GMER log (thanks for your time OD, really):
GMER 1.0.15.15273 -
http://www.gmer.netRootkit scan 2009-12-14 20:31:23
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\pwniyaob.sys
---- System - GMER 1.0.15 ----
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwClose [0xA8E5CE36]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwCreateFile [0xA8E60BD8]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwCreateKey [0xA8E5E098]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwCreateThread [0xA8E62222]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwDebugActiveProcess [0xA8E61EF8]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwDeleteFile [0xA8E60F16]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwDeleteKey [0xA8E5E2BE]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwDeleteValueKey [0xA8E5E922]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwDeviceIoControlFile [0xA8E5D042]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwDuplicateObject [0xA8E60554]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwFsControlFile [0xA8E5CE78]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwInitiatePowerAction [0xA8E5CB9A]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwLoadDriver [0xA8E5FF0C]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwMakeTemporaryObject [0xA8E5CCF8]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwOpenFile [0xA8E60A10]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwOpenProcess [0xF778F470]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwOpenSection [0xA8E5D20C]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwOpenThread [0xA8E620BC]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwProtectVirtualMemory [0xA8E628F4]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwReadVirtualMemory [0xA8E5D3BC]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwRenameKey [0xA8E5E42E]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwReplaceKey [0xA8E61848]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwRequestWaitReplyPort [0xA8E6035E]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwRestoreKey [0xA8E6169A]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwSetContextThread [0xA8E62690]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwSetInformationFile [0xA8E613CA]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwSetInformationProcess [0xA8E61FE8]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwSetSystemInformation [0xA8E6009C]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwSetSystemPowerState [0xA8E5CC4A]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwSetSystemTime [0xA8E5CA3A]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwSetValueKey [0xA8E5E5E2]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwShutdownSystem [0xA8E5CB10]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwSuspendProcess [0xA8E61E0A]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwSuspendThread [0xA8E6256C]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwSystemDebugControl [0xA8E5C996]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwTerminateProcess [0xF778F520]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwTerminateThread [0xF778F5C0]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwWriteFile [0xA8E61096]
SSDT \??\c:\windows\system32\drivers\jaagabki.sys (Malware Defender Driver/TorchSoft) ZwWriteFileGather [0xA8E61230]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwWriteVirtualMemory [0xF778F660]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2C98 80503B74 8 Bytes JMP 5092E45E
.text ntkrnlpa.exe!ZwCallbackReturn + 2F24 80503E00 4 Bytes CALL C2F92424
.text ntkrnlpa.exe!ZwCallbackReturn + 2F54 80503E30 12 Bytes [9C, 00, E6, A8, 4A, CC, E5, ...] {PUSHF ; ADD DH, AH; TEST AL, 0x4a; INT 3 ; IN EAX, 0xa8; CMP CL, DL; IN EAX, 0xa8}
.text ntkrnlpa.exe!ZwCallbackReturn + 2F88 80503E64 12 Bytes [0A, 1E, E6, A8, 6C, 25, E6, ...] {OR BL, [ESI]; OUT 0xa8, AL; INSB ; AND EAX, 0xc996a8e6; IN EAX, 0xa8}
pnidata C:\WINDOWS\system32\DRIVERS\secdrv.sys unknown last section [0xA827CF00, 0x24000, 0x48000000]
---- User code sections - GMER 1.0.15 ----
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [28]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F49C
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F530
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F6BD
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [68]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1336] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [28]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F49C
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F530
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F6BD
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [68]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3796] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6144AE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6144ADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6144A7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6144ADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [61449CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6144AE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6144ADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6144A7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6144ADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [61449CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6144AE29] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6144AE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6144ADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6144ADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6144A7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6144A3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [6144A3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [61449C27] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [61449B56] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [61449B94] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [61449CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6144ADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6144ADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [6144A7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6144AE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6144AE29] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [61449D87] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61449B94] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6144A3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [61449C27] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [6144A3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [61449CF2] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1420] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61449B56] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Ip jaagabki.sys (Malware Defender Driver/TorchSoft)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp jaagabki.sys (Malware Defender Driver/TorchSoft)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp jaagabki.sys (Malware Defender Driver/TorchSoft)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp jaagabki.sys (Malware Defender Driver/TorchSoft)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE0 0xBD 0xF2 0x04 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBD 0x7A 0x4B 0xA1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7D 0xF7 0xAF 0xAA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE0 0xBD 0xF2 0x04 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBD 0x7A 0x4B 0xA1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7D 0xF7 0xAF 0xAA ...
---- EOF - GMER 1.0.15 ----