Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

suspicious looking files in gmer log?


  • Please log in to reply
2 replies to this topic

#1 shadowk8

shadowk8

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 14 August 2012 - 05:43 PM

Hi guys i was doing my weekly scan of my computer and was using gmer and malwarebytes. Bytes didnt find anything but gmer seemed to pick up some files and im not really sure what to do with them since they are locked. Should i not worry about them here you guys go this is the log.


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-14 18:42:40
Windows 6.1.7601 Service Pack 1
Running: mff0g9b2.exe


---- Files - GMER 1.0.15 ----

File C:\Users\colin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\521a29e5d22c13b4.customDestinations-ms 0 bytes
File C:\Users\colin\AppData\Roaming\Skype\highwarlord1202\bistats.lock 0 bytes
File C:\Users\colin\AppData\Roaming\Skype\highwarlord1202\keyval.lock 0 bytes
File C:\Users\colin\AppData\Roaming\Skype\highwarlord1202\main.lock 0 bytes
File C:\Users\colin\AppData\Roaming\Skype\highwarlord1202\msn.lock 0 bytes
File C:\Users\colin\AppData\Roaming\Skype\shared_httpfe\queue.lock 0 bytes

---- EOF - GMER 1.0.15 ----

Edited by shadowk8, 14 August 2012 - 06:06 PM.


BC AdBot (Login to Remove)

 


#2 shadowk8

shadowk8
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 14 August 2012 - 10:20 PM

Here's a aswmbr log:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-14 22:58:11
-----------------------------
22:58:11.906 OS Version: Windows x64 6.1.7601 Service Pack 1
22:58:11.906 Number of processors: 4 586 0x2A07
22:58:11.907 ComputerName: COLIN-PC UserName: colin
22:58:12.072 Initialize success
22:59:21.619 AVAST engine defs: 12081401
22:59:46.651 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:59:46.652 Disk 0 Vendor: M4-CT064 000F Size: 61057MB BusType: 3
22:59:46.653 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
22:59:46.654 Disk 1 Vendor: ST350041 CC38 Size: 476940MB BusType: 3
22:59:46.656 Disk 0 MBR read successfully
22:59:46.658 Disk 0 MBR scan
22:59:46.688 Disk 0 Windows 7 default MBR code
22:59:46.691 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:59:46.707 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 60955 MB offset 206848
22:59:46.738 Disk 0 scanning C:\Windows\system32\drivers
22:59:50.976 Service scanning
23:00:00.273 Modules scanning
23:00:00.278 Disk 0 trace - called modules:
23:00:00.281 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
23:00:00.284 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800f7c1060]
23:00:00.286 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800e040050]
23:00:00.356 AVAST engine scan C:\
23:17:20.925 Scan finished successfully
23:18:29.355 Disk 0 MBR has been saved successfully to "E:\Downloads\MBR.dat"

#3 shadowk8

shadowk8
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 16 August 2012 - 03:03 AM

:(




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users