Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Gmer log

  • Please log in to reply
2 replies to this topic

#1 craneop


  • Members
  • 124 posts
  • Gender:Male
  • Location:mountains
  • Local time:06:42 AM

Posted 17 March 2009 - 10:15 PM

Hello all, Comp is running fine. I have been reading up on rootkits. I was wondering if anyone took take a look at this log, and let me know if it is clear. I, realize y'all are busy. I'm in no hurry. Thanks Joe

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-17 22:57:52
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

source file error: C:\Documents and Settings\Owner\ntuser.dat
scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :

Files with Hidden Attributes :

Mon 11 Aug 2008 1,572,864 A..H. --- "C:\Documents and Settings\PAPA\NTUSER.bak"
Sun 13 Apr 2008 1,695,232 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Sun 13 Apr 2008 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Wed 9 Apr 2003 0 A.SH. --- "C:\WINDOWS\SMINST\HPCD.SYS"
Tue 26 Aug 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 7 Aug 2008 262,144 A..H. --- "C:\Documents and Settings\PAPA\Local Settings\Application Data\Microsoft\Windows\UsrClass.bak"


BC AdBot (Login to Remove)


#2 garmanma


    Computer Masochist

  • Members
  • 27,809 posts
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:07:42 AM

Posted 18 March 2009 - 07:25 PM

gmer logs are deat with in the HJT forum and only when asked. With my limited knowledge of gmer I say everything looks good
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 craneop

  • Topic Starter

  • Members
  • 124 posts
  • Gender:Male
  • Location:mountains
  • Local time:06:42 AM

Posted 18 March 2009 - 08:10 PM

Thanks ! garmanma, I appreciate the reply. Have a great night. Joe

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users