Go Back   Technibble Forums > Technical Discussions > Security, Viruses and Trojans

  Technibble Sponsor

Thread Tools Display Modes
Old 05-12-2012, 09:50 PM
TechLady's Avatar
TechLady TechLady is offline
Join Date: Sep 2011
Location: CA
Posts: 858
TechLady has a spectacular aura aboutTechLady has a spectacular aura about
Default What GMER found on my bench machine

So I ran GMER on my test bench machine just for ha ha's...and it found this:

GMER - http://www.gmer.net
Rootkit scan 2012-05-12 13:46:29
Windows 6.1.7600
Running: nr7knxxh.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d3 6e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{C941EA10-6499-4293-ABBE-823E71A6FB60}?\Device\{8A7DF796-2B36-47A5-9FF7-6054DA4D5AC7}?\Device\{5226AEFD-382A-43D7-AE76-D66A12518BB4}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d3 6e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{C941EA10-6499-4293-ABBE-823E71A6FB60}"?"{8A7DF796-2B36-47A5-9FF7-6054DA4D5AC7}"?"{5226AEFD-382A-43D7-AE76-D66A12518BB4}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d3 6e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{C941EA10-6499-4293-ABBE-823E71A6FB60}?\Device\TCPIP6TUNNEL_{8A7DF796-2B36-47A5-9FF7-6054DA4D5AC7}?\Device\TCPIP6TUNNEL_{5226AEFD-382A-43D7-AE76-D66A12518BB4}?
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Epoch@Epoch 585
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Epoch2@Epoch 477
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Param eters\Interfaces\{14A4C815-30A4-487B-A65C-B991E0733348}@LeaseObtainedTime 1336844439
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Param eters\Interfaces\{14A4C815-30A4-487B-A65C-B991E0733348}@T1 -810639210
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Param eters\Interfaces\{14A4C815-30A4-487B-A65C-B991E0733348}@T2 1873715350
Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Para meters\Interfaces\{08fe8736-b5be-4326-8391-b8df0917ff84}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Para meters\Interfaces\{2ad5242c-6a7b-4071-ac2a-53df72bb0f90}@Dhcpv6State 0

---- EOF - GMER 1.0.15 ----

Not sure what to make of it, if anything.

UPDATE: Interestingly, when I run it on my C: drive alone it finds nothing. All the above seems to be from my clone of the machine, on B:. Also, none of the entries are in red.
* * * * * * * * * * * *
Everything tech with a mom's touch
* Buy my residential newsletters right here! *

G+ | Facebook | Twitter

Last edited by TechLady; 05-13-2012 at 12:40 AM.
Reply With Quote
Old 06-20-2012, 03:38 AM
PcTek9's Avatar
PcTek9 PcTek9 is offline
Join Date: Nov 2009
Location: Mobile, AL
Posts: 1,085
PcTek9 has a spectacular aura aboutPcTek9 has a spectacular aura about

What are you using to clone this drive?
First in Research & Development of Magical Technology.
http://www.technibble.com/forums/image.php?type=sigpic&userid=11296&dateline=127803  7559
Reply With Quote

gmer, rootkits

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT. The time now is 07:55 PM.

Powered by vBulletin®
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Technibble.com is based out of MELBOURNE, AUSTRALIA.