PDA

View Full Version : Just downloaded Spybot S&D and it won't open


yourallthesame
2009-11-11, 13:40
my problem started with the "task manager has been disabled by your administrator." So, I did a search on that and tried to run REGEDIT like most of the recommendations that have been made, but get the same message regarding REGEDIT. The one thing though, I did not have any antivirus software on this computer before all this. Anyway, so after that I tried to download Spybot S&D and it almost opened... but not quite. Anyway, I read the other guy's post regarding his problem. I downloaded Exehelper and here is the log... exeHelper by Raktor
Build 20091021
Run at 20:24:29 on 11/11/09
Now searching...
Checking for numerical processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

DDS.SCR...
DDS (Ver_09-10-26.01) - NTFSx86
Run by paul at 20:31:24.31 on Wed 11/11/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.41 [GMT 8:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EDIMAX\Common\RaUI.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\DOCUME~1\paul\LOCALS~1\Temp\bwoj.exe
C:\DOCUME~1\paul\LOCALS~1\Temp\vmyqc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\paul\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.daemon-search.com/startpage
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\spybot - search & destroy\SDHelper.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SpybotSD TeaTimer] d:\spybot - search & destroy\TeaTimer.exe
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\paul\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\edimax\common\RaUI.exe
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\paul\applic~1\mozilla\firefox\profiles\5uoghj58.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-10 602392]
R3 asc3360pr;asc3360pr;\??\c:\windows\system32\drivers\nqokln.sys --> c:\windows\system32\drivers\nqokln.sys [?]

=============== Created Last 30 ================

2009-11-11 12:11:01 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-11-10 09:25:05 0 d-----w- c:\docume~1\paul\applic~1\mjusbsp
2009-11-09 23:39:43 0 d-----w- c:\program files\iPod
2009-11-09 23:39:21 0 d-----w- c:\program files\iTunes
2009-11-08 15:01:08 0 d-----w- c:\windows\.jagex_cache_32
2009-11-07 02:55:02 0 ----a-w- C:\SharePodSettings.xml
2009-11-07 02:54:52 504038 ----a-w- C:\sqlite3.dll
2009-11-06 10:55:23 7233967 ----a-w- C:\ituneslib.itl
2009-10-29 14:35:48 5595136 ----a-w- C:\SharePod.exe
2009-10-21 23:15:29 57 --sh--r- C:\autorun.inf
2009-10-21 23:15:29 117220 --sh--r- C:\2o1ajagt.exe
2009-10-14 02:56:58 0 d-----w- c:\docume~1\paul\applic~1\SharePod
2009-10-14 02:52:42 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-10-14 02:52:36 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-10-14 02:52:35 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-10-14 02:52:35 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

==================== Find3M ====================

2009-09-19 00:06:31 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-28 11:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll

============= FINISH: 20:31:55.46 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 7/31/2009 12:09:34 PM
System Uptime: 11/11/2009 7:18:27 AM (13 hours ago)

Motherboard: Dell Computer Corp. | | 0F4491
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/533mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 76 GiB total, 17.026 GiB free.
D: is FIXED (NTFS) - 73 GiB total, 59.428 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM (CDFS)
H: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP14: 8/27/2009 2:04:42 PM - System Checkpoint
RP15: 8/28/2009 3:00:19 AM - Software Distribution Service 3.0
RP16: 8/29/2009 3:00:16 AM - Software Distribution Service 3.0
RP17: 8/30/2009 6:55:40 AM - Software Distribution Service 3.0
RP18: 8/30/2009 9:46:19 AM - Installed Windows Media Player 11
RP19: 8/30/2009 9:57:40 AM - Software Distribution Service 3.0
RP20: 8/31/2009 3:00:22 AM - Software Distribution Service 3.0
RP21: 9/1/2009 3:35:06 AM - System Checkpoint
RP22: 9/2/2009 4:35:07 AM - System Checkpoint
RP23: 9/3/2009 5:17:43 AM - System Checkpoint
RP24: 9/4/2009 6:01:58 AM - System Checkpoint
RP25: 9/5/2009 7:06:00 PM - System Checkpoint
RP26: 9/7/2009 8:08:49 PM - System Checkpoint
RP27: 9/9/2009 11:36:35 AM - System Checkpoint
RP28: 9/10/2009 3:00:19 AM - Software Distribution Service 3.0
RP29: 9/11/2009 3:17:32 AM - System Checkpoint
RP30: 9/11/2009 7:00:12 AM - Installed iTunes
RP31: 9/12/2009 7:57:32 AM - System Checkpoint
RP32: 9/14/2009 7:40:05 PM - System Checkpoint
RP33: 9/18/2009 9:43:00 AM - System Checkpoint
RP34: 9/19/2009 8:06:29 AM - SPTD setup V1.58
RP35: 9/19/2009 11:25:14 PM - Software Distribution Service 3.0
RP36: 9/22/2009 3:04:25 PM - System Checkpoint
RP37: 9/24/2009 6:32:12 AM - System Checkpoint
RP38: 9/25/2009 11:22:06 AM - System Checkpoint
RP39: 9/26/2009 11:55:14 AM - System Checkpoint
RP40: 9/27/2009 11:57:16 AM - System Checkpoint
RP41: 9/28/2009 12:54:49 PM - System Checkpoint
RP42: 9/29/2009 1:11:34 PM - System Checkpoint
RP43: 9/30/2009 2:12:50 PM - System Checkpoint
RP44: 10/1/2009 2:39:11 PM - System Checkpoint
RP45: 10/2/2009 2:57:49 PM - System Checkpoint
RP46: 10/3/2009 8:01:47 AM - Installed iPodRip
RP47: 10/3/2009 11:39:02 AM - Software Distribution Service 3.0
RP48: 10/3/2009 2:57:10 PM - Removed WinZip 12.1
RP49: 10/3/2009 2:59:43 PM - Installed WinZip 12.1
RP50: 10/3/2009 3:00:28 PM - Installed WinZip 12.1
RP51: 10/4/2009 3:15:10 PM - System Checkpoint
RP52: 10/5/2009 3:00:21 AM - Software Distribution Service 3.0
RP53: 10/6/2009 3:24:37 AM - System Checkpoint
RP54: 10/7/2009 3:54:49 AM - System Checkpoint
RP55: 10/8/2009 2:13:27 PM - System Checkpoint
RP56: 10/9/2009 2:50:02 PM - System Checkpoint
RP57: 10/10/2009 5:41:13 PM - System Checkpoint
RP58: 10/11/2009 5:48:36 PM - System Checkpoint
RP59: 10/12/2009 6:35:47 PM - System Checkpoint
RP60: 10/13/2009 7:35:08 PM - System Checkpoint
RP61: 10/15/2009 7:40:35 AM - System Checkpoint
RP62: 10/16/2009 3:00:24 AM - Software Distribution Service 3.0
RP63: 10/16/2009 9:00:07 PM - Software Distribution Service 3.0
RP64: 10/17/2009 10:26:36 PM - System Checkpoint
RP65: 10/18/2009 11:10:07 PM - System Checkpoint
RP66: 10/19/2009 3:00:22 AM - Software Distribution Service 3.0
RP67: 10/20/2009 3:14:20 AM - System Checkpoint
RP68: 10/21/2009 6:52:16 PM - System Checkpoint
RP69: 10/22/2009 6:55:54 PM - System Checkpoint
RP70: 10/23/2009 3:00:19 AM - Software Distribution Service 3.0
RP71: 10/24/2009 3:48:39 AM - System Checkpoint
RP72: 10/24/2009 6:11:35 PM - Installed Microsoft Fix it 50027
RP73: 10/25/2009 6:11:47 PM - System Checkpoint
RP74: 10/26/2009 7:07:10 PM - System Checkpoint
RP75: 10/27/2009 7:43:18 PM - System Checkpoint
RP76: 10/28/2009 10:14:43 PM - System Checkpoint
RP77: 10/29/2009 5:59:33 PM - Installed Java(TM) 6 Update 16
RP78: 10/30/2009 11:49:07 PM - System Checkpoint
RP79: 11/1/2009 12:05:58 AM - System Checkpoint
RP80: 11/2/2009 2:20:59 AM - System Checkpoint
RP81: 11/3/2009 9:13:13 AM - System Checkpoint
RP82: 11/4/2009 9:33:15 AM - System Checkpoint
RP83: 11/5/2009 5:26:51 PM - System Checkpoint
RP84: 11/6/2009 3:00:21 AM - Software Distribution Service 3.0
RP85: 11/7/2009 3:34:56 AM - System Checkpoint
RP86: 11/8/2009 5:02:24 AM - Installed Adobe Reader 9.2.
RP87: 11/9/2009 5:06:28 AM - System Checkpoint
RP88: 11/10/2009 6:46:02 AM - System Checkpoint
RP89: 11/10/2009 8:36:49 PM - Removed iPodRip

==== Installed Programs ======================

AAC Decoder
AC3Filter (remove only)
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 9.2
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AutoUpdate
BitTorrent
Bonjour
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Edimax Wireless LAN
H.264 Decoder
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
iTunes
Java(TM) 6 Update 13
Java(TM) 6 Update 15
LimeWire 5.3.6
Logitech Vid
Logitech Webcam Software
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MKV Splitter
Mozilla Firefox (3.5.5)
OpenOffice.org 3.1
PDF Settings
QuickTime
RegCure 1.5.2.7
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Skype web features
Skype™ 4.1
Spybot - Search & Destroy
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
USB2.0 PC Camera
VC80CRTRedist - 8.0.50727.762
WebFldrs XP
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
WinZip 12.1
Xvid 1.2.2 final uninstall
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

11/10/2009 8:36:54 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

==== End Of File ===========================
yourallthesame
2009-11-11, 14:03
GMER 1.0.15.15220 - http://www.gmer.net
Rootkit scan 2009-11-11 21:03:09
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\paul\LOCALS~1\Temp\kxndapod.sys


---- System - GMER 1.0.15 ----

SSDT sply.sys ZwCreateKey [0xF913F0E0]
SSDT sply.sys ZwEnumerateKey [0xF915DCA4]
SSDT sply.sys ZwEnumerateValueKey [0xF915E032]
SSDT sply.sys ZwOpenKey [0xF913F0C0]
SSDT sply.sys ZwQueryKey [0xF915E10A]
SSDT sply.sys ZwQueryValueKey [0xF915DF8A]
SSDT sply.sys ZwSetValueKey [0xF915E19C]

INT 0x82 ? 81F10BF8
INT 0x83 ? 81F10BF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 169 804E27C5 3 Bytes [DC, 15, F9]
? sply.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F8D4A8AC 5 Bytes JMP 81DBC4E0
.text a2vsdohn.SYS F8B88386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a2vsdohn.SYS F8B883AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a2vsdohn.SYS F8B883C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text a2vsdohn.SYS F8B883C9 1 Byte [30]
.text a2vsdohn.SYS F8B883C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
? C:\WINDOWS\system32\drivers\nqokln.sys The system cannot find the file specified. !

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 81F142D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F9170C4C] sply.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F9170CA0] sply.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F9140042] sply.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F914013E] sply.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F91400C0] sply.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F9140800] sply.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F91406D6] sply.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 81DBC5E0
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F914FE9C] sply.sys
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!RtlInitUnicodeString] 8800001C
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!swprintf] 001CB286
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!KeSetEvent] C61AEB00
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 001C8186
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 86C61200
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00001C83
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!MmFreeMappingAddress] 8E868801
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 8800001C
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 001CAA86
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!MmUnmapIoSpace] 80968B00
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 8900001C
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!IofCompleteRequest] 001C9C96
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!RtlCompareUnicodeString] C6168B00
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!IofCallDriver] 001CB986
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 428A0A00
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] BA86880C
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!IoConnectInterrupt] 8B00001C
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!IoDetachDevice] 24A48DFA
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000000
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!KeInitializeEvent] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!KeCancelTimer] 8D3F0304
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] CB033043
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!RtlInitAnsiString] 0673C13B
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] C13B0003
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!IoQueueWorkItem] 8366FA72
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!MmMapIoSpace] 75000E7B
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0B7D80E3
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!IoReportDetectedDevice] 307B8D00
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00AA840F
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 83660000
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!NlsMbCodePageTag] 6A000E7A
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!PoRequestPowerIrp] C6647400
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CBB86
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 4F8B0200
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!sprintf] 968D5140
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00001C90
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!ObfDereferenceObject] 2266E852
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 478B0000
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 50016A40
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!ZwClose] 1CAC8E8D
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E8510000
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 00002254
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 6A18538B
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 868D5200
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!IoCreateDevice] 00001C98
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 2242E850
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 4B8B0000
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 51016A18
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!ZwOpenKey] 1CB4968D
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!RtlFreeUnicodeString] E8520000
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!IoStartTimer] 00002230
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!KeInitializeTimer] 8A05478A
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!IoInitializeTimer] 001CBB8E
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!KeInitializeDpc] 30C48300
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!KeInitializeSpinLock] 1CBD8688
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!IoInitializeIrp] 80E90000
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!ZwCreateKey] C6000000
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CBB86
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 438B0100
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!ZwSetValueKey] 8E8D5018
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00001C90
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 2202E851
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!IoStartPacket] 538B0000
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 52016A18
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 1CAC868D
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!IoFreeMdl] E8500000
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!MmUnlockPages] 000021F0
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 001CBB8E
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 1CBD8688
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!KeSynchronizeExecution] 43EB0000
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!IoStartNextPacket] 320C538A
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!KeBugCheckEx] 88F93BC0
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 001CBB96
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!KeSetTimer] F6317300
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!_allmul] 74070647
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!MmProbeAndLockPages] 75C0841A
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!_except_handler3] 05578A0B
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!PoSetPowerState] 968801B0
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 00001CBD
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B60F66
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 533B6604
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!_aulldiv] 03087408
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!strstr] 72F93B3F
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!_strupr] 8A09EBDA
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!KeQuerySystemTime] 86880547
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 00001CBD
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!KeTickCount] 88084B8A
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 001CBE8E
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!IoDeleteDevice] 40578B00
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 8D52006A
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!IoAllocateWorkItem] 001CC086
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!IoAllocateIrp] 81E85000
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!IoAllocateMdl] 8B000021
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CB88E
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!MmLockPagableDataSection] BC968B00
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8900001C
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CC48E
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!ExFreePoolWithTag] C8968900
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!IoFreeIrp] 8B00001C
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!IoFreeWorkItem] 016A4047
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!InitSafeBootMode] CCC68150
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!RtlCompareMemory] 5600001C
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!PoCallDriver] 002157E8
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!memmove] 18C48300
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[ntoskrnl.exe!MmHighestUserAddress] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[HAL.dll!KfRaiseIrql] 00001CA9
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[HAL.dll!HalTranslateBusAddress] 8186C636
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\a2vsdohn.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Messenger\msmsgs.exe[632] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AD2F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[632] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AD2C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[632] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AD2CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[632] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AD2CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[728] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01262F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[728] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01262C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[728] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01262CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[728] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01262CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C42F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C42C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C42CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C42CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 81F0E1F8
Device \FileSystem\Fastfat \FatCdrom FF7F8500
Device \Driver\NetBT \Device\NetBT_Tcpip_{74694007-16F0-4ED7-926B-EEF5345CF380} FF7371F8
Device \Driver\usbuhci \Device\USBPDO-0 81DBE500
Device \Driver\usbuhci \Device\USBPDO-1 81DBE500
Device \Driver\usbuhci \Device\USBPDO-2 81DBE500
Device \Driver\usbuhci \Device\USBPDO-3 81DBE500
Device \Driver\usbehci \Device\USBPDO-4 81DDB1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 81F111F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 81F111F8
Device \Driver\Cdrom \Device\CdRom0 FFBA01F8
Device \Driver\Cdrom \Device\CdRom1 FFBA01F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F90B9B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F90B9B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F90B9B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F90B9B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom2 FFBA01F8
Device \Driver\PCI_PNP3074 \Device\0000003d sply.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{2972CB83-49D2-4969-8511-F27464A96D29} FF7371F8
Device \Driver\NetBT \Device\NetBt_Wins_Export FF7371F8
Device \Driver\sptd \Device\1038701824 sply.sys
Device \Driver\NetBT \Device\NetbiosSmb FF7371F8
Device \Driver\USBSTOR \Device\0000005c FF36C1F8
Device \Driver\USBSTOR \Device\0000005d FF36C1F8
Device \Driver\USBSTOR \Device\0000005e FF36C1F8
Device \Driver\usbuhci \Device\USBFDO-0 81DBE500
Device \Driver\usbuhci \Device\USBFDO-1 81DBE500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver FF6FF1F8
Device \Driver\usbuhci \Device\USBFDO-2 81DBE500
Device \FileSystem\MRxSmb \Device\LanmanRedirector FF6FF1F8
Device \Driver\usbuhci \Device\USBFDO-3 81DBE500
Device \Driver\usbehci \Device\USBFDO-4 81DDB1F8
Device \Driver\Ftdisk \Device\FtControl 81F111F8
Device \Driver\a2vsdohn \Device\Scsi\a2vsdohn1Port2Path0Target0Lun0 FF9C4500
Device \Driver\a2vsdohn \Device\Scsi\a2vsdohn1 FF9C4500
Device \FileSystem\Fastfat \Fat FF7F8500
Device \FileSystem\Cdfs \Cdfs FF7A6500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x88 0x3C 0xFB 0x23 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xEF 0xCD 0x2B 0xB0 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD1 0x75 0xCD 0x95 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x88 0x3C 0xFB 0x23 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xEF 0xCD 0x2B 0xB0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD1 0x75 0xCD 0x95 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x88 0x3C 0xFB 0x23 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xEF 0xCD 0x2B 0xB0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD1 0x75 0xCD 0x95 ...

---- EOF - GMER 1.0.15 ----
tashi
2009-11-11, 15:56
Hello

Please see the forum FAQ "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Then produce a HJT log and copy paste it into a new topic, providing a link back to this thread.

If the infection prevents HJT from running, make note of the situation and wait for a response.

Best regards.


http://forums.spybot.info/showthread.php?t=53319