Heres the GMER (in safe mode) & the systemlook
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-05-26 15:33:43
Windows 5.1.2600 Service Pack 3
Running: 0i74xbns.exe; Driver: C:\DOCUME~1\NickyNew\LOCALS~1\Temp\fgdoqpoc.sys
---- System - GMER 1.0.15 ----
SSDT spuh.sys ZwCreateKey [0xF76D20E0]
SSDT spuh.sys ZwEnumerateKey [0xF76EFCA2]
SSDT spuh.sys ZwEnumerateValueKey [0xF76F0030]
SSDT spuh.sys ZwOpenKey [0xF76D20C0]
SSDT spuh.sys ZwQueryKey [0xF76F0108]
SSDT spuh.sys ZwQueryValueKey [0xF76EFF88]
SSDT spuh.sys ZwSetValueKey [0xF76F019A]
INT 0x62 ? 86F65BF8
INT 0x63 ? 86E3FF00
INT 0x73 ? 86E3FF00
INT 0x82 ? 86F65BF8
INT 0x83 ? 86FD7BF8
INT 0xA4 ? 86E3FF00
INT 0xB4 ? 86E3FF00
---- Kernel code sections - GMER 1.0.15 ----
? spuh.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F74808AC 5 Bytes JMP 86E3F4E0
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 86FD72D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F770293C] spuh.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7702990] spuh.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F76D3040] spuh.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F76D313C] spuh.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F76D30BE] spuh.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F76D37FC] spuh.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F76D36D2] spuh.sys
IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 86E3F5E0
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F76E2D92] spuh.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 86FD31F8
Device \FileSystem\Fastfat \FatCdrom 86C38500
Device \Driver\USBSTOR \Device\0000008e 86D401F8
Device \Driver\usbohci \Device\USBPDO-0 86E3E500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 86FD51F8
Device \Driver\dmio \Device\DmControl\DmConfig 86FD51F8
Device \Driver\dmio \Device\DmControl\DmPnP 86FD51F8
Device \Driver\dmio \Device\DmControl\DmInfo 86FD51F8
Device \Driver\usbohci \Device\USBPDO-1 86E3E500
Device \Driver\usbohci \Device\USBPDO-2 86E3E500
Device \Driver\usbehci \Device\USBPDO-3 86E56500
Device \Driver\Ftdisk \Device\HarddiskVolume1 86F661F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 86F661F8
Device \Driver\Cdrom \Device\CdRom0 86E0E1F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 86F661F8
Device \Driver\Cdrom \Device\CdRom1 86E0E1F8
Device \Driver\atapi \Device\Ide\IdePort0 [F7626B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F7626B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7626B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F7626B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\USBSTOR \Device\00000084 86D401F8
Device \Driver\USBSTOR \Device\00000085 86D401F8
Device \Driver\usbohci \Device\USBFDO-0 86E3E500
Device \Driver\usbohci \Device\USBFDO-1 86E3E500
Device \Driver\usbohci \Device\USBFDO-2 86E3E500
Device \Driver\usbehci \Device\USBFDO-3 86E56500
Device \Driver\Ftdisk \Device\FtControl 86F661F8
Device \Driver\USBSTOR \Device\0000008a 86D401F8
Device \Driver\USBSTOR \Device\0000008b 86D401F8
Device \Driver\USBSTOR \Device\0000008c 86D401F8
Device \Driver\m5287 \Device\Scsi\m52871 86FD41F8
Device \Driver\m5287 \Device\Scsi\m52871Port2Path0Target0Lun0 86FD41F8
Device \Driver\USBSTOR \Device\0000008d 86D401F8
Device \FileSystem\Fastfat \Fat 86C38500
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 86CE6500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SOFTWARE\Classes\CLSID\{BB55E03B-8313-39B8-6664-72DC1427FEC0}\Implemented Categories@ 0
Reg HKLM\SOFTWARE\Classes\CLSID\{BB55E03B-8313-39B8-6664-72DC1427FEC0}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
Reg HKLM\SOFTWARE\Classes\CLSID\{BB55E03B-8313-39B8-6664-72DC1427FEC0}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}@ 0
Reg HKLM\SOFTWARE\Classes\CLSID\{BB55E03B-8313-39B8-6664-72DC1427FEC0}\InprocServer32@ C:\Program Files\Real\RealPlayer\ierjplug.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{BB55E03B-8313-39B8-6664-72DC1427FEC0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{BB55E03B-8313-39B8-6664-72DC1427FEC0}\MiscStatus@ 0
Reg HKLM\SOFTWARE\Classes\CLSID\{BB55E03B-8313-39B8-6664-72DC1427FEC0}\MiscStatus\1
Reg HKLM\SOFTWARE\Classes\CLSID\{BB55E03B-8313-39B8-6664-72DC1427FEC0}\MiscStatus\1@ 132497
Reg HKLM\SOFTWARE\Classes\CLSID\{BB55E03B-8313-39B8-6664-72DC1427FEC0}\ProgID@ IERJCtl.IERJCtl.1
Reg HKLM\SOFTWARE\Classes\CLSID\{BB55E03B-8313-39B8-6664-72DC1427FEC0}\ToolboxBitmap32@ C:\Program Files\Real\RealPlayer\ierjplug.dll, 1
Reg HKLM\SOFTWARE\Classes\CLSID\{BB55E03B-8313-39B8-6664-72DC1427FEC0}\TypeLib@ {00CEDBF1-864D-11D3-908D-00C0F03B3EDC}
Reg HKLM\SOFTWARE\Classes\CLSID\{BB55E03B-8313-39B8-6664-72DC1427FEC0}\Version@ 1.0
Reg HKLM\SOFTWARE\Classes\CLSID\{BB55E03B-8313-39B8-6664-72DC1427FEC0}\VersionIndependentProgID@ IERJCtl.IERJCtl
---- EOF - GMER 1.0.15 ----
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 07:12 on 26/05/2010 by NickyNew (Administrator - Elevation successful)
========== dir ==========
C: - Parameters: "(none)"
---Files---
.rnd --a--- 1024 bytes [20:14 06/03/2009] [18:25 22/09/2009]
AUTOEXEC.BAT --a--- 0 bytes [23:12 18/07/2006] [23:12 18/07/2006]
BcBtRmv.log --a--- 192 bytes [22:51 23/07/2006] [08:54 28/05/2007]
Boot.bak --a--- 211 bytes [23:06 20/06/2008] [22:16 17/06/2008]
boot.ini -rahs- 281 bytes [00:06 19/07/2006] [17:27 25/05/2010]
cmldr --a--- 260272 bytes [23:06 20/06/2008] [22:00 03/08/2004]
ComboFix.txt --a--- 30141 bytes [13:17 24/05/2010] [13:17 24/05/2010]
CONFIG.SYS --a--- 0 bytes [23:12 18/07/2006] [23:12 18/07/2006]
inferno.log --a--- 67 bytes [20:33 11/11/2007] [20:33 11/11/2007]
IO.SYS -rahs- 0 bytes [23:12 18/07/2006] [23:12 18/07/2006]
IS_PP2000.txt --a--- 276 bytes [18:02 09/03/2009] [18:04 09/03/2009]
mbam-error.txt --a--- 109 bytes [16:54 23/04/2010] [16:54 23/04/2010]
MSDOS.SYS -rahs- 0 bytes [23:12 18/07/2006] [23:12 18/07/2006]
NTDETECT.COM -rahs- 47564 bytes [21:08 28/08/2002] [01:16 12/09/2006]
ntldr -rahs- 250048 bytes [01:05 29/08/2002] [22:03 17/09/2008]
OPCUploaderLog - II.txt --a--- 2319 bytes [13:34 30/05/2008] [13:35 30/05/2008]
OPCUploaderLog.txt --a--- 938 bytes [13:34 30/05/2008] [13:35 30/05/2008]
pagefile.sys --ahs- 704643072 bytes [00:02 19/07/2006] [17:29 25/05/2010]
setup.log --a--- 87 bytes [18:02 09/03/2009] [18:02 09/03/2009]
sqmdata00.sqm --ah-- 232 bytes [00:32 02/08/2006] [17:28 10/07/2007]
sqmdata01.sqm --ah-- 268 bytes [00:32 02/08/2006] [23:16 24/07/2007]
sqmdata02.sqm --ah-- 232 bytes [00:32 02/08/2006] [21:56 02/01/2008]
sqmdata03.sqm --ah-- 232 bytes [00:32 02/08/2006] [21:58 02/01/2008]
sqmdata04.sqm --ah-- 232 bytes [00:34 02/08/2006] [21:59 02/01/2008]
sqmdata05.sqm --ah-- 232 bytes [00:34 02/08/2006] [22:04 02/01/2008]
sqmdata06.sqm --ah-- 232 bytes [00:15 11/08/2006] [22:14 02/01/2008]
sqmdata07.sqm --ah-- 232 bytes [00:15 11/08/2006] [22:16 02/01/2008]
sqmdata08.sqm --ah-- 268 bytes [06:29 11/08/2006] [22:25 13/04/2008]
sqmdata09.sqm --ah-- 268 bytes [06:29 11/08/2006] [22:26 13/04/2008]
sqmdata10.sqm --ah-- 232 bytes [06:30 11/08/2006] [18:32 26/02/2009]
sqmdata11.sqm --ah-- 232 bytes [06:33 11/08/2006] [21:49 26/02/2009]
sqmdata12.sqm --ah-- 232 bytes [06:34 11/08/2006] [16:42 12/05/2009]
sqmdata13.sqm --ah-- 232 bytes [18:19 11/08/2006] [10:02 14/03/2007]
sqmdata14.sqm --ah-- 232 bytes [18:19 11/08/2006] [10:02 14/03/2007]
sqmdata15.sqm --ah-- 232 bytes [18:19 11/08/2006] [10:03 14/03/2007]
sqmdata16.sqm --ah-- 232 bytes [18:20 11/08/2006] [10:03 14/03/2007]
sqmdata17.sqm --ah-- 232 bytes [18:20 11/08/2006] [10:04 14/03/2007]
sqmdata18.sqm --ah-- 232 bytes [21:08 11/08/2006] [10:04 14/03/2007]
sqmdata19.sqm --ah-- 232 bytes [21:11 11/08/2006] [17:28 10/07/2007]
sqmnoopt00.sqm --ah-- 244 bytes [00:32 02/08/2006] [17:28 10/07/2007]
sqmnoopt01.sqm --ah-- 244 bytes [00:32 02/08/2006] [23:16 24/07/2007]
sqmnoopt02.sqm --ah-- 244 bytes [00:32 02/08/2006] [21:56 02/01/2008]
sqmnoopt03.sqm --ah-- 244 bytes [00:32 02/08/2006] [21:58 02/01/2008]
sqmnoopt04.sqm --ah-- 244 bytes [00:34 02/08/2006] [21:59 02/01/2008]
sqmnoopt05.sqm --ah-- 244 bytes [00:34 02/08/2006] [22:04 02/01/2008]
sqmnoopt06.sqm --ah-- 244 bytes [00:15 11/08/2006] [22:14 02/01/2008]
sqmnoopt07.sqm --ah-- 244 bytes [00:15 11/08/2006] [22:16 02/01/2008]
sqmnoopt08.sqm --ah-- 244 bytes [06:29 11/08/2006] [22:25 13/04/2008]
sqmnoopt09.sqm --ah-- 244 bytes [06:29 11/08/2006] [22:26 13/04/2008]
sqmnoopt10.sqm --ah-- 244 bytes [06:30 11/08/2006] [18:32 26/02/2009]
sqmnoopt11.sqm --ah-- 244 bytes [06:33 11/08/2006] [21:49 26/02/2009]
sqmnoopt12.sqm --ah-- 244 bytes [06:34 11/08/2006] [16:42 12/05/2009]
sqmnoopt13.sqm --ah-- 244 bytes [18:19 11/08/2006] [10:02 14/03/2007]
sqmnoopt14.sqm --ah-- 244 bytes [18:19 11/08/2006] [10:02 14/03/2007]
sqmnoopt15.sqm --ah-- 244 bytes [18:19 11/08/2006] [10:03 14/03/2007]
sqmnoopt16.sqm --ah-- 244 bytes [18:20 11/08/2006] [10:03 14/03/2007]
sqmnoopt17.sqm --ah-- 244 bytes [18:20 11/08/2006] [10:04 14/03/2007]
sqmnoopt18.sqm --ah-- 244 bytes [21:08 11/08/2006] [10:04 14/03/2007]
sqmnoopt19.sqm --ah-- 244 bytes [21:11 11/08/2006] [17:28 10/07/2007]
STCAPI_traces_2009-03-10.log --a--- 494 bytes [19:45 10/03/2009] [19:45 10/03/2009]
STCAPI_traces_2009-11-18.log --a--- 494 bytes [19:36 18/11/2009] [19:37 18/11/2009]
sutscilq1.exe --a--- 81527 bytes [22:28 24/06/2007] [23:12 24/06/2007]
sutscilq2.exe --a--- 33346 bytes [21:39 27/06/2007] [21:39 27/06/2007]
sutscilq3.exe --a--- 74227 bytes [16:57 28/06/2007] [16:57 28/06/2007]
TraceInstPC.log --a--- 512 bytes [17:58 09/03/2009] [18:02 09/03/2009]
version.txt --a--- 0 bytes [14:51 24/11/2009] [14:50 24/11/2009]
virus definitions.txt --a--- 16019 bytes [18:41 21/11/2007] [18:41 21/11/2007]
---Folders---
ADCD d----- [00:09 21/07/2006]
ADCDA2 d----- [20:49 04/03/2008]
ADCDTEMP d----- [20:49 04/03/2008]
APPLIC d----- [16:24 23/09/2008]
ATI d----- [16:43 12/08/2009]
aut d----- [02:10 15/01/2007]
cmdcons drahs- [23:06 20/06/2008]
Config.Msi d----- [20:22 21/05/2010]
DestinatorApps d----- [01:15 14/11/2006]
Documents and Settings d----- [00:06 19/07/2006]
Dsr-Video d----- [00:08 02/07/2009]
DVDVideoSoft d----- [19:31 05/07/2008]
epson d----- [23:31 23/07/2006]
MAJ_DICOS d----- [23:36 04/03/2009]
My Downloads d----- [17:32 27/07/2006]
PPF d----- [16:26 14/02/2008]
Program Files d-a--- [00:07 19/07/2006]
Qoobox d-a--- [12:52 24/05/2010]
RECYCLER d--hs- [13:33 24/05/2010]
Seagate temp d----- [10:45 19/01/2009]
System Volume Information d--hs- [23:15 18/07/2006]
TMP d----- [18:10 30/05/2007]
WINDOWS d----- [00:02 19/07/2006]
-=End Of File=-