OK, here are the two logs.
Malwarebytes' Anti-Malware 1.44
Database version: 3838
Windows 5.1.2600 Service Pack 3, v.3311
Internet Explorer 6.0.2900.3311
3/9/2010 6:37:39 PM
mbam-log-2010-03-09 (18-37-39).txt
Scan type: Quick Scan
Objects scanned: 117117
Time elapsed: 5 minute(s), 38 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-03-09 19:29:12
Windows 5.1.2600 Service Pack 3, v.3311
Running: gmer.exe; Driver: C:\DOCUME~1\Beth\LOCALS~1\Temp\aglcrfog.sys
---- System - GMER 1.0.15 ----
SSDT ECB3AEEE ZwCreateKey
SSDT ECB3AEE4 ZwCreateThread
SSDT ECB3AEF3 ZwDeleteKey
SSDT ECB3AEFD ZwDeleteValueKey
SSDT ECB3AF02 ZwLoadKey
SSDT ECB3AED0 ZwOpenProcess
SSDT ECB3AED5 ZwOpenThread
SSDT ECB3AF0C ZwReplaceKey
SSDT ECB3AF07 ZwRestoreKey
SSDT ECB3AEF8 ZwSetValueKey
SSDT ECB3AEDF ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xF84B5794]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\System32\svchost.exe[1032] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 007A000A
.text C:\WINDOWS\System32\svchost.exe[1032] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 007B000A
.text C:\WINDOWS\System32\svchost.exe[1032] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 5 Bytes JMP 0079000C
.text C:\WINDOWS\System32\svchost.exe[1032] USER32.dll!GetCursorPos 7E41BD6E 5 Bytes JMP 02C8000A
.text C:\WINDOWS\System32\svchost.exe[1032] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 02C7000A
.text C:\WINDOWS\Explorer.EXE[1488] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 00A1000A
.text C:\WINDOWS\Explorer.EXE[1488] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 00A7000A
.text C:\WINDOWS\Explorer.EXE[1488] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 5 Bytes JMP 00A0000C
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device -> \Driver\atapi \Device\Harddisk0\DR0 822E8B4C
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB3 0xCE 0x65 0xFB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x69 0xD9 0x1F 0xCE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x34 0x78 0x88 0x8F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB3 0xCE 0x65 0xFB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x69 0xD9 0x1F 0xCE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x34 0x78 0x88 0x8F ...
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification
---- EOF - GMER 1.0.15 ----