TechSpot

Logs

By bel41
Jul 30, 2011
  1. please have a look at these logs , Malwarebytes and GMER.
    7/30/2011 12:24:56 PM
    mbam-log-2011-07-30 (12-24-56).txt

    Scan type: Quick scan
    Objects scanned: 111912
    Time elapsed: 1 hour(s), 1 minute(s), 32 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    Abviously nothing infected according to Malware.
    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xF7B34738]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xF7B347DC]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xF7B34878]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xF7B34914]

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3284] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3284] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3284] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3284] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3284] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3284] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3284] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3284] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3284] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3284] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3284] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [614AAE29] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3284] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3284] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3284] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3284] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3284] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [614AA3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3284] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [614AA3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3284] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [614A9C27] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3284] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [614A9B56] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3284] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [614A9B94] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3284] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3284] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3284] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3284] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3284] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3284] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [614AAE29] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3284] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [614A9D87] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3284] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [614A9B94] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3284] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [614AA3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3284] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [614A9C27] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3284] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [614AA3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3284] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [614A9CF2] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3284] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [614A9B56] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

    ---- EOF - GMER 1.0.15 ----

    AVG, found something that says: The fileis signedwith a broken digital signature issued by AVG technologies.
    DDS didnt show any results after over 5 minutes scan, it just freeze my pc.
    Note, i did all the scaning with my HARD DRIVE attached AS EXTERNAL .
    Thank you.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    I'm not sure what you mean there.

    You're not saying what your computer issues are.
     
  3. bel41

    bel41 TS Rookie Topic Starter Posts: 28

    Thank you Broni, well the problem of my laptop is that it stops with a blue screen (0x000000C2) right after the xp logo, I can not boot under any mode ( safe mode , last configuration...) nothing works, if i put a CD to repair windows it stops with the same blue screen after loading the files. This laptop came with a windows 7pre, downgraded to xp. i was told to run these scans and post them here . that`s all the story i cant start the laptop beyond the xp logo the only blue screen is (0x000000C2 ).Thanks.
    Edit : As to your question, i took out the HARD DRIVE from the laptop and attach it via USB to a desktop and i did run the scans because i can not do it on the laptop.
     
  4. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Anything in particular you did just before it happened?
    Was XP installation working at all?
     
  5. bel41

    bel41 TS Rookie Topic Starter Posts: 28

    Sorry being late to answer, and yes the xp was working fine, what happen is that my sis was downloading music from youtube and that`s when the blue screen happened and the laptop crushed. now i can not go beyond the xp logo.
    Thank you.
     
  6. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please click HERE to download Kaspersky Virus Removal Tool.

    • Double click on the file you just downloaded and let it install.
    • It will install to your desktop (be patient; it may take a while).
    • Accept license agreement and click "Start" button.
    • Click on Settings button [​IMG]
      • In Scan scope checkmark only the drive you just slaved.
      • In Actions checkmark Select action: (disinfect; delete if disinfection fails) instead of preselected Prompt on detection
    • Click on Automatic Scan tab and then click on Start scanning button.
    • Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
    • When the scan is done NO log will be produced.
    • Click on Report button [​IMG] then on Automatic Scan report tab.
    • Right click anywhere within right pane, click Select All then right click again and click Copy.
    • This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
    • You can save this on the desktop.
    • Post the contents of the document in your next reply.
     
  7. bel41

    bel41 TS Rookie Topic Starter Posts: 28

    Hi Broni, and sorry for being late to answer you, due to the kaspersky online scan, once it finished the scan i tried to copy the content but everything frozen and i could not move the mouse, even the task manager didnt work , if i want to close the scan window , i got a message saying " this program can not be closed because it is locked by the system" so the only solution i had was to reestore the system. that`s my oly pc where i can post here now, that`s why am late to post.
    Anyway, the scan did not find any threat of virus at all, i checked them all twice and eveything was marked in GREEN and with an OK . there was nothing in RED or Yellow.
    so am hoping for the next step as to what to do. Thank you.
     
  8. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Well, I don't think we're dealing with an infection here.
    I suggest, you create new topic in Windows forum.
     
  9. bel41

    bel41 TS Rookie Topic Starter Posts: 28

    Thank you Broni.That`s what i thought too.
     
  10. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    You're very welcome [​IMG]
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...