:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 22:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 22:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 22:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 22:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 22:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 22:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 22:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 22:32:48 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/20 22:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 22:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 22:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 22:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 22:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 22:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 22:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 22:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/14 06:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/11/26 15:47:44 | 000,021,832 | ---- | M] (Webroot Software Inc ([You must be registered and logged in to see this link.] [Kernel | On_Demand | Stopped] -- C:\Program Files\Webroot\Washer\wrSSweep.sys -- (wrssweep)
DRV - [2007/10/31 21:51:26 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/10/31 21:47:54 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/10/31 21:47:08 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/10/17 19:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/11/02 03:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2005/05/03 01:15:50 | 000,036,484 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SMBios.sys -- (SMBios) Intel (R)
DRV - [2003/01/10 18:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "MyWebSearch"
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:9.0.0.736
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/21 20:09:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/10 00:26:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/09 03:06:04 | 000,000,000 | ---D | M]

[2010/02/10 13:39:43 | 000,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\mozilla\Extensions
[2010/02/10 13:39:43 | 000,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/09/11 16:48:51 | 000,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\mozilla\Firefox\Profiles\6jk5jbhe.default\extensions
[2010/05/28 08:13:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dustin\AppData\Roaming\mozilla\Firefox\Profiles\6jk5jbhe.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/11 16:48:51 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\Dustin\AppData\Roaming\mozilla\Firefox\Profiles\6jk5jbhe.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/06/02 20:42:52 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Dustin\AppData\Roaming\mozilla\Firefox\Profiles\6jk5jbhe.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/08/03 15:49:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Dustin\AppData\Roaming\mozilla\Firefox\Profiles\6jk5jbhe.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/28 03:09:36 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Dustin\AppData\Roaming\mozilla\Firefox\Profiles\6jk5jbhe.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2010/04/11 16:27:07 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Dustin\AppData\Roaming\mozilla\Firefox\Profiles\6jk5jbhe.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/08/21 16:27:01 | 000,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\mozilla\Firefox\Profiles\6jk5jbhe.default\extensions\toolbar@ask.com
[2010/04/03 10:47:46 | 000,010,005 | ---- | M] () -- C:\Users\Dustin\AppData\Roaming\Mozilla\FireFox\Profiles\6jk5jbhe.default\searchplugins\mywebsearch.xml
[2010/09/11 07:23:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/26 16:18:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2008/06/30 17:44:08 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2010/01/13 18:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/09/10 15:12:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL 9.5\AOL.EXE (AOL Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 67.232.255.222 67.232.255.218
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\270402husky004.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\270402husky004.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/26 02:01:12 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/09/01 21:23:26 | 000,001,176 | ---- | M] () - C:\Autorun_dll.log -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0b\aoltray.exe - (America Online, Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AOL Companion.lnk - C:\Program Files\AOL Companion\companion.exe - ()
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CoreCenter.lnk - C:\Program Files\MSI\Core Center\CoreCenter.exe - ()
MsConfig - StartUpFolder: C:^Users^Dustin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^America Online 5.0 Tray Icon.lnk - C:\America Online 5.0\aoltray.exe - (America Online, Inc.)
MsConfig - StartUpFolder: C:^Users^Dustin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe - (MagicISO, Inc.)
MsConfig - StartUpReg: AceGain LiveUpdate - hkey= - key= - C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe File not found
MsConfig - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AOL Fast Start - hkey= - key= - C:\Program Files\AOL 9.5\AOL.EXE (AOL Inc.)
MsConfig - StartUpReg: bipro - hkey= - key= - C:\Windows\$NtUninstallMTF196$\mmduch.DLL File not found
MsConfig - StartUpReg: ccApp - hkey= - key= - c:\Program Files\Common Files\Symantec Shared\ccApp.exe File not found
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: hmvialtd - hkey= - key= - C:\Users\Dustin\AppData\Local\npuwdvwcf\wovhbnduqiw.exe File not found
MsConfig - StartUpReg: HostManager - hkey= - key= - C:\Program Files\Common Files\AOL\1268803062\ee\aolsoftware.exe (AOL Inc.)
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: hpWirelessAssistant - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
MsConfig - StartUpReg: ISTray - hkey= - key= - C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
MsConfig - StartUpReg: lsdefrag - hkey= - key= - C:\Users\Dustin\AppData\Local\temp\cnrwmoaxes.exe File not found
MsConfig - StartUpReg: LvipZkfgnoc - hkey= - key= - C:\Users\Dustin\AppData\Local\Temp\debug.exe File not found
MsConfig - StartUpReg: LvipZkfgnzgmd.com/dw/dw.php?id=%s&ver=d01 - hkey= - key= - C:\Users\Dustin\AppData\Local\Temp\dolxyu.exe File not found
MsConfig - StartUpReg: LvipZkfgotc - hkey= - key= - C:\Users\Dustin\AppData\Local\Temp\hexdump.exe File not found
MsConfig - StartUpReg: LvipZkfgouqc - hkey= - key= - C:\Users\Dustin\AppData\Local\Temp\iexplarer.exe File not found
MsConfig - StartUpReg: LvipZkfgpuc - hkey= - key= - C:\Users\Dustin\AppData\Local\Temp\lsass.exe File not found
MsConfig - StartUpReg: LvipZkfgpyc - hkey= - key= - C:\Users\Dustin\AppData\Local\Temp\lgqwyop.exe File not found
MsConfig - StartUpReg: LvipZkfgpZ - hkey= - key= - C:\Users\Dustin\AppData\Local\Temp\mdm.exe File not found
MsConfig - StartUpReg: LvipZkfgrg - hkey= - key= - C:\Users\Dustin\AppData\Local\Temp\smss.exe File not found
MsConfig - StartUpReg: LvipZkfgrrb - hkey= - key= - C:\Users\Dustin\AppData\Local\Temp\taskmgr.exe File not found
MsConfig - StartUpReg: LvipZkfgsPc - hkey= - key= - C:\Users\Dustin\AppData\Local\Temp\win32.exe File not found
MsConfig - StartUpReg: LvipZkfgssc - hkey= - key= - C:\Users\Dustin\AppData\Local\Temp\winlogon.exe File not found
MsConfig - StartUpReg: Malwarebytes Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: MqpSc - hkey= - key= - C:\Windows\avp32.exe File not found
MsConfig - StartUpReg: Mqrta - hkey= - key= - C:\Windows\install.exe File not found
MsConfig - StartUpReg: Mqrtc - hkey= - key= - C:\Windows\hexdump.exe File not found
MsConfig - StartUpReg: Mqsrc - hkey= - key= - C:\Windows\login.exe File not found
MsConfig - StartUpReg: Mque - hkey= - key= - C:\Windows\user.exe File not found
MsConfig - StartUpReg: Mquse - hkey= - key= - C:\Windows\svchost.exe File not found
MsConfig - StartUpReg: Mquta - hkey= - key= - C:\Windows\services.exe File not found
MsConfig - StartUpReg: Mquuf - hkey= - key= - C:\Windows\spoolsv.exe File not found
MsConfig - StartUpReg: Mqvpe - hkey= - key= - C:\Windows\winamp.exe File not found
MsConfig - StartUpReg: Mqvre - hkey= - key= - C:\Windows\wininst.exe File not found
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: Ogigogapogaxey - hkey= - key= - C:\Users\Dustin\AppData\Local\tmgsdSv2.DLL File not found
MsConfig - StartUpReg: pemdgsol - hkey= - key= - C:\Users\Dustin\AppData\Roaming\qjvkfdngs\anjvqejshdw.exe File not found
MsConfig - StartUpReg: Persistence - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RealTray - hkey= - key= - C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
MsConfig - StartUpReg: uureybjm - hkey= - key= - C:\Users\Dustin\AppData\Local\ucjwdujbp\wogccevuqiw.exe File not found
MsConfig - StartUpReg: Window Washer - hkey= - key= - C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)
MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found
MsConfig - StartUpReg: WinsysMon - hkey= - key= - C:\Users\Dustin\AppData\Local\Temp\nsw4DCF.tmp\googletoolbar.exe File not found
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - StartUpReg: xawsonmecr.exe - hkey= - key= - C:\Users\Dustin\AppData\Local\temp\xawsonmecr.exe File not found
MsConfig - StartUpReg: Yrohigej - hkey= - key= - C:\Users\Dustin\AppData\Local\arorewapan.DLL File not found
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 1
MsConfig - State: "bootini" - 2

SafeBootMin: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sr.sys - C:\WINDOWS\System32\wbem\sr.mof ()
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: ip6fw.sys - Driver
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: NtLmSsp - Service
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sr.sys - C:\WINDOWS\System32\wbem\sr.mof ()
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {26F7ABA3-71B2-94C4-4FA5-6277C0620F04} - Viewpoint Media Player
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4314AC69-6DEF-162A-E931-2C1A7C4764E5} - Microsoft Windows Media Player
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {BD527FB8-8DC9-3B71-3C3C-6B17E6D4D6E0} - Macromedia Shockwave Director 10.1
ActiveX: {C42547B6-037E-E69F-5B2B-F5C5D35336C3} - Browser Customizations
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5CE3735-2EB0-8A1A-1AD6-13A78119DB01} - Macromedia Shockwave Director 10.1
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2010/09/11 18:07:54 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Dustin\Desktop\OTL.com
[2010/09/11 13:49:07 | 000,000,000 | ---D | C] -- C:\Users\Dustin\Desktop\backups
[2010/09/11 13:47:39 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Dustin\Desktop\HijackThis.exe
[2010/09/11 13:32:11 | 000,000,000 | ---D | C] -- C:\rsit
[2010/09/11 13:32:11 | 000,000,000 | ---D | C] -- \rsit
[2010/09/11 13:18:41 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2010/09/10 15:23:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/09/10 15:23:29 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN
[2010/09/10 07:52:04 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/09/10 07:52:04 | 000,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Local\temp
[2010/09/10 07:27:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/09/10 07:27:20 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/09/10 07:27:20 | 000,000,000 | ---D | C] -- \32788R22FWJFW
[2010/09/10 07:09:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/09/10 07:09:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/09/10 07:09:04 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/09/10 01:24:41 | 000,220,672 | ---- | C] (Don HO [You must be registered and logged in to see this link.]) -- C:\Windows\Nmumua.exe
[2010/09/10 01:24:15 | 000,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Local\npuwdvwcf
[2010/09/10 01:24:11 | 000,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Local\ucjwdujbp
[2010/09/10 01:23:31 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/09/09 04:34:07 | 000,000,000 | ---D | C] -- C:\Users\Dustin\Desktop\New Folder (3)
[2010/09/07 02:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\ConvertHelper
[2010/09/07 02:23:04 | 000,000,000 | ---D | C] -- C:\v2d
[2010/09/07 02:23:04 | 000,000,000 | ---D | C] -- \v2d
[2010/09/07 02:22:47 | 000,000,000 | ---D | C] -- C:\Program Files\Total Video2Dvd
[2010/09/07 02:15:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2010/09/07 02:15:40 | 000,000,000 | ---D | C] -- C:\Program Files\Riva
[2010/09/07 01:38:25 | 000,000,000 | ---D | C] -- C:\Users\Dustin\Desktop\medialink
[2010/09/06 01:12:25 | 000,000,000 | ---D | C] -- C:\tmpmax
[2010/09/06 01:12:25 | 000,000,000 | ---D | C] -- \tmpmax
[2010/09/06 00:17:17 | 008,198,680 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\TVWSetup.exe
[2010/09/06 00:17:17 | 000,179,224 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
[2010/09/06 00:17:16 | 009,018,368 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\igdkmd32.sys
[2010/09/06 00:17:16 | 004,410,880 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igd10umd32.dll
[2010/09/06 00:17:16 | 000,828,928 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxress.dll
[2010/09/06 00:17:16 | 000,130,048 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxdo.dll
[2010/09/06 00:17:16 | 000,127,488 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\drivers\IntcHdmi.sys
[2010/09/06 00:17:16 | 000,115,200 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxcpl.cpl
[2010/09/06 00:17:16 | 000,086,528 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrfra.lrc
[2010/09/06 00:17:16 | 000,086,528 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxresn.lrc
[2010/09/06 00:17:16 | 000,086,528 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrell.lrc
[2010/09/06 00:17:16 | 000,086,016 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrsky.lrc
[2010/09/06 00:17:16 | 000,086,016 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrrus.lrc
[2010/09/06 00:17:16 | 000,086,016 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrptg.lrc
[2010/09/06 00:17:16 | 000,086,016 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrplk.lrc
[2010/09/06 00:17:16 | 000,086,016 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrnld.lrc

ryanjp89
Novice
Novice

Posts Posts : 17
Joined Joined : 2010-09-11
Gender Gender : Male
OS OS : Window Vista Home
Points Points : 22985
# Likes # Likes : 0

View user profile

Back to top Go down

Re: hbhko.sys

Post by ryanjp89 on 12th September 2010, 12:51 am

hmm, for some reason I cannot post the bottom half it keeps saying page cannot be displayed. here's extras.txt

OTL Extras logfile created on: 9/11/2010 6:09:10 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\Dustin\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.71 Gb Total Space | 60.92 Gb Free Space | 43.61% Space Free | Partition Type: NTFS
Drive D: | 9.34 Gb Total Space | 1.65 Gb Free Space | 17.70% Space Free | Partition Type: NTFS
Drive E: | 7.91 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMP22
Current User Name: Dustin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3536764954-991771155-4205317405-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13F6AA5D-8090-432B-ABB2-22426FB3E394}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5326541E-3BA5-492E-B371-09E5ED1089EE}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5CF342B9-D16F-431C-8934-F318B6FC779C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5E9EB059-6E27-4B93-9326-AAF3AEA7830D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{61618E64-CD52-4112-A547-C28BEE28B083}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6F419EFF-53F0-4990-BE8C-AB47B5A2F4ED}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9222A554-820C-418C-818F-135D3410AED5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CB1992E1-6252-466A-BCDF-4B565FBC4449}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{28B5393A-C873-4855-BA81-E60DB0412624}" = protocol=6 | dir=in | app=c:\users\dustin\desktop\utorrent.exe |
"{834D1E64-015A-4C84-A8EF-6D11FE368608}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B89D12AF-CFC1-475F-ACFA-8B64EB3F7015}" = protocol=17 | dir=in | app=c:\users\dustin\desktop\utorrent.exe |
"TCP Query User{3DA249E6-F96A-49FD-AE9E-ACF830696E67}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{A9D8F46C-A01B-4085-BDC3-447814B180C6}C:\westwood\renegade\game2.exe" = protocol=6 | dir=in | app=c:\westwood\renegade\game2.exe |
"TCP Query User{BB30AC7E-66F2-48EF-8DA6-B58B3CBDB3EE}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"UDP Query User{4727DEB7-79AB-41D5-8011-FBBF41C2BC2B}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{BBDB43D5-9086-44C9-A15C-DCD689CB86A5}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"UDP Query User{DE08977C-2009-4D50-B1E8-6C19DFC6E093}C:\westwood\renegade\game2.exe" = protocol=17 | dir=in | app=c:\westwood\renegade\game2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"$NtUninstallMTF196$" = Street-Ads Browser Enhancer
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{029B5901-1F27-4347-9923-E8ACC8F54E15}" = Snapfish Picture Mover
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 F1
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F9170C9-A7C2-408F-A4D8-EC77250040BF}" = Sound Forge Pro 10.0
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA7A919-87DA-42B1-814B-86DE8DCA17C2}" = gmax
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4D7DF9B2-BCA3-4AF7-9C5F-4ADEB7495F7E}" = HP User Guides 0121
"{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}" = Camtasia Studio 7
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6164D2E7-986B-42F5-B3A6-64D5E53FB889}" = Delta Force Black Hawk Down Team Sabre
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7021CBFE-9C50-4BE0-A299-8F173E751302}" = Autodesk 3ds Max Design 2010 Tutorials Files
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C67CBD7-631C-0409-B00B-98B5DEB67C27}" = Autodesk 3ds Max Design 2010 32-bit
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1" = Convert AVI to MP4 1.3
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A892C5E6-B04D-4CAB-95DA-A52038B97B01}" = Terragen 2 Deep Edition
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BF1EC9C0-9C10-11DF-BBC7-005056C00008}" = Google Earth
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCCC1B61-1E92-4388-9AFC-5C883071833D}" = Terragen 2 Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam(TM)
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE2625CB-15AF-40C3-0409-4677FC992910}" = Autodesk 3ds Max Design 2010 32-bit Components
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Active@ KillDisk FREE Suite" = Active@ KillDisk FREE Suite
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AIM_7" = AIM 7
"America Online us" = America Online (Choose which version to remove)
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AolCoach" = AOL Coach Version 1.0(Build:20030807.3)
"Autodesk FBX Plugin 2009.4 - 3ds Max Design 2010" = Autodesk FBX Plugin 2009.4 - 3ds Max Design 2010
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Core Center" = Core Center
"DC++" = DC++ 0.761
"Delta Force - Black Hawk Down" = Delta Force - Black Hawk Down
"DesertCombat" = DesertCombat 0.7
"Digital Media Converter_is1" = Digital Media Converter 2.78
"DivX Setup.divx.com" = DivX Setup
"Filter Forge Freepack 1 - Metals_is1" = Filter Forge Freepack 1 - Metals 1.012
"Filter Forge Freepack 2 - Photo Effects_is1" = Filter Forge Freepack 2 - Photo Effects 1.012
"Filter Forge_is1" = Filter Forge 1.020
"Fraps" = Fraps
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Freez FLV to MP3 Converter v1.5_is1" = Freez FLV to MP3 Converter
"Game Booster_is1" = Game Booster
"Game Extractor" = Game Extractor 2.0
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HWiNFO32_is1" = HWiNFO32 Version 3.35
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.4 (Full)
"m.p3 Professional Edition" = m.p3 Professional Edition
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"MDT" = Battlefield Mod Development Toolkit
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"mIRC" = mIRC
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"Mp3Doctor PRO_is1" = Mp3Doctor PRO
"Open Codecs" = Xiph.Org Open Codecs 0.84.17359
"Prism" = Prism Video Converter
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"RADVideo" = RAD Video Tools
"RealPlayer 6.0" = RealPlayer Basic
"Renegade" = Command & Conquer Renegade
"Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0
"SensorsView Pro 3.2" = SensorsView Pro 3.2
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Soulseek2" = SoulSeek 157 NS 13e
"SpeedFan" = SpeedFan (remove only)
"Spyware Doctor" = Spyware Doctor 7.0
"ST6UNST #1" = FwO Raven's PffUtility V0.7
"Steam App 211" = Source SDK
"Steam App 240" = Counter-Strike: Source
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Sure Delete_is1" = Sure Delete 5.1.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Texporter_max12_x86" = Texporter v3.5.26.12_x86_Beta
"the Renegade mod tools" = the Renegade mod tools
"TibEd2" = TibEd 2
"Total Video2Dvd 3.12_is1" = Total Video2Dvd 3.12
"TVWiz" = Intel(R) TV Wizard
"Unlocker" = Unlocker 1.9.0
"ViewpointMediaPlayer" = Viewpoint Media Player
"VTFEdit_is1" = VTFEdit 1.2.5
"WildTangent hp Master Uninstall" = My HP Games
"Winamp" = Winamp
"Window Washer" = Window Washer
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WOLAPI" = Westwood Shared Internet Components
"XCC Utilities" = XCC Utilities 1.46
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"df96c2bd07e04a82" = Bust -A- Room 2009
"Facebook Plug-In" = Facebook Plug-In
"NoNameScript" = NNScript
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/10/2010 7:26:05 AM | Computer Name = comp22 | Source = WinMgmt | ID = 10
Description =

Error - 9/10/2010 7:26:47 AM | Computer Name = comp22 | Source = EventSystem | ID = 4609
Description =

Error - 9/10/2010 7:33:34 AM | Computer Name = comp22 | Source = WinMgmt | ID = 10
Description =

Error - 9/10/2010 3:12:39 PM | Computer Name = comp22 | Source = WinMgmt | ID = 10
Description =

Error - 9/10/2010 3:13:22 PM | Computer Name = comp22 | Source = Google Update | ID = 20
Description =

Error - 9/10/2010 3:18:06 PM | Computer Name = comp22 | Source = SPP | ID = 16387
Description =

Error - 9/10/2010 3:18:06 PM | Computer Name = comp22 | Source = System Restore | ID = 8193
Description =

Error - 9/10/2010 4:17:45 PM | Computer Name = comp22 | Source = WinMgmt | ID = 10
Description =

Error - 9/10/2010 5:27:47 PM | Computer Name = comp22 | Source = WinMgmt | ID = 10
Description =

Error - 9/10/2010 8:54:02 PM | Computer Name = comp22 | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 9/11/2010 12:51:52 PM | Computer Name = comp22 | Source = Service Control Manager | ID = 7001
Description =

Error - 9/11/2010 12:51:52 PM | Computer Name = comp22 | Source = Service Control Manager | ID = 7026
Description =

Error - 9/11/2010 12:55:02 PM | Computer Name = comp22 | Source = Service Control Manager | ID = 7000
Description =

Error - 9/11/2010 12:55:02 PM | Computer Name = comp22 | Source = Service Control Manager | ID = 7023
Description =

Error - 9/11/2010 12:55:02 PM | Computer Name = comp22 | Source = Service Control Manager | ID = 7023
Description =

Error - 9/11/2010 12:55:02 PM | Computer Name = comp22 | Source = Service Control Manager | ID = 7026
Description =

Error - 9/11/2010 1:21:24 PM | Computer Name = comp22 | Source = Service Control Manager | ID = 7000
Description =

Error - 9/11/2010 1:21:24 PM | Computer Name = comp22 | Source = Service Control Manager | ID = 7023
Description =

Error - 9/11/2010 1:21:24 PM | Computer Name = comp22 | Source = Service Control Manager | ID = 7023
Description =

Error - 9/11/2010 1:21:24 PM | Computer Name = comp22 | Source = Service Control Manager | ID = 7026
Description =


< End of report >

ryanjp89
Novice
Novice

Posts Posts : 17
Joined Joined : 2010-09-11
Gender Gender : Male
OS OS : Window Vista Home
Points Points : 22985
# Likes # Likes : 0

View user profile

Back to top Go down

Re: hbhko.sys

Post by ryanjp89 on 12th September 2010, 12:57 am

Wow, idk why but it won't paste the rest of it. I would have to keep pasting it in chunks, but hopefully I pasted the parts you needed. sorry for the confusion and multiple posts. but here's part of OTL.txt

[2010/09/06 00:17:16 | 000,086,016 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrnld.lrc
[2010/09/06 00:17:16 | 000,086,016 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrita.lrc
[2010/09/06 00:17:16 | 000,086,016 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrdeu.lrc
[2010/09/06 00:17:16 | 000,085,504 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrtrk.lrc
[2010/09/06 00:17:16 | 000,085,504 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrsve.lrc
[2010/09/06 00:17:16 | 000,085,504 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrslv.lrc
[2010/09/06 00:17:16 | 000,085,504 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrptb.lrc
[2010/09/06 00:17:16 | 000,085,504 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrnor.lrc
[2010/09/06 00:17:16 | 000,085,504 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrhun.lrc
[2010/09/06 00:17:16 | 000,085,504 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrfin.lrc
[2010/09/06 00:17:16 | 000,085,504 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrcsy.lrc
[2010/09/06 00:17:16 | 000,084,992 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrtha.lrc
[2010/09/06 00:17:16 | 000,084,992 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrdan.lrc
[2010/09/06 00:17:16 | 000,084,480 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrheb.lrc
[2010/09/06 00:17:16 | 000,084,480 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrara.lrc
[2010/09/06 00:17:16 | 000,082,944 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrkor.lrc
[2010/09/06 00:17:16 | 000,082,944 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrjpn.lrc
[2010/09/06 00:17:16 | 000,081,920 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrcht.lrc
[2010/09/06 00:17:16 | 000,081,920 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrchs.lrc
[2010/09/06 00:17:16 | 000,081,920 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxCoIn_v2182.dll
[2010/09/06 00:17:16 | 000,023,552 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxexps.dll
[2010/09/04 23:23:46 | 000,000,000 | ---D | C] -- C:\Users\Dustin\Desktop\New Folder (2)
[2010/09/03 16:06:38 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/09/03 15:51:59 | 000,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Local\Sunbelt Software
[2010/09/03 15:51:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/09/03 15:50:47 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/09/01 21:52:15 | 000,000,000 | ---D | C] -- C:\Users\Dustin\Desktop\New Folder
[2010/09/01 21:23:40 | 000,000,000 | ---D | C] -- C:\Temp
[2010/09/01 21:23:40 | 000,000,000 | ---D | C] -- \Temp
[2010/08/29 23:22:01 | 000,000,000 | ---D | C] -- C:\Users\Dustin\Desktop\The.Expendables.2010.DVDSCR.XviD-PrisM
[2010/08/28 19:59:56 | 000,000,000 | ---D | C] -- C:\Users\Dustin\Desktop\Ocoai - Breatherman (2008)
[2010/08/27 03:59:56 | 000,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Local\Threat Expert
[2010/08/27 03:45:48 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010/08/27 03:45:48 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010/08/27 03:45:48 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010/08/27 03:35:39 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010/08/27 03:35:39 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010/08/27 03:35:35 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/08/27 03:35:35 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/08/27 03:35:29 | 000,063,360 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/08/27 03:35:24 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/08/27 03:35:24 | 000,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Roaming\PC Tools
[2010/08/27 03:35:24 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/08/27 03:35:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/08/27 03:16:05 | 000,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Roaming\qjvkfdngs
[2010/08/27 03:16:05 | 000,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Local\qjvkfdngs
[2010/08/26 21:10:36 | 000,000,000 | ---D | C] -- C:\Users\Dustin\Desktop\materials
[2010/08/23 23:12:27 | 000,000,000 | ---D | C] -- C:\Users\Dustin\Desktop\Scripts
[2010/08/23 23:11:50 | 000,000,000 | ---D | C] -- C:\Users\Dustin\Scripts
[2010/08/23 22:45:27 | 000,000,000 | ---D | C] -- C:\Users\Dustin\Documents\3dsMaxDesign
[2010/08/23 22:45:26 | 000,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Roaming\Autodesk
[2010/08/23 22:42:34 | 000,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Local\Autodesk
[2010/08/23 20:42:58 | 000,000,000 | ---D | C] -- C:\Users\Dustin\Documents\3ds Max Design 2010 Tutorials
[2010/08/23 20:39:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2010/08/23 20:38:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2010/08/23 20:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2010/08/23 20:36:14 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2010/08/23 20:36:14 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2010/08/23 20:36:13 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2010/08/23 20:36:13 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2010/08/23 20:36:13 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2010/08/23 20:36:13 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2010/08/23 20:36:13 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2010/08/23 20:36:13 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2010/08/23 20:36:13 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2010/08/23 20:36:12 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2010/08/21 02:02:03 | 000,000,000 | ---D | C] -- C:\Program Files\VTFEdit
[2010/08/15 10:08:03 | 000,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Roaming\IObit
[2010/08/15 08:59:27 | 000,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Local\Apple Computer
[2010/08/15 08:58:20 | 000,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Roaming\Apple Computer
[2010/08/12 18:49:10 | 000,000,000 | ---D | C] -- C:\Program Files\Bluehell Productions
[2009/10/30 10:13:36 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2010/09/11 18:14:55 | 003,932,160 | -HS- | M] () -- C:\Users\Dustin\ntuser.dat
[2010/09/11 18:13:10 | 000,777,216 | ---- | M] () -- C:\Windows\System32\drivers\hbhko.sys
[2010/09/11 18:07:54 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Dustin\Desktop\OTL.com
[2010/09/11 17:54:18 | 000,014,625 | ---- | M] () -- C:\Users\Dustin\Desktop\icansee.gif.jpg
[2010/09/11 17:39:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/11 17:38:59 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/11 17:38:52 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/11 17:38:52 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/11 16:58:57 | 000,000,253 | ---- | M] () -- C:\Windows\win.ini
[2010/09/11 16:58:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/11 13:47:36 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Dustin\Desktop\HijackThis.exe
[2010/09/11 13:31:52 | 000,339,991 | ---- | M] () -- C:\Users\Dustin\Desktop\RSIT.exe
[2010/09/11 13:21:03 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/11 13:20:36 | 2075,340,800 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/11 13:19:37 | 000,524,288 | -HS- | M] () -- C:\Users\Dustin\ntuser.dat{cae75f59-59ce-11df-9b80-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010/09/11 13:19:37 | 000,065,536 | -HS- | M] () -- C:\Users\Dustin\ntuser.dat{cae75f59-59ce-11df-9b80-00038a000015}.TM.blf
[2010/09/11 13:19:34 | 004,249,424 | -H-- | M] () -- C:\Users\Dustin\AppData\Local\IconCache.db
[2010/09/11 13:18:41 | 000,001,376 | ---- | M] () -- C:\Users\Dustin\Desktop\eBay.lnk
[2010/09/11 13:18:41 | 000,001,376 | ---- | M] () -- C:\Users\Dustin\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.lnk
[2010/09/11 13:17:39 | 001,015,869 | ---- | M] () -- C:\Users\Dustin\Desktop\unlocker1.9.0.exe
[2010/09/10 15:29:31 | 000,036,864 | ---- | M] () -- C:\Users\Dustin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/10 15:27:50 | 000,716,862 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/10 15:27:50 | 000,613,270 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/10 15:27:50 | 000,108,196 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/10 15:13:46 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/09/10 15:12:57 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/09/10 01:25:28 | 000,000,000 | ---- | M] () -- C:\Users\Dustin\AppData\Local\Vfusumer.bin
[2010/09/10 01:24:42 | 000,000,943 | ---- | M] () -- C:\Users\Dustin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/10 01:24:34 | 000,220,672 | ---- | M] (Don HO [You must be registered and logged in to see this link.]) -- C:\Windows\Nmumua.exe
[2010/09/10 01:24:05 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
[2010/09/09 11:13:34 | 000,000,046 | ---- | M] () -- C:\Users\Dustin\jagex_runescape_preferences.dat
[2010/09/09 11:06:37 | 000,000,099 | ---- | M] () -- C:\Users\Dustin\jagex_runescape_preferences2.dat
[2010/09/08 01:30:00 | 000,236,398 | ---- | M] () -- C:\Users\Dustin\Desktop\equable_by_xxtjxx-d2xj5f9.jpg
[2010/09/07 05:53:27 | 002,674,046 | ---- | M] () -- C:\Users\Dustin\Desktop\alright.gif
[2010/09/07 03:48:56 | 000,076,616 | ---- | M] () -- C:\Users\Dustin\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/07 02:42:55 | 000,000,028 | ---- | M] () -- C:\Windows\v2d.INI
[2010/09/05 04:30:44 | 006,982,711 | ---- | M] () -- C:\Users\Dustin\Desktop\land.psd
[2010/09/04 22:18:30 | 000,000,431 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010/09/03 15:51:06 | 000,001,031 | ---- | M] () -- C:\Users\Dustin\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/09/03 15:51:05 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/09/02 19:49:13 | 072,309,916 | ---- | M] () -- C:\Users\Dustin\Desktop\comp.reg
[2010/09/01 00:21:46 | 000,042,556 | ---- | M] () -- C:\Users\Dustin\Desktop\sig.jpg
[2010/08/31 15:37:12 | 004,082,797 | ---- | M] () -- C:\Users\Dustin\Desktop\sig.psd
[2010/08/30 06:19:15 | 000,163,545 | ---- | M] () -- C:\Users\Dustin\Desktop\wallpaper.jpg
[2010/08/30 05:19:08 | 005,104,546 | ---- | M] () -- C:\Users\Dustin\Desktop\Trees_by_Horhew1.abr
[2010/08/30 03:07:43 | 000,015,983 | ---- | M] () -- C:\Users\Dustin\Desktop\New Text Document.html
[2010/08/29 03:16:05 | 001,706,253 | ---- | M] () -- C:\Users\Dustin\Desktop\FullskiesSunset0026_1_M.jpg
[2010/08/25 10:30:07 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDustin.job
[2010/08/24 00:16:57 | 000,524,311 | ---- | M] () -- C:\Users\Dustin\Desktop\Texporter_v3.5.26.12_x86_Beta.exe
[2010/08/23 20:39:57 | 000,001,930 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk 3ds Max Design 2010 32-bit.lnk
[2010/08/23 20:37:43 | 000,017,376 | ---- | M] () -- C:\Windows\System32\drivers\etc\services
[2010/08/15 10:08:03 | 000,000,885 | ---- | M] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
[2010/08/14 11:22:24 | 000,001,955 | ---- | M] () -- C:\Users\Dustin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/14 11:21:45 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk

========== Files Created - No Company Name ==========

[2010/09/11 17:54:18 | 000,014,625 | ---- | C] () -- C:\Users\Dustin\Desktop\icansee.gif.jpg
[2010/09/11 13:31:57 | 000,339,991 | ---- | C] () -- C:\Users\Dustin\Desktop\RSIT.exe
[2010/09/11 13:18:41 | 000,001,376 | ---- | C] () -- C:\Users\Dustin\Desktop\eBay.lnk
[2010/09/11 13:18:41 | 000,001,376 | ---- | C] () -- C:\Users\Dustin\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.lnk
[2010/09/11 13:17:40 | 001,015,869 | ---- | C] () -- C:\Users\Dustin\Desktop\unlocker1.9.0.exe
[2010/09/11 12:54:28 | 2075,340,800 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/11 12:54:28 | 2075,340,800 | -HS- | C] () --
[2010/09/10 07:09:04 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/09/10 07:09:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/09/10 07:09:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/09/10 07:09:04 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/09/10 07:09:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/09/10 01:24:41 | 000,000,943 | ---- | C] () -- C:\Users\Dustin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/10 01:24:00 | 000,777,216 | ---- | C] () -- C:\Windows\System32\drivers\hbhko.sys
[2010/09/08 01:29:25 | 000,236,398 | ---- | C] () -- C:\Users\Dustin\Desktop\equable_by_xxtjxx-d2xj5f9.jpg
[2010/09/07 05:53:27 | 002,674,046 | ---- | C] () -- C:\Users\Dustin\Desktop\alright.gif
[2010/09/07 02:30:33 | 000,000,028 | ---- | C] () -- C:\Windows\v2d.INI
[2010/09/06 01:14:04 | 005,192,437 | ---- | C] () -- C:\Users\Dustin\Desktop\browninghipo.psd
[2010/09/06 00:17:16 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/09/06 00:17:16 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/09/06 00:17:16 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/09/06 00:17:16 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/09/06 00:17:16 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/09/06 00:17:16 | 000,051,424 | ---- | C] () -- C:\Windows\System32\iglhxs32.vp
[2010/09/06 00:17:15 | 000,189,408 | ---- | C] () -- C:\Windows\System32\Gfxres.th-TH.resources
[2010/09/06 00:17:15 | 000,178,288 | ---- | C] () -- C:\Windows\System32\Gfxres.el-GR.resources
[2010/09/06 00:17:15 | 000,165,251 | ---- | C] () -- C:\Windows\System32\Gfxres.ru-RU.resources
[2010/09/06 00:17:15 | 000,139,830 | ---- | C] () -- C:\Windows\System32\Gfxres.ar-SA.resources
[2010/09/06 00:17:15 | 000,136,327 | ---- | C] () -- C:\Windows\System32\Gfxres.ja-JP.resources
[2010/09/06 00:17:15 | 000,133,680 | ---- | C] () -- C:\Windows\System32\Gfxres.he-IL.resources
[2010/09/06 00:17:15 | 000,125,477 | ---- | C] () -- C:\Windows\System32\Gfxres.it-IT.resources
[2010/09/06 00:17:15 | 000,123,164 | ---- | C] () -- C:\Windows\System32\Gfxres.ko-KR.resources
[2010/09/06 00:17:15 | 000,122,858 | ---- | C] () -- C:\Windows\System32\Gfxres.es-ES.resources
[2010/09/06 00:17:15 | 000,122,638 | ---- | C] () -- C:\Windows\System32\Gfxres.de-DE.resources
[2010/09/06 00:17:15 | 000,121,121 | ---- | C] () -- C:\Windows\System32\Gfxres.tr-TR.resources
[2010/09/06 00:17:15 | 000,120,695 | ---- | C] () -- C:\Windows\System32\Gfxres.fr-FR.resources
[2010/09/06 00:17:15 | 000,120,287 | ---- | C] () -- C:\Windows\System32\Gfxres.pt-BR.resources
[2010/09/06 00:17:15 | 000,119,533 | ---- | C] () -- C:\Windows\System32\Gfxres.hu-HU.resources
[2010/09/06 00:17:15 | 000,119,513 | ---- | C] () -- C:\Windows\System32\Gfxres.nl-NL.resources
[2010/09/06 00:17:15 | 000,119,286 | ---- | C] () -- C:\Windows\System32\Gfxres.sv-SE.resources
[2010/09/06 00:17:15 | 000,118,997 | ---- | C] () -- C:\Windows\System32\Gfxres.pt-PT.resources
[2010/09/06 00:17:15 | 000,118,684 | ---- | C] () -- C:\Windows\System32\Gfxres.cs-CZ.resources
[2010/09/06 00:17:15 | 000,118,631 | ---- | C] () -- C:\Windows\System32\Gfxres.fi-FI.resources
[2010/09/06 00:17:15 | 000,118,317 | ---- | C] () -- C:\Windows\System32\Gfxres.pl-PL.resources
[2010/09/06 00:17:15 | 000,117,984 | ---- | C] () -- C:\Windows\System32\Gfxres.sk-SK.resources
[2010/09/06 00:17:15 | 000,114,779 | ---- | C] () -- C:\Windows\System32\Gfxres.nb-NO.resources
[2010/09/06 00:17:15 | 000,114,308 | ---- | C] () -- C:\Windows\System32\Gfxres.sl-SI.resources
[2010/09/06 00:17:15 | 000,114,179 | ---- | C] () -- C:\Windows\System32\Gfxres.da-DK.resources
[2010/09/06 00:17:15 | 000,103,997 | ---- | C] () -- C:\Windows\System32\Gfxres.zh-TW.resources
[2010/09/06 00:17:15 | 000,102,843 | ---- | C] () -- C:\Windows\System32\Gfxres.zh-CN.resources
[2010/09/05 04:30:41 | 006,982,711 | ---- | C] () -- C:\Users\Dustin\Desktop\land.psd
[2010/09/03 19:14:23 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/09/03 15:51:06 | 000,001,031 | ---- | C] () -- C:\Users\Dustin\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/09/03 15:51:05 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/09/02 19:49:07 | 072,309,916 | ---- | C] () -- C:\Users\Dustin\Desktop\comp.reg
[2010/09/01 21:23:24 | 000,001,176 | ---- | C] () -- \Autorun_dll.log
[2010/09/01 00:21:43 | 000,042,556 | ---- | C] () -- C:\Users\Dustin\Desktop\sig.jpg
[2010/08/30 06:33:24 | 004,082,797 | ---- | C] () -- C:\Users\Dustin\Desktop\sig.psd
[2010/08/30 06:19:11 | 000,163,545 | ---- | C] () -- C:\Users\Dustin\Desktop\wallpaper.jpg
[2010/08/30 05:24:11 | 038,539,134 | ---- | C] () -- C:\Users\Dustin\Desktop\BB_Watercolor_II_CS.abr
[2010/08/30 05:19:18 | 005,104,546 | ---- | C] () -- C:\Users\Dustin\Desktop\Trees_by_Horhew1.abr
[2010/08/30 05:19:08 | 005,104,546 | ---- | C] () -- C:\Users\Dustin\Desktop\Trees_by_Horhew.abr
[2010/08/30 03:06:49 | 000,015,983 | ---- | C] () -- C:\Users\Dustin\Desktop\New Text Document.html
[2010/08/29 03:16:11 | 001,706,253 | ---- | C] () -- C:\Users\Dustin\Desktop\FullskiesSunset0026_1_M.jpg
[2010/08/27 03:45:48 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010/08/27 03:45:48 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/08/27 03:45:48 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010/08/27 03:45:48 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010/08/27 03:45:48 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010/08/27 03:35:39 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010/08/27 03:35:35 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010/08/27 03:35:35 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010/08/27 03:35:29 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010/08/24 00:17:00 | 000,524,311 | ---- | C] () -- C:\Users\Dustin\Desktop\Texporter_v3.5.26.12_x86_Beta.exe
[2010/08/23 20:39:57 | 000,001,930 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk 3ds Max Design 2010 32-bit.lnk
[2010/08/14 11:22:24 | 000,001,955 | ---- | C] () -- C:\Users\Dustin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/14 11:21:45 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/08/04 02:08:48 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2010/08/04 02:08:48 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2010/07/22 23:39:48 | 000,000,269 | ---- | C] () -- \rkill.log
[2010/07/22 23:29:40 | 000,000,120 | ---- | C] () -- C:\Users\Dustin\AppData\Local\Rdebopepacupodov.dat
[2010/07/22 23:29:40 | 000,000,000 | ---- | C] () -- C:\Users\Dustin\AppData\Local\Vfusumer.bin
[2010/07/22 23:27:59 | 000,000,005 | ---- | C] () -- \zrpt.xml
[2010/06/20 18:20:47 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010/05/21 21:40:20 | 000,001,356 | ---- | C] () -- C:\Users\Dustin\AppData\Local\d3d9caps.dat
[2010/05/11 17:50:51 | 000,002,773 | ---- | C] () -- \VETlog.txt
[2010/05/11 17:50:50 | 000,080,847 | ---- | C] () -- \VETlog.dmp
[2010/05/05 16:31:01 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/04/15 06:40:38 | 000,000,094 | ---- | C] () -- C:\Users\Dustin\AppData\Local\fusioncache.dat
[2010/04/14 05:48:38 | 008,676,883 | ---- | C] () -- C:\Windows\System32\mp3Media2.dll
[2010/04/03 11:44:49 | 000,108,631 | ---- | C] () -- \aaw7boot.log
[2010/03/08 02:11:10 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2010/02/28 19:42:51 | 000,031,007 | ---- | C] () -- C:\Users\Dustin\AppData\Roaming\UserTile.png
[2010/02/17 03:21:54 | 000,000,035 | ---- | C] () -- C:\Windows\worldbuilder.INI
[2010/02/10 20:28:54 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/02/10 10:33:53 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2010/02/10 10:33:53 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2010/02/09 14:36:17 | 000,036,864 | ---- | C] () -- C:\Users\Dustin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/09 12:58:04 | 000,000,004 | ---- | C] () -- \loadcounter.dat
[2010/02/08 14:26:44 | 000,139,152 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/01/30 21:19:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/01/28 22:06:52 | 000,273,408 | ---- | C] () -- C:\Windows\NVGfxOgl.dll
[2010/01/27 02:26:04 | 000,000,000 | ---- | C] () -- C:\Users\Dustin\AppData\Local\QSwitch.txt
[2010/01/27 02:26:04 | 000,000,000 | ---- | C] () -- C:\Users\Dustin\AppData\Local\DSwitch.txt
[2010/01/27 02:26:04 | 000,000,000 | ---- | C] () -- C:\Users\Dustin\AppData\Local\AtStart.txt
[2010/01/26 23:39:10 | 2389,127,168 | -HS- | C] () --
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/07/07 12:29:46 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1518.dll
[2008/06/12 14:59:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/06/04 13:54:12 | 000,005,120 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/02/08 02:09:41 | 000,333,257 | RHS- | C] () -- \bootmgr
[2006/11/02 06:23:09 | 000,000,074 | ---- | C] () -- \autoexec.bat
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:36:48 | 000,074,808 | ---- | C] () -- C:\Windows\System32\drivers\sisraid4.sys
[2006/11/02 02:25:08 | 000,000,010 | ---- | C] () -- \config.sys
[2006/03/09 05:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== Custom Scans ==========


< >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/20 22:34:07 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\dxtmsft.dll
[2008/01/20 22:34:07 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\dxtrans.dll
[2010/05/04 15:10:47 | 000,193,024 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\iepeers.dll
[2009/04/11 02:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\rsaenh.dll
[2009/04/11 02:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\SLC.dll

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/09/11 18:20:32 | 000,777,216 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\hbhko.sys

< %systemroot%\System32\config\*.sav >

ryanjp89
Novice
Novice

Posts Posts : 17
Joined Joined : 2010-09-11
Gender Gender : Male
OS OS : Window Vista Home
Points Points : 22985
# Likes # Likes : 0

View user profile

Back to top Go down

Re: hbhko.sys

Post by ryanjp89 on 13th September 2010, 11:52 pm

Bump

ryanjp89
Novice
Novice

Posts Posts : 17
Joined Joined : 2010-09-11
Gender Gender : Male
OS OS : Window Vista Home
Points Points : 22985
# Likes # Likes : 0

View user profile

Back to top Go down

Re: hbhko.sys

Post by Sneakyone on 14th September 2010, 2:22 am

Hi.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    MsConfig - StartUpReg: hmvialtd - hkey= - key= - C:\Users\Dustin\AppData\Local\npuwdvwcf\wovhbnduqiw.exe File not found
    MsConfig - StartUpReg: lsdefrag - hkey= - key= - C:\Users\Dustin\AppData\Local\temp\cnrwmoaxes.exe File not found
    MsConfig - StartUpReg: LvipZkfgnoc - hkey= - key= - C:\Users\Dustin\AppData\Local\Temp\debug.exe File not found
    MsConfig - StartUpReg: LvipZkfgnzgmd.com/dw/dw.php?id=%s&ver=d01 - hkey= - key= - C:\Users\Dustin\AppData\Local\Temp\dolxyu.exe File not found
    MsConfig - StartUpReg: LvipZkfgotc - hkey= - key= - C:\Users\Dustin\AppData\Local\Temp\hexdump.exe File not found
    MsConfig - StartUpReg: LvipZkfgouqc - hkey= - key= - C:\Users\Dustin\AppData\Local\Temp\iexplarer.exe File not found
    MsConfig - StartUpReg: LvipZkfgpuc - hkey= - key= - C:\Users\Dustin\AppData\Local\Temp\lsass.exe File not found
    MsConfig - StartUpReg: LvipZkfgpyc - hkey= - key= - C:\Users\Dustin\AppData\Local\Temp\lgqwyop.exe File not found
    MsConfig - StartUpReg: LvipZkfgpZ - hkey= - key= - C:\Users\Dustin\AppData\Local\Temp\mdm.exe File not found
    MsConfig - StartUpReg: LvipZkfgrg - hkey= - key= - C:\Users\Dustin\AppData\Local\Temp\smss.exe File not found
    MsConfig - StartUpReg: LvipZkfgrrb - hkey= - key= - C:\Users\Dustin\AppData\Local\Temp\taskmgr.exe File not found
    MsConfig - StartUpReg: LvipZkfgsPc - hkey= - key= - C:\Users\Dustin\AppData\Local\Temp\win32.exe File not found
    MsConfig - StartUpReg: LvipZkfgssc - hkey= - key= - C:\Users\Dustin\AppData\Local\Temp\winlogon.exe File not found
    MsConfig - StartUpReg: MqpSc - hkey= - key= - C:\Windows\avp32.exe File not found
    MsConfig - StartUpReg: Mqrta - hkey= - key= - C:\Windows\install.exe File not found
    MsConfig - StartUpReg: Mqrtc - hkey= - key= - C:\Windows\hexdump.exe File not found
    MsConfig - StartUpReg: Mqsrc - hkey= - key= - C:\Windows\login.exe File not found
    MsConfig - StartUpReg: Mque - hkey= - key= - C:\Windows\user.exe File not found
    MsConfig - StartUpReg: Mquse - hkey= - key= - C:\Windows\svchost.exe File not found
    MsConfig - StartUpReg: Mquta - hkey= - key= - C:\Windows\services.exe File not found
    MsConfig - StartUpReg: Mquuf - hkey= - key= - C:\Windows\spoolsv.exe File not found
    MsConfig - StartUpReg: Mqvpe - hkey= - key= - C:\Windows\winamp.exe File not found
    MsConfig - StartUpReg: Mqvre - hkey= - key= - C:\Windows\wininst.exe File not found
    MsConfig - StartUpReg: Ogigogapogaxey - hkey= - key= - C:\Users\Dustin\AppData\Local\tmgsdSv2.DLL File not found
    MsConfig - StartUpReg: pemdgsol - hkey= - key= - C:\Users\Dustin\AppData\Roaming\qjvkfdngs\anjvqejshdw.exe File not found
    MsConfig - StartUpReg: uureybjm - hkey= - key= - C:\Users\Dustin\AppData\Local\ucjwdujbp\wogccevuqiw.exe File not found
    MsConfig - StartUpReg: xawsonmecr.exe - hkey= - key= - C:\Users\Dustin\AppData\Local\temp\xawsonmecr.exe File not found
    MsConfig - StartUpReg: Yrohigej - hkey= - key= - C:\Users\Dustin\AppData\Local\arorewapan.DLL File not found
    [2010/09/10 01:24:41 | 000,220,672 | ---- | C] (Don HO [You must be registered and logged in to see this link.]) -- C:\Windows\Nmumua.exe
    [2010/09/10 01:24:15 | 000,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Local\npuwdvwcf
    [2010/09/10 01:24:11 | 000,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Local\ucjwdujbp
    [2010/08/27 03:16:05 | 000,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Roaming\qjvkfdngs
    [2010/08/27 03:16:05 | 000,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Local\qjvkfdngs

    :Files
    C:\Windows\System32\drivers\hbhko.sys
    C:\Users\Dustin\AppData\Local\Vfusumer.bin

    :commands
    [emptytemp]
    [resethosts]
    [reboot]



  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

===============

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]


Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56094
# Likes # Likes : 0

View user profile

Back to top Go down

Re: hbhko.sys

Post by ryanjp89 on 14th September 2010, 5:37 am

Ok, here's the OTL log. I removed hbhko.sys by booting from the recovery manager that my computer came with. since it didn't boot from C: it didn't load any drivers and it let me delete it from command prompt.

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\hmvialtd\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\lsdefrag\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\LvipZkfgnoc\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\LvipZkfgnzgmd.com/dw/dw.php?id=%s&ver=d01\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\LvipZkfgotc\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\LvipZkfgouqc\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\LvipZkfgpuc\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\LvipZkfgpyc\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\LvipZkfgpZ\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\LvipZkfgrg\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\LvipZkfgrrb\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\LvipZkfgsPc\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\LvipZkfgssc\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\MqpSc\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Mqrta\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Mqrtc\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Mqsrc\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Mque\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Mquse\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Mquta\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Mquuf\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Mqvpe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Mqvre\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Ogigogapogaxey\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\pemdgsol\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\uureybjm\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\xawsonmecr.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Yrohigej\ not found.
File C:\Windows\Nmumua.exe not found.
C:\Users\Dustin\AppData\Local\npuwdvwcf folder moved successfully.
C:\Users\Dustin\AppData\Local\ucjwdujbp folder moved successfully.
C:\Users\Dustin\AppData\Roaming\qjvkfdngs folder moved successfully.
C:\Users\Dustin\AppData\Local\qjvkfdngs folder moved successfully.
========== FILES ==========
File\Folder C:\Windows\System32\drivers\hbhko.sys not found.
C:\Users\Dustin\AppData\Local\Vfusumer.bin moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 84238670 bytes
->Flash cache emptied: 763 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Dustin
->Temp folder emptied: 200983 bytes
->Temporary Internet Files folder emptied: 6456220 bytes
->Java cache emptied: 2124287 bytes
->FireFox cache emptied: 68501285 bytes
->Flash cache emptied: 1128803 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 161773 bytes

Total Files Cleaned = 155.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.12.0 log created on 09142010_010152

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

ryanjp89
Novice
Novice

Posts Posts : 17
Joined Joined : 2010-09-11
Gender Gender : Male
OS OS : Window Vista Home
Points Points : 22985
# Likes # Likes : 0

View user profile

Back to top Go down

Re: hbhko.sys

Post by ryanjp89 on 14th September 2010, 5:38 am

Here's combofix log.

ComboFix 10-09-13.02 - Dustin 09/14/2010 1:13.7.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1978.990 [GMT -4:00]
Running from: c:\users\Dustin\Desktop\commy.exe
Command switches used :: /stepdel
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\sisraid4.sys . . . is infected!! . . . Failed to find a valid replacement.
.
((((((((((((((((((((((((( Files Created from 2010-08-14 to 2010-09-14 )))))))))))))))))))))))))))))))
.

2010-09-14 05:29 . 2010-09-14 05:29 -------- d-----w- c:\users\Dustin\AppData\Local\temp
2010-09-14 05:29 . 2010-09-14 05:29 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-14 05:29 . 2010-09-14 05:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-14 05:29 . 2010-09-14 05:29 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-09-14 05:01 . 2010-09-14 05:01 -------- d-----w- C:\_OTL
2010-09-13 01:51 . 2010-09-13 01:51 -------- d-----w- c:\program files\TVersity Codec Pack
2010-09-13 01:51 . 2010-09-13 01:51 -------- d-----w- c:\users\Dustin\AppData\Local\TVersity
2010-09-11 20:48 . 2010-06-30 04:13 52224 ----a-w- c:\users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\6jk5jbhe.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
2010-09-11 20:48 . 2010-06-30 04:13 101376 ----a-w- c:\users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\6jk5jbhe.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
2010-09-11 17:32 . 2010-09-11 17:32 -------- d-----w- C:\rsit
2010-09-11 17:18 . 2010-09-11 17:18 -------- d-----w- c:\program files\Unlocker
2010-09-10 21:53 . 2010-09-10 21:53 -------- d-----w- c:\users\Administrator\AppData\Roaming\Hewlett-Packard
2010-09-07 06:47 . 2010-09-07 06:47 -------- d-----w- c:\program files\ConvertHelper
2010-09-07 06:23 . 2010-09-07 06:42 -------- d-----w- C:\v2d
2010-09-07 06:22 . 2010-09-07 06:43 -------- d-----w- c:\program files\Total Video2Dvd
2010-09-07 06:15 . 2010-09-07 06:15 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-09-07 06:15 . 2010-09-07 06:15 -------- d-----w- c:\program files\Riva
2010-09-06 05:12 . 2010-09-06 05:12 -------- d-----w- C:\tmpmax
2010-09-06 04:40 . 2010-09-06 04:40 -------- d-----w- c:\users\Administrator\AppData\Local\Adobe
2010-09-03 23:14 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-03 20:06 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-03 19:51 . 2010-09-03 19:51 -------- d-----w- c:\users\Dustin\AppData\Local\Sunbelt Software
2010-09-03 19:51 . 2010-09-03 19:51 -------- dc-h--w- c:\progra~2\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-03 19:50 . 2010-09-03 19:50 -------- d-----w- c:\program files\Lavasoft
2010-09-02 01:23 . 2010-09-02 01:24 -------- d-----w- C:\Temp
2010-08-27 07:59 . 2010-08-27 07:59 -------- d-----w- c:\users\Dustin\AppData\Local\Threat Expert
2010-08-27 07:45 . 2010-01-27 17:51 767952 ----a-w- c:\windows\BDTSupport.dll
2010-08-27 07:45 . 2010-01-22 12:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-08-27 07:45 . 2010-01-22 12:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-08-27 07:45 . 2010-01-22 12:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-08-27 07:45 . 2009-10-28 04:36 1152444 ----a-w- c:\windows\UDB.zip
2010-08-27 07:45 . 2008-11-26 15:08 131 ----a-w- c:\windows\IDB.zip
2010-08-27 07:35 . 2010-02-05 13:18 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-08-27 07:35 . 2010-02-05 13:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-08-27 07:35 . 2010-03-29 14:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-08-27 07:35 . 2009-11-23 17:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-08-27 07:35 . 2010-04-08 18:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-08-27 07:35 . 2010-08-27 07:58 -------- d-----w- c:\program files\Spyware Doctor
2010-08-27 07:35 . 2010-08-27 07:46 -------- d-----w- c:\program files\Common Files\PC Tools
2010-08-27 07:35 . 2010-08-27 07:35 -------- d-----w- c:\users\Dustin\AppData\Roaming\PC Tools
2010-08-27 07:35 . 2010-08-27 07:35 -------- d-----w- c:\progra~2\PC Tools
2010-08-24 03:11 . 2010-08-24 03:11 -------- d-----w- c:\users\Dustin\Scripts
2010-08-24 02:45 . 2010-08-24 02:54 -------- d-----w- c:\users\Dustin\AppData\Roaming\Autodesk
2010-08-24 02:42 . 2010-08-24 02:42 -------- d-----w- c:\users\Dustin\AppData\Local\Autodesk
2010-08-24 00:39 . 2010-08-24 00:39 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-08-24 00:38 . 2010-08-24 02:45 -------- d-----w- c:\progra~2\Autodesk
2010-08-24 00:37 . 2010-08-24 00:40 -------- d-----w- c:\program files\Autodesk
2010-08-24 00:36 . 2008-07-31 14:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-08-24 00:36 . 2008-07-31 14:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-08-24 00:36 . 2008-07-31 14:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2010-08-24 00:36 . 2008-07-12 12:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-08-24 00:36 . 2008-07-12 12:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-08-24 00:36 . 2008-07-12 12:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-08-24 00:36 . 2007-05-16 20:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2010-08-24 00:36 . 2007-05-16 20:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2010-08-24 00:36 . 2007-05-16 20:45 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2010-08-24 00:36 . 2006-11-29 17:06 440080 ----a-w- c:\windows\system32\d3dx10.dll
2010-08-21 06:02 . 2010-08-21 06:04 -------- d-----w- c:\program files\VTFEdit
2010-08-15 14:08 . 2010-08-15 14:08 -------- d-----w- c:\users\Dustin\AppData\Roaming\IObit
2010-08-15 12:59 . 2010-08-15 12:59 -------- d-----w- c:\users\Dustin\AppData\Local\Apple Computer
2010-08-15 12:58 . 2010-08-15 12:58 -------- d-----w- c:\users\Dustin\AppData\Roaming\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-14 05:04 . 2010-02-25 12:51 -------- d-----w- c:\program files\mIRC
2010-09-14 04:26 . 2010-03-13 01:14 -------- d-----w- c:\users\Dustin\AppData\Roaming\NoNameScript
2010-09-13 14:29 . 2010-01-29 05:00 46 ----a-w- c:\users\Dustin\jagex_runescape_preferences.dat
2010-09-13 14:29 . 2010-01-31 07:27 99 ----a-w- c:\users\Dustin\jagex_runescape_preferences2.dat
2010-09-12 06:55 . 2010-02-06 03:24 -------- d-----w- c:\users\Dustin\AppData\Roaming\uTorrent
2010-09-11 17:32 . 2010-04-03 15:13 -------- d-----w- c:\program files\Trend Micro
2010-09-10 21:55 . 2010-04-03 15:49 76616 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-10 10:48 . 2010-08-10 21:22 -------- d-----w- c:\users\Dustin\AppData\Roaming\6FBAE11E452B9B55816B8AF319BABC79
2010-09-07 07:48 . 2010-01-27 06:24 76616 ----a-w- c:\users\Dustin\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-03 19:50 . 2010-02-24 07:18 -------- d-----w- c:\progra~2\Lavasoft
2010-09-02 01:40 . 2010-07-26 20:16 -------- d-----w- c:\progra~2\Kaspersky Lab
2010-08-27 21:22 . 2010-03-06 02:54 -------- d-----w- c:\progra~2\FLEXnet
2010-08-27 01:46 . 2010-02-03 08:49 -------- d-----w- c:\program files\Steam
2010-08-24 00:13 . 2008-07-26 05:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-24 00:13 . 2010-08-04 06:01 -------- d-----w- c:\program files\Red Storm Entertainment
2010-08-21 19:05 . 2010-04-09 09:25 -------- d-----w- c:\program files\Ask.com
2010-08-14 15:22 . 2010-05-19 09:27 -------- d-----w- c:\program files\Google
2010-08-14 05:58 . 2010-08-12 22:49 -------- d-----w- c:\program files\Bluehell Productions
2010-08-11 11:54 . 2010-08-11 11:08 -------- d-----w- c:\program files\Atheros
2010-08-11 11:08 . 2010-08-11 11:08 -------- d-----w- c:\program files\Cisco
2010-08-11 11:07 . 2010-08-11 11:07 -------- d-----w- c:\users\Dustin\AppData\Roaming\InstallShield
2010-08-11 10:42 . 2010-01-27 03:45 -------- d-----w- c:\progra~2\Atheros
2010-08-11 10:30 . 2008-07-26 05:49 -------- d-----w- c:\program files\Microsoft Works
2010-08-11 08:55 . 2008-07-26 06:12 -------- d-----w- c:\progra~2\Microsoft Help
2010-08-11 08:55 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-11 07:45 . 2010-03-05 06:20 -------- d-----w- c:\users\Dustin\AppData\Roaming\Winamp
2010-08-11 07:45 . 2010-02-28 20:53 -------- d-----w- c:\program files\RenegadePublicTools
2010-08-10 21:49 . 2010-07-23 03:28 -------- d-----w- c:\progra~2\Update
2010-08-05 07:53 . 2010-08-05 07:53 -------- d-----w- c:\program files\Xiph.Org
2010-08-05 07:42 . 2010-08-05 07:42 -------- d-----w- c:\program files\Game Extractor
2010-08-04 21:30 . 2010-08-04 21:30 -------- d-----w- c:\program files\Ubisoft
2010-08-04 06:12 . 2010-08-04 06:11 -------- d-----w- c:\program files\MagicDisc
2010-08-04 06:08 . 2010-08-04 06:08 -------- d-----w- c:\program files\Ubi Soft
2010-08-02 06:27 . 2010-05-22 01:40 1356 ----a-w- c:\users\Dustin\AppData\Local\d3d9caps.dat
2010-07-30 02:07 . 2010-02-08 18:26 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-07-28 02:52 . 2006-11-02 07:36 40504 ----a-w- c:\windows\system32\drivers\hpcisss.sys
2010-07-27 21:00 . 2010-04-28 00:16 -------- d-----w- c:\progra~2\RegCure
2010-07-24 02:23 . 2010-09-06 04:17 8198680 ----a-w- c:\windows\system32\TVWSetup.exe
2010-07-24 02:23 . 2010-09-06 04:17 136216 ----a-w- c:\windows\system32\igfxtray.exe
2010-07-24 02:23 . 2009-10-30 15:32 266776 ----a-w- c:\windows\system32\igfxsrvc.exe
2010-07-24 02:22 . 2009-10-30 15:32 170520 ----a-w- c:\windows\system32\igfxpers.exe
2010-07-24 02:22 . 2010-09-06 04:17 179224 ----a-w- c:\windows\system32\igfxext.exe
2010-07-24 02:22 . 2010-09-06 04:17 171032 ----a-w- c:\windows\system32\hkcmd.exe
2010-07-24 02:22 . 2009-10-30 15:32 3156504 ----a-w- c:\windows\system32\GfxUI.exe
2010-07-23 03:41 . 2010-05-01 04:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-23 03:37 . 2010-07-23 03:37 0 ----a-w- c:\users\Dustin\rkill.com
2010-07-23 03:29 . 2010-07-23 03:29 120 ----a-w- c:\users\Dustin\AppData\Local\Rdebopepacupodov.dat
2010-07-20 09:43 . 2010-09-06 04:17 81920 ----a-w- c:\windows\system32\igfxCoIn_v2182.dll
2010-07-20 09:36 . 2010-09-06 04:17 9018368 ----a-w- c:\windows\system32\drivers\igdkmd32.sys
2010-07-20 09:36 . 2008-06-12 18:43 4966400 ----a-w- c:\windows\system32\igdumd32.dll
2010-07-20 09:35 . 2010-09-06 04:17 982240 ----a-w- c:\windows\system32\igkrng500.bin
2010-07-20 09:35 . 2010-09-06 04:17 92356 ----a-w- c:\windows\system32\igfcg500m.bin
2010-07-20 09:35 . 2010-09-06 04:17 439308 ----a-w- c:\windows\system32\igcompkrng500.bin
2010-07-20 09:34 . 2008-06-12 18:37 571904 ----a-w- c:\windows\system32\igdumdx32.dll
2010-07-20 09:31 . 2010-09-06 04:17 4410880 ----a-w- c:\windows\system32\igd10umd32.dll
2010-07-20 09:19 . 2009-10-30 14:37 11041280 ----a-w- c:\windows\system32\ig4icd32.dll
2010-07-20 09:09 . 2008-07-07 15:38 194560 ----a-w- c:\windows\system32\igfxpph.dll
2010-07-20 09:09 . 2008-06-12 18:07 261632 ----a-w- c:\windows\system32\igfxTMM.dll
2010-07-20 09:09 . 2010-09-06 04:17 23552 ----a-w- c:\windows\system32\igfxexps.dll
2010-07-20 09:09 . 2008-06-12 18:06 57344 ----a-w- c:\windows\system32\igfxsrvc.dll
2010-07-20 09:09 . 2010-09-06 04:17 130048 ----a-w- c:\windows\system32\igfxdo.dll
2010-07-20 09:09 . 2008-06-12 18:06 94720 ----a-w- c:\windows\system32\hccutils.dll
2010-07-20 09:09 . 2009-10-30 14:13 120320 ----a-w- c:\windows\system32\gfxSrvc.dll
2010-07-20 09:09 . 2009-10-30 14:13 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2010-07-20 09:09 . 2008-06-12 18:06 228352 ----a-w- c:\windows\system32\igfxdev.dll
2010-07-20 09:08 . 2010-09-06 04:17 828928 ----a-w- c:\windows\system32\igfxress.dll
2010-07-20 09:03 . 2010-09-06 04:17 208896 ----a-w- c:\windows\system32\iglhsip32.dll
2010-07-20 09:03 . 2010-09-06 04:17 143360 ----a-w- c:\windows\system32\iglhcp32.dll
2010-07-01 05:30 . 2010-07-01 05:28 13094 ----a-r- c:\users\Dustin\AppData\Roaming\Microsoft\Installer\{CCCC1B61-1E92-4388-9AFC-5C883071833D}\_f3e99.exe
2010-07-01 05:30 . 2010-07-01 05:28 13094 ----a-r- c:\users\Dustin\AppData\Roaming\Microsoft\Installer\{CCCC1B61-1E92-4388-9AFC-5C883071833D}\_12db153c.exe
2010-07-01 05:30 . 2010-07-01 05:28 1078 ----a-r- c:\users\Dustin\AppData\Roaming\Microsoft\Installer\{CCCC1B61-1E92-4388-9AFC-5C883071833D}\_7e87390c.exe
2010-07-01 05:29 . 2010-07-01 05:29 13094 ----a-r- c:\users\Dustin\AppData\Roaming\Microsoft\Installer\{A892C5E6-B04D-4CAB-95DA-A52038B97B01}\_2cd672ae.exe
2010-07-01 05:29 . 2010-07-01 05:29 13094 ----a-r- c:\users\Dustin\AppData\Roaming\Microsoft\Installer\{A892C5E6-B04D-4CAB-95DA-A52038B97B01}\_16496df1.exe
2010-07-01 05:29 . 2010-07-01 05:29 1078 ----a-r- c:\users\Dustin\AppData\Roaming\Microsoft\Installer\{A892C5E6-B04D-4CAB-95DA-A52038B97B01}\_69525f90.exe
2010-06-21 13:37 . 2010-08-10 20:10 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-10 20:10 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-10 20:10 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-10 20:10 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-16 16:04 . 2010-08-10 20:10 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2008-06-30 21:44 . 2010-01-28 03:34 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2008-07-26 03:45 . 2008-07-26 03:45 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"="" [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AOL Companion.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AOL Companion.lnk
backup=c:\windows\pss\AOL Companion.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CoreCenter.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\CoreCenter.lnk
backup=c:\windows\pss\CoreCenter.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Dustin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^America Online 5.0 Tray Icon.lnk]
path=c:\users\Dustin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\America Online 5.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 5.0 Tray Icon.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Dustin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\Dustin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AceGain LiveUpdate]
c:\program files\AceGain\LiveUpdate\LiveUpdate.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2010-02-18 11:04 29520 ----a-w- c:\program files\AOL 9.5\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
c:\program files\Common Files\Symantec Shared\ccApp.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2010-02-10 13:19 41800 ----a-w- c:\program files\Common Files\AOL\1268803062\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-07-24 02:22 171032 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 23:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2008-04-15 21:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-07-24 02:23 136216 ----a-w- c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
2010-05-11 15:51 1287120 ----a-w- c:\program files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 19:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 20:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-07-24 02:22 170520 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2010-02-13 03:36 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 23:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-04-17 18:05 1049896 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
2007-11-26 19:47 1206600 ----a-w- c:\program files\Webroot\Washer\wwDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinsysMon]
c:\users\Dustin\AppData\Local\Temp\nsw4DCF.tmp\googletoolbar.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:35 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3536764954-991771155-4205317405-1000]
"EnableNotificationsRef"=dword:00000001

R0 hbhko;hbhko; [x]
R0 pyadcjab;pyadcjab; [x]
R0 vceopj;vceopj; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max Design 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-03-12 86016]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 wrssweep;Webroots Volume Access Driver;c:\program files\Webroot\Washer\wrssweep.sys [2007-11-26 21832]
R4 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
R4 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 136176]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-09-07 1355928]
R4 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-26 361808]
R4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R4 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2007-11-26 598856]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-29 218592]
S2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [2009-07-16 19064]
S2 sensorsview32;sensorsview32;c:\windows\system32\drivers\sensorsview32.sys [2008-07-26 14416]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-03-16 127488]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 09:27]

2010-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 09:27]

2010-08-25 c:\windows\Tasks\HPCeeScheduleForDustin.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-07-26 03:03]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\6jk5jbhe.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\6jk5jbhe.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\Dustin\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Dustin\AppData\Roaming\Macromedia\Flash Player\[You must be registered and logged in to see this link.]



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-09-14 01:29
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys >>UNKNOWN [0x857D5EC5]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x82c26d24
\Driver\ACPI -> acpi.sys @ 0x80692d68
\Driver\atapi -> ataport.SYS @ 0x82cf7a2c
IoDeviceObjectType -> SecurityProcedure -> 0x90022860
QueryNameProcedure -> 0x10000002
\Device\Harddisk0\DR0 -> SecurityProcedure -> 0x90022860
QueryNameProcedure -> 0x10000002
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-09-14 01:34:57
ComboFix-quarantined-files.txt 2010-09-14 05:34
ComboFix2.txt 2010-09-12 21:25
ComboFix3.txt 2010-08-11 09:29
ComboFix4.txt 2010-08-11 08:45
ComboFix5.txt 2010-09-14 05:07

Pre-Run: 64,050,876,416 bytes free
Post-Run: 64,007,925,760 bytes free

- - End Of File - - 7E13A927E76859A22C5861D82CB4CBB1

ryanjp89
Novice
Novice

Posts Posts : 17
Joined Joined : 2010-09-11
Gender Gender : Male
OS OS : Window Vista Home
Points Points : 22985
# Likes # Likes : 0

View user profile

Back to top Go down

Re: hbhko.sys

Post by Sneakyone on 16th September 2010, 4:14 am

Hi.

ComboFix is bugged right now, so we will use a alternative. Smile

1. Please download [You must be registered and logged in to see this link.] by Swandog46 to your Desktop.

  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying

Code:
Drivers to delete:
hbhko
pyadcjab
vceopj


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.


================

Please download TDSSKiller from [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56094
# Likes # Likes : 0

View user profile

Back to top Go down

Re: hbhko.sys

Post by ryanjp89 on 16th September 2010, 6:36 am

Here are both logs from avenger, and TDSSkiller. I got a blue screen while booting windows, when I ran avenger, then rebooted, but I didn't get it after it rebooted from the blue screen.

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "hbhko" deleted successfully.
Driver "pyadcjab" deleted successfully.
Driver "vceopj" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


____________________________________________________

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.2
Locale ID: 1033

Additional information about the problem:
BCCode: f4
BCP1: 00000003
BCP2: 86F1AC08
BCP3: 86F1AD54
BCP4: 8242C710
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Files that help describe the problem:
C:\WINDOWS\Minidump\Mini091610-01.dmp
C:\Users\Dustin\AppData\Local\temp\WER-61152-0.sysdata.xml
C:\Users\Dustin\AppData\Local\temp\WER8BCA.tmp.version.txt

Read our privacy statement:
[You must be registered and logged in to see this link.]





2010/09/16 02:33:51.0923 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/16 02:33:51.0923 ================================================================================
2010/09/16 02:33:51.0923 SystemInfo:
2010/09/16 02:33:51.0923
2010/09/16 02:33:51.0923 OS Version: 6.0.6002 ServicePack: 2.0
2010/09/16 02:33:51.0923 Product type: Workstation
2010/09/16 02:33:51.0923 ComputerName: COMP22
2010/09/16 02:33:51.0923 UserName: Dustin
2010/09/16 02:33:51.0923 Windows directory: C:\Windows
2010/09/16 02:33:51.0923 System windows directory: C:\Windows
2010/09/16 02:33:51.0923 Processor architecture: Intel x86
2010/09/16 02:33:51.0923 Number of processors: 1
2010/09/16 02:33:51.0923 Page size: 0x1000
2010/09/16 02:33:51.0923 Boot type: Normal boot
2010/09/16 02:33:51.0923 ================================================================================
2010/09/16 02:33:52.0214 Initialize success
2010/09/16 02:34:01.0273 ================================================================================
2010/09/16 02:34:01.0273 Scan started
2010/09/16 02:34:01.0273 Mode: Manual;
2010/09/16 02:34:01.0273 ================================================================================
2010/09/16 02:34:03.0064 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/09/16 02:34:03.0554 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/09/16 02:34:03.0706 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/09/16 02:34:03.0936 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/09/16 02:34:03.0996 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/09/16 02:34:04.0066 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/09/16 02:34:04.0120 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/09/16 02:34:04.0154 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/09/16 02:34:04.0182 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/09/16 02:34:04.0216 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/09/16 02:34:04.0236 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/09/16 02:34:04.0285 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/09/16 02:34:04.0317 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2010/09/16 02:34:04.0466 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/09/16 02:34:04.0538 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/09/16 02:34:04.0618 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\Windows\system32\drivers\ASCTRM.sys
2010/09/16 02:34:04.0685 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/09/16 02:34:04.0772 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/09/16 02:34:04.0873 athr (600efe56f37adbd65a0fb076b50d1b8d) C:\Windows\system32\DRIVERS\athr.sys
2010/09/16 02:34:05.0049 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
2010/09/16 02:34:05.0138 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/09/16 02:34:05.0244 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/09/16 02:34:05.0351 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/09/16 02:34:05.0459 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/09/16 02:34:05.0491 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/09/16 02:34:05.0591 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/09/16 02:34:05.0706 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/09/16 02:34:05.0739 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/09/16 02:34:05.0759 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/09/16 02:34:05.0842 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/09/16 02:34:06.0000 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/09/16 02:34:06.0102 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/09/16 02:34:06.0161 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2010/09/16 02:34:06.0340 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/09/16 02:34:06.0441 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/09/16 02:34:06.0519 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/09/16 02:34:06.0647 CnxtHdAudService (1adf6f4852e7d7e2e8ac481bdb970586) C:\Windows\system32\drivers\CHDRT32.sys
2010/09/16 02:34:06.0829 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/09/16 02:34:06.0855 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/09/16 02:34:06.0990 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/09/16 02:34:07.0126 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/09/16 02:34:07.0643 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/09/16 02:34:07.0821 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/09/16 02:34:08.0511 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/09/16 02:34:09.0184 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/09/16 02:34:09.0572 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/09/16 02:34:09.0704 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/09/16 02:34:09.0990 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/09/16 02:34:10.0207 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/09/16 02:34:10.0279 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/09/16 02:34:10.0370 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/09/16 02:34:10.0564 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/09/16 02:34:10.0675 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/09/16 02:34:10.0924 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/09/16 02:34:11.0146 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/09/16 02:34:11.0404 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/09/16 02:34:11.0613 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/09/16 02:34:11.0753 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
2010/09/16 02:34:11.0968 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/09/16 02:34:12.0032 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/09/16 02:34:12.0097 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/09/16 02:34:12.0131 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/09/16 02:34:12.0212 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/09/16 02:34:12.0382 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/09/16 02:34:12.0545 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2010/09/16 02:34:12.0700 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2010/09/16 02:34:12.0857 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/09/16 02:34:13.0065 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2010/09/16 02:34:13.0219 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
2010/09/16 02:34:13.0462 HWiNFO32 (adfa0d6f486612eeb13e86aec7d2a25d) C:\Program Files\HWiNFO32\HWiNFO32.SYS
2010/09/16 02:34:13.0824 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/09/16 02:34:14.0323 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/09/16 02:34:14.0465 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/09/16 02:34:14.0882 igfx (c5589781f75de0bfb26e221649c80d00) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/09/16 02:34:15.0146 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/09/16 02:34:15.0605 IntcHdmiAddService (81486f0eb4238b65c317f97de246c4ac) C:\Windows\system32\drivers\IntcHdmi.sys
2010/09/16 02:34:15.0766 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/09/16 02:34:15.0926 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/09/16 02:34:16.0089 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/09/16 02:34:16.0170 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/09/16 02:34:16.0223 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/09/16 02:34:16.0326 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/09/16 02:34:16.0394 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/09/16 02:34:16.0669 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/09/16 02:34:17.0023 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/09/16 02:34:17.0116 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/09/16 02:34:17.0169 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/09/16 02:34:17.0252 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/09/16 02:34:17.0368 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/09/16 02:34:17.0563 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys
2010/09/16 02:34:18.0233 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/09/16 02:34:18.0512 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/09/16 02:34:18.0584 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/09/16 02:34:18.0647 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/09/16 02:34:18.0699 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/09/16 02:34:18.0823 ManyCam (c6d085c7045200143528136a43a65fde) C:\Windows\system32\DRIVERS\ManyCam.sys
2010/09/16 02:34:18.0937 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
2010/09/16 02:34:19.0249 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/09/16 02:34:19.0449 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/09/16 02:34:20.0028 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/09/16 02:34:20.0251 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/09/16 02:34:20.0385 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/09/16 02:34:20.0593 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/09/16 02:34:20.0740 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/09/16 02:34:20.0809 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/09/16 02:34:20.0855 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/09/16 02:34:21.0162 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/09/16 02:34:21.0343 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/09/16 02:34:21.0538 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/09/16 02:34:21.0927 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/09/16 02:34:22.0574 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/09/16 02:34:22.0803 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/09/16 02:34:23.0069 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2010/09/16 02:34:23.0142 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/09/16 02:34:23.0281 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/09/16 02:34:23.0352 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/09/16 02:34:23.0597 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/09/16 02:34:23.0768 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/09/16 02:34:24.0143 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/09/16 02:34:24.0384 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/09/16 02:34:24.0717 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/09/16 02:34:24.0847 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/09/16 02:34:25.0277 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/09/16 02:34:25.0470 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/09/16 02:34:25.0637 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/09/16 02:34:25.0740 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/09/16 02:34:25.0793 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/09/16 02:34:25.0900 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/09/16 02:34:26.0317 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/09/16 02:34:26.0599 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/09/16 02:34:26.0938 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/09/16 02:34:27.0219 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/09/16 02:34:27.0548 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/09/16 02:34:27.0782 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/09/16 02:34:28.0046 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/09/16 02:34:28.0164 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/09/16 02:34:28.0295 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/09/16 02:34:28.0791 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
2010/09/16 02:34:28.0991 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/09/16 02:34:29.0048 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/09/16 02:34:29.0145 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/09/16 02:34:29.0295 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2010/09/16 02:34:29.0555 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/09/16 02:34:29.0715 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/09/16 02:34:29.0799 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/09/16 02:34:29.0992 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/09/16 02:34:30.0332 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2010/09/16 02:34:30.0544 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/09/16 02:34:30.0681 PCTCore (807ff1dd6e1bdf8e7d2062fca0daecaf) C:\Windows\system32\drivers\PCTCore.sys
2010/09/16 02:34:30.0826 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/09/16 02:34:31.0019 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/09/16 02:34:31.0199 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/09/16 02:34:31.0297 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/09/16 02:34:31.0410 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/09/16 02:34:31.0460 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/09/16 02:34:31.0559 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/09/16 02:34:31.0622 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/09/16 02:34:31.0653 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/09/16 02:34:31.0712 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/09/16 02:34:31.0746 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/09/16 02:34:31.0793 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/09/16 02:34:31.0820 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/09/16 02:34:31.0864 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2010/09/16 02:34:31.0886 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/09/16 02:34:31.0934 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/09/16 02:34:32.0009 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/09/16 02:34:32.0063 RTL8169 (125c504a34d0a2e152517e342e7e432c) C:\Windows\system32\DRIVERS\Rtlh86.sys
2010/09/16 02:34:32.0253 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/09/16 02:34:32.0399 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/09/16 02:34:32.0468 sensorsview32 (845af1ba23c8d5e64def61bcc441604c) C:\Windows\system32\drivers\sensorsview32.sys
2010/09/16 02:34:32.0540 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/09/16 02:34:32.0571 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/09/16 02:34:32.0607 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/09/16 02:34:32.0668 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2010/09/16 02:34:32.0748 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/09/16 02:34:32.0808 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2010/09/16 02:34:32.0842 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/09/16 02:34:32.0887 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/09/16 02:34:32.0964 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/09/16 02:34:33.0009 SiSRaid4 (9e0a9fb1d6a73b410476beb6f54a7c07) C:\Windows\system32\drivers\sisraid4.sys
2010/09/16 02:34:33.0010 Suspicious file (Forged): C:\Windows\system32\drivers\sisraid4.sys. Real md5: 9e0a9fb1d6a73b410476beb6f54a7c07, Fake md5: e87eb500aa784b384126cc618f673c90
2010/09/16 02:34:33.0016 SiSRaid4 - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/09/16 02:34:33.0074 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/09/16 02:34:33.0130 SMBios (d72a21424ca66c7a745bd995eca6a710) C:\Windows\system32\DRIVERS\SMBios.sys
2010/09/16 02:34:33.0276 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys
2010/09/16 02:34:33.0336 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/09/16 02:34:33.0414 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys
2010/09/16 02:34:33.0439 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys
2010/09/16 02:34:33.0485 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
2010/09/16 02:34:33.0552 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys
2010/09/16 02:34:33.0824 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/09/16 02:34:34.0275 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/09/16 02:34:34.0309 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/09/16 02:34:34.0368 SynTP (00b19f27858f56181edb58b71a7c67a0) C:\Windows\system32\DRIVERS\SynTP.sys
2010/09/16 02:34:34.0571 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/09/16 02:34:34.0659 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/09/16 02:34:34.0696 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/09/16 02:34:34.0821 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/09/16 02:34:34.0853 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/09/16 02:34:34.0907 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/09/16 02:34:34.0946 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/09/16 02:34:35.0025 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/09/16 02:34:35.0065 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/09/16 02:34:35.0109 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/09/16 02:34:35.0167 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/09/16 02:34:35.0209 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/09/16 02:34:35.0270 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/09/16 02:34:35.0406 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/09/16 02:34:35.0569 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/09/16 02:34:35.0606 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/09/16 02:34:35.0633 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/09/16 02:34:35.0685 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/09/16 02:34:35.0712 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/09/16 02:34:35.0775 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/09/16 02:34:35.0811 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/09/16 02:34:35.0873 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
2010/09/16 02:34:35.0990 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/09/16 02:34:36.0096 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/09/16 02:34:36.0287 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/09/16 02:34:36.0325 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/09/16 02:34:36.0383 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/09/16 02:34:36.0434 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/09/16 02:34:36.0518 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/09/16 02:34:36.0571 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/09/16 02:34:36.0618 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/09/16 02:34:36.0692 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/09/16 02:34:36.0747 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/09/16 02:34:37.0200 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/09/16 02:34:37.0549 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/09/16 02:34:37.0722 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/09/16 02:34:37.0793 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/16 02:34:37.0835 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/16 02:34:37.0906 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
2010/09/16 02:34:38.0024 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/09/16 02:34:38.0111 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/09/16 02:34:38.0248 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/09/16 02:34:38.0387 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/09/16 02:34:38.0546 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/09/16 02:34:38.0692 wrssweep (919c6611ff6bcdb684b10b981f4e205f) C:\Program Files\Webroot\Washer\wrssweep.sys
2010/09/16 02:34:38.0810 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/09/16 02:34:38.0914 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/09/16 02:34:39.0006 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2010/09/16 02:34:39.0083 ================================================================================
2010/09/16 02:34:39.0083 Scan finished
2010/09/16 02:34:39.0083 ================================================================================
2010/09/16 02:34:39.0106 Detected object count: 1
2010/09/16 02:34:56.0946 SiSRaid4 (9e0a9fb1d6a73b410476beb6f54a7c07) C:\Windows\system32\drivers\sisraid4.sys
2010/09/16 02:34:56.0946 Suspicious file (Forged): C:\Windows\system32\drivers\sisraid4.sys. Real md5: 9e0a9fb1d6a73b410476beb6f54a7c07, Fake md5: e87eb500aa784b384126cc618f673c90

ryanjp89
Novice
Novice

Posts Posts : 17
Joined Joined : 2010-09-11
Gender Gender : Male
OS OS : Window Vista Home
Points Points : 22985
# Likes # Likes : 0

View user profile

Back to top Go down

Re: hbhko.sys

Post by Sneakyone on 16th September 2010, 4:34 pm

Hi.

Can you boot into windows normally now?


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56094
# Likes # Likes : 0

View user profile

Back to top Go down

Re: hbhko.sys

Post by ryanjp89 on 16th September 2010, 5:18 pm

Yes, after the computer rebooted from the blue screen, windows loaded fine.

ryanjp89
Novice
Novice

Posts Posts : 17
Joined Joined : 2010-09-11
Gender Gender : Male
OS OS : Window Vista Home
Points Points : 22985
# Likes # Likes : 0

View user profile

Back to top Go down

Re: hbhko.sys

Post by Sneakyone on 16th September 2010, 8:26 pm

Hi.

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].


Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56094
# Likes # Likes : 0

View user profile

Back to top Go down

Re: hbhko.sys

Post by ryanjp89 on 17th September 2010, 4:12 am

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4636

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

9/17/2010 12:09:05 AM
mbam-log-2010-09-17 (00-09-05).txt

Scan type: Quick scan
Objects scanned: 150420
Time elapsed: 6 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ryanjp89
Novice
Novice

Posts Posts : 17
Joined Joined : 2010-09-11
Gender Gender : Male
OS OS : Window Vista Home
Points Points : 22985
# Likes # Likes : 0

View user profile

Back to top Go down

Re: hbhko.sys

Post by Sneakyone on 18th September 2010, 6:34 pm

Hi.

Please run a free online scan with the [You must be registered and logged in to see this link.]
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56094
# Likes # Likes : 0

View user profile

Back to top Go down

Re: hbhko.sys

Post by ryanjp89 on 19th September 2010, 1:39 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=d70e402855b8994fb64ed428cbce1c4c
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-09-19 01:35:06
# local_time=2010-09-19 09:35:06 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 95 0 121502291 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=226473
# found=19
# cleaned=19
# scan_time=8587
C:\HP\HPQWare\aim_icq\triton_de_de\setup.exe probably a variant of Win32/Agent.HZHBURL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\HP\HPQWare\aim_icq\triton_en_gb\setup.exe probably a variant of Win32/Agent.HZHBURL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\HP\HPQWare\aim_icq\triton_es_es\setup.exe probably a variant of Win32/Agent.HZHBURL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\HP\HPQWare\aim_icq\triton_fr_fr\setup.exe probably a variant of Win32/Agent.HZHBURL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\HP\HPQWare\aim_icq\triton_it_it\setup.exe probably a variant of Win32/Agent.HZHBURL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\HP\HPQWare\aim_icq\triton_nl_nl\setup.exe probably a variant of Win32/Agent.HZHBURL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\explorer.exe.vir Win32/Bamital.DX trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\$NtUninstallMTF1011$\apUninstall.exe.vir Win32/Adware.Lifze.O application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\system32\eef393.dll.vir a variant of Win32/TrojanDownloader.Small.NFD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\system32\ogjc56w.dll.vir a variant of Win32/TrojanDownloader.Small.NFD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\system32\wininit.exe.vir Win32/Bamital.DX trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\symc8xx.sys.vir_ Win32/Olmarik.ZC trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\system32\spool\prtprocs\w32x86\5yW5u.dll.vir a variant of Win32/Olmarik.ADT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\system32\spool\prtprocs\w32x86\iQ93c7.dll.vir Win32/Olmarik.ACK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Dustin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\eBay.lnk Win32/Adware.ADON application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Dustin\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk Win32/Adware.ADON application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Dustin\Desktop\Old Files\files\mIRC\mrtrick.mrc IRC/Rab.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Public\files\mIRC\mrtrick.mrc IRC/Rab.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\System32\hlp.dat Win32/Bamital.DZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

ryanjp89
Novice
Novice

Posts Posts : 17
Joined Joined : 2010-09-11
Gender Gender : Male
OS OS : Window Vista Home
Points Points : 22985
# Likes # Likes : 0

View user profile

Back to top Go down

Re: hbhko.sys

Post by Sneakyone on 21st September 2010, 1:09 am

Hi.

How is your computer running now?


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56094
# Likes # Likes : 0

View user profile

Back to top Go down

Re: hbhko.sys

Post by ryanjp89 on 21st September 2010, 3:42 am

It's working well now. Internet is back up, no more redirected google results, and no more viruses, as far as I know.

Thank you very much for the help, sneaky. I was afraid I was going to have to reformat the whole computer, and I was dreading it, lol. You're a life saver, thanks a ton, dude.

ryanjp89
Novice
Novice

Posts Posts : 17
Joined Joined : 2010-09-11
Gender Gender : Male
OS OS : Window Vista Home
Points Points : 22985
# Likes # Likes : 0

View user profile

Back to top Go down

Re: hbhko.sys

Post by Sneakyone on 22nd September 2010, 3:34 pm

You're welcome, glad to help. Smile


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56094
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum