Thread: My computer has a mind of its' own
View Single Post
Old 12-03-2006, 11:21 AM   #23 (permalink)
crazycavgirl
Registered User
 
Join Date: Nov 2006
Location: WV
Posts: 13
OS: Windows XP


Send a message via Yahoo to crazycavgirl
GMER log:

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2006-12-03 13:21:51
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess

---- User code sections - GMER 1.0.12 ----

.text C:\Program Files\Real\RealPlayer\realplay.exe[268] WS2_32.dll!connect 71AB406A 5 Bytes JMP 01B73E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[420] WS2_32.dll!connect 71AB406A 5 Bytes JMP 04DD3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[464] WS2_32.dll!connect 71AB406A 5 Bytes JMP 04413E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[464] SHELL32.dll!SHFileOperationW 7CA6FCDA 5 Bytes JMP 01D31270 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[464] SHELL32.dll!SHFileOperation 7CA6FFC2 5 Bytes JMP 01D31280 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[492] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10003E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1268] SHELL32.dll!SHFileOperationW 7CA6FCDA 5 Bytes JMP 30001270 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1268] SHELL32.dll!SHFileOperation 7CA6FFC2 5 Bytes JMP 30001280 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1268] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10003E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Program Files\AlienGUIse\wbload.exe[1596] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10003E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe[1684] SHELL32.dll!SHFileOperationW 7CA6FCDA 5 Bytes JMP 30001270 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL
.text C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe[1684] SHELL32.dll!SHFileOperation 7CA6FFC2 5 Bytes JMP 30001280 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL
.text C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe[1684] WS2_32.dll!connect 71AB406A 5 Bytes JMP 03943E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\WINDOWS\EXPLORER.EXE[1784] SHELL32.dll!SHFileOperationW 7CA6FCDA 5 Bytes JMP 30001270 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL
.text C:\WINDOWS\EXPLORER.EXE[1784] SHELL32.dll!SHFileOperation 7CA6FFC2 5 Bytes JMP 30001280 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL
.text C:\WINDOWS\EXPLORER.EXE[1784] WS2_32.dll!connect 71AB406A 5 Bytes JMP 01AF3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Program Files\McAfee.com\VSO\mcvsshld.exe[1912] WS2_32.dll!connect 71AB406A 5 Bytes JMP 016C3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\PROGRA~1\McAfee.com\VSO\oasclnt.exe[1920] WS2_32.dll!connect 71AB406A 5 Bytes JMP 010F3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe[1928] WS2_32.dll!connect 71AB406A 5 Bytes JMP 02383E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe[1928] SHELL32.dll!SHFileOperationW 7CA6FCDA 5 Bytes JMP 30001270 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe[1928] SHELL32.dll!SHFileOperation 7CA6FFC2 5 Bytes JMP 30001280 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL
.text C:\WINDOWS\SYSTEM32\igfxpers.exe[2000] WS2_32.dll!connect 71AB406A 5 Bytes JMP 011E3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\WINDOWS\SYSTEM32\hkcmd.exe[2008] WS2_32.dll!connect 71AB406A 5 Bytes JMP 01163E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2024] ws2_32.dll!connect 71AB406A 5 Bytes JMP 10003E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\WINDOWS\EHOME\ehtray.exe[2032] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10003E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Program Files\Trillian\trillian.exe[2072] WS2_32.dll!connect 71AB406A 5 Bytes JMP 01E93E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Program Files\Trillian\trillian.exe[2072] SHELL32.dll!SHFileOperationW 7CA6FCDA 5 Bytes JMP 30001270 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL
.text C:\Program Files\Trillian\trillian.exe[2072] SHELL32.dll!SHFileOperation 7CA6FFC2 5 Bytes JMP 30001280 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2100] SHELL32.dll!SHFileOperationW 7CA6FCDA 5 Bytes JMP 30001270 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2100] SHELL32.dll!SHFileOperation 7CA6FFC2 5 Bytes JMP 30001280 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL
.text C:\PROGRA~1\WinZip\WINZIP32.EXE[2100] WS2_32.dll!connect 71AB406A 5 Bytes JMP 01E63E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Documents and Settings\Jacob & Crystal\My Documents\Unzipped\gmer\gmer.exe[2476] SHELL32.dll!SHFileOperationW 7CA6FCDA 5 Bytes JMP 30001270 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL
.text C:\Documents and Settings\Jacob & Crystal\My Documents\Unzipped\gmer\gmer.exe[2476] SHELL32.dll!SHFileOperation 7CA6FFC2 5 Bytes JMP 30001280 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL
.text C:\Documents and Settings\Jacob & Crystal\My Documents\Unzipped\gmer\gmer.exe[2476] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10003E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\WINDOWS\EHOME\ehmsas.exe[3360] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10003E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4056] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10003E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4056] SHELL32.dll!SHFileOperationW 7CA6FCDA 5 Bytes JMP 30001270 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[4056] SHELL32.dll!SHFileOperation 7CA6FFC2 5 Bytes JMP 30001280 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE A89D6C8A
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE A89D37C8
Device \FileSystem\Fastfat \Fat IRP_MJ_READ A89CF60A
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE A89CFAED
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION A89DA958
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION A89DD821
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA A89E638A
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA A89E5D49
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS A89DFBBE
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION A89E0331
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION A89EE4F4
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL A89D6B37
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL A89D2948
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL A89DC46B
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN A89ED79D
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL A89ECC4A
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP A89D32FD
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP A89ED1DB
Device \FileSystem\Fastfat \Fat FastIoCheckIfPossible A89E81F9

---- EOF - GMER 1.0.12 ----
crazycavgirl is offline