ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Time: 2009/07/10 15:20 Program Version: Version 1.3.0.0 Windows Version: Windows XP Media Center Edition SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xBA203000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF79CD000 Size: 8192 File Visible: No Signed: - Status: - Name: PCI_PNP8192 Image Path: \Driver\PCI_PNP8192 Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xB9F13000 Size: 49152 File Visible: No Signed: - Status: - Name: SKYNETrovnopao.sys Image Path: C:\WINDOWS\system32\drivers\SKYNETrovnopao.sys Address: 0xBA3F7000 Size: 163840 File Visible: - Signed: - Status: Hidden from Windows API! Name: spcx.sys Image Path: spcx.sys Address: 0xF74D6000 Size: 1048576 File Visible: No Signed: - Status: - Name: sptd Image Path: \Driver\sptd Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: UACcbwibwyhosctyihuh.sys Image Path: C:\WINDOWS\system32\drivers\UACcbwibwyhosctyihuh.sys Address: 0xBA393000 Size: 81920 File Visible: - Signed: - Status: Hidden from Windows API! Hidden/Locked Files ------------------- Path: C:\WINDOWS\Temp\SKYNETfumknevtus.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETfvfebjrsde.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETfwgqmybdqu.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETfydnfmsgae.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETgtxymkmsvs.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNEThbwmovrkfq.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNEThmogjlhnqn.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNEThpmkjfnivf.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNEThtnsmyxubv.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETiewhlijhqm.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETikswacjrwy.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETitdhnfcjmj.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETjcrivktakt.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETjdeijmvhfn.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETjjrqcveurw.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETjktdvakior.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETjlclqvopim.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETjpsdaqpmcy.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETjqaygkgkpy.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETkctxhqscea.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETkxvqbwdyhp.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETldxhumyodj.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETliuudcbnmc.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETljokiqmnbc.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETllxwqutrej.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETlmyoliqyfd.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETlnauigltfo.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETlntvrvdbsw.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETlvkwjltsrr.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETmupubleqqp.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETcbqrfccjxd.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETfulpkretol.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETmwilnuubyo.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETpjbijtygst.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETshfpjnvnuw.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETxjvfsjbbvc.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETsrtodjftdj.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETterumheobq.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETtgusbundyv.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETtpipgqjama.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETtqotnqxvuw.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETtrrubsigmg.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETtvclqrmbqi.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETubmltgsbrk.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETufbmtpbqui.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETultibocvoh.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETunjkjumquf.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETuobpadwloi.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETuoglcmpjqb.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETuohneihpek.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETvcmflaixdw.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETvjbnqidlar.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETvqosxiagii.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETvspifjreeh.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETvxceyswqod.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETvyolpksfnw.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETwctvcfhbna.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETwhdaqaivjw.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETwqobohsnee.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETwrphcvvajp.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETwscybcftta.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETwyrbqsooaa.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETnfbejexdwk.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETnosvxentap.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETnppkgsldfc.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETnwwivixyxf.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNEToaasrkspsm.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETojldhokdkn.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNEToksbbntdkl.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETolbrbepikt.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNEToogowidveo.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETovaahcsmsm.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETowuhymyjxa.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETpabausousf.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETpbytomcpjl.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETpebxegvwey.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETpedcsgjper.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETpekhgpbstt.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETcdhhaxyscp.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETcelbpvtsfb.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETcghhtdhxqd.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETcgwdvtmmtj.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETcmstcnosrn.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETcwfjtewnvh.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETdebnrsfnga.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETdhmpfjtjng.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETdjheofyeqg.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETdogokidsfa.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETdqgbdalypu.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETduvxrghqqe.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETdwrfywrpwa.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETdyeecpilka.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETeprnpnyrqf.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETewnoonwmlp.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETexlexnssdq.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETfddfgnurku.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETfgtpbtprjy.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETfovtigceut.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETfpiochyndy.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETfpkaxkvxko.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETfuigflhpvd.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETxobgrjcckg.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETxoukkfepeo.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETxttbxkkkrm.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETxwsanbtglj.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETxyrywixumf.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETyainkhnipe.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETycgcqdugxc.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETyemqvgmafl.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETyhgdcdtnsf.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETymqtiewuqa.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETyokytpxmjw.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\UACe06d.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\WGAErrLog.txt Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\WGANotify.settings Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETporcejcxub.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETppdwqichdc.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETpwhcqrvrdm.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETqdbvydmngq.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETqfuhhflxfv.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETqfyupdlyhn.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETqhmjaolyfe.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETqjabkfnuye.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETqlfphycmen.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETqvdnxxooxl.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETrfiqsgaubl.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETrhmrmerath.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETrievbqhxrr.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETrxgnqvvume.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETsbbdcwowev.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETsdiltpitxg.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETadklwiiamw.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETafrjsnsdvk.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETajuecsbrho.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETayeddgkhyt.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETbhysocsbpv.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETbnciwietaq.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETbqmllfkrch.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETbrvdqgyfmr.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\SKYNETbvifsjpqlf.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\SKYNETqculqhkk.dat Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\SKYNETrfqmlmsw.dat Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\SKYNETwvtxmnst.dll Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\SKYNETybbujntt.dll Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\UACgafstkohxoueirsoi.dll Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\UACbmcvcsrklikbhylwg.dll Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\UACcovibiyjhsthpdwit.dll Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\uacinit.dll Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\UACjmuehsmdrqixkbpsm.db Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\UACmekhbemuqpqbkbdmm.dat Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\UACpykyvmkenbubixgij.dll Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\uacsr.dat Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\uactmp.db Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\UACuslmwlkencusduorl.dll Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\drivers\SKYNETrovnopao.sys Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\drivers\UACcbwibwyhosctyihuh.sys Status: Invisible to the Windows API! Path: C:\Documents and Settings\Catnipboy\Local Settings\Temp\UACfae1.tmp Status: Invisible to the Windows API! Path: C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\UACmd.exe Status: Invisible to the Windows API! Path: C:\Documents and Settings\Catnipboy\Local Settings\Application Data\Microsoft\Messenger\ANALSAVAGE69@hotmail.com\SharingMetadata\analsavage89@hotmail.com\DFSR\Staging\CS{9A5D301B-4985-ABAF-F620-606A04EB834E}\01\20-{9A5D301B-4985-ABAF-F620-606A04EB834E}-v1-{54A73E3B-4087-414C-9DBA-EF867234342B}-v20-Downloaded.frx Status: Locked to the Windows API! Path: C:\Documents and Settings\Catnipboy\Local Settings\Application Data\Microsoft\Messenger\ANALSAVAGE69@hotmail.com\SharingMetadata\analsavage89@hotmail.com\DFSR\Staging\CS{9A5D301B-4985-ABAF-F620-606A04EB834E}\12\17-{54A73E3B-4087-414C-9DBA-EF867234342B}-v12-{54A73E3B-4087-414C-9DBA-EF867234342B}-v17-Downloaded.frx Status: Locked to the Windows API! Path: C:\Documents and Settings\Catnipboy\Local Settings\Application Data\Microsoft\Messenger\ANALSAVAGE69@hotmail.com\SharingMetadata\analsavage89@hotmail.com\DFSR\Staging\CS{9A5D301B-4985-ABAF-F620-606A04EB834E}\13\13-{412348A4-1743-4D01-92A5-7E7AEC898376}-v13-{412348A4-1743-4D01-92A5-7E7AEC898376}-v13-Downloaded.frx Status: Locked to the Windows API! Path: C:\Documents and Settings\Catnipboy\Local Settings\Application Data\Microsoft\Messenger\ANALSAVAGE69@hotmail.com\SharingMetadata\analsavage89@hotmail.com\DFSR\Staging\CS{9A5D301B-4985-ABAF-F620-606A04EB834E}\13\19-{412348A4-1743-4D01-92A5-7E7AEC898376}-v13-{54A73E3B-4087-414C-9DBA-EF867234342B}-v19-Downloaded.frx Status: Locked to the Windows API! Path: C:\Documents and Settings\Catnipboy\Local Settings\Application Data\Microsoft\Messenger\ANALSAVAGE69@hotmail.com\SharingMetadata\analsavage89@hotmail.com\DFSR\Staging\CS{9A5D301B-4985-ABAF-F620-606A04EB834E}\14\18-{412348A4-1743-4D01-92A5-7E7AEC898376}-v14-{54A73E3B-4087-414C-9DBA-EF867234342B}-v18-Downloaded.frx Status: Locked to the Windows API! Path: C:\Documents and Settings\Catnipboy\Local Settings\Application Data\Microsoft\Messenger\ANALSAVAGE69@hotmail.com\SharingMetadata\cyberdude11002@yahoo.com\DFSR\Staging\CS{F8A17F1B-498F-BAD1-BDA5-83885806A8FA}\01\22-{F8A17F1B-498F-BAD1-BDA5-83885806A8FA}-v1-{54A73E3B-4087-414C-9DBA-EF867234342B}-v22-Downloaded.frx Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\YS3JE85Q\i1.yimg.com\us.yimg.com\i\us\plus\swf\pcm:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Invisible to the Windows API! Path: C:\Documents and Settings\Compaq_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\YS3JE85Q\i1.yimg.com\us.yimg.com\i\us\plus\swf\pcm:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Compaq_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\YS3JE85Q\i1.yimg.com\us.yimg.com\i\us\plus\swf\pcm:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Invisible to the Windows API! Path: C:\Documents and Settings\Compaq_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\YS3JE85Q\i1.yimg.com\us.yimg.com\i\us\plus\swf\pcm:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Invisible to the Windows API! Path: C:\Documents and Settings\Compaq_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\YS3JE85Q\i1.yimg.com\us.yimg.com\i\us\plus\swf\pcm:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Compaq_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\YS3JE85Q\i1.yimg.com\us.yimg.com\i\us\plus\swf\pcm:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Invisible to the Windows API! Path: C:\Documents and Settings\Compaq_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\YS3JE85Q\i1.yimg.com\us.yimg.com\i\us\plus\swf\pcm:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Compaq_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\YS3JE85Q\i1.yimg.com\us.yimg.com\i\us\plus\swf\pcm:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Invisible to the Windows API! Path: C:\Documents and Settings\Compaq_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\YS3JE85Q\i1.yimg.com\us.yimg.com\i\us\plus\swf\pcm:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Invisible to the Windows API! Stealth Objects ------------------- Object: Hidden Module [Name: SKYNETwvtxmnst.dll] Process: winlogon.exe (PID: 244) Address: 0x00630000 Size: 32768 Object: Hidden Module [Name: UACgafstkohxoueirsoi.dll] Process: winlogon.exe (PID: 244) Address: 0x00810000 Size: 45056 Object: Hidden Module [Name: UACpykyvmkenbubixgij.dll] Process: winlogon.exe (PID: 244) Address: 0x00970000 Size: 49152 Object: Hidden Module [Name: SKYNETwvtxmnst.dll] Process: services.exe (PID: 292) Address: 0x00740000 Size: 32768 Object: Hidden Module [Name: UACgafstkohxoueirsoi.dll] Process: services.exe (PID: 292) Address: 0x00910000 Size: 45056 Object: Hidden Module [Name: UACpykyvmkenbubixgij.dll] Process: services.exe (PID: 292) Address: 0x00a60000 Size: 49152 Object: Hidden Module [Name: SKYNETwvtxmnst.dll] Process: lsass.exe (PID: 304) Address: 0x008d0000 Size: 32768 Object: Hidden Module [Name: UACgafstkohxoueirsoi.dll] Process: lsass.exe (PID: 304) Address: 0x00920000 Size: 45056 Object: Hidden Module [Name: UACpykyvmkenbubixgij.dll] Process: lsass.exe (PID: 304) Address: 0x00ba0000 Size: 49152 Object: Hidden Module [Name: SKYNETwvtxmnst.dll] Process: svchost.exe (PID: 468) Address: 0x008f0000 Size: 32768 Object: Hidden Module [Name: SKYNETybbujntt.dll] Process: svchost.exe (PID: 468) Address: 0x00920000 Size: 57344 Object: Hidden Module [Name: UACuslmwlkencusduorl.dll] Process: svchost.exe (PID: 468) Address: 0x00ae0000 Size: 204800 Object: Hidden Module [Name: UACgafstkohxoueirsoi.dll] Process: svchost.exe (PID: 468) Address: 0x00aa0000 Size: 45056 Object: Hidden Module [Name: UACpykyvmkenbubixgij.dll] Process: svchost.exe (PID: 468) Address: 0x00d10000 Size: 49152 Object: Hidden Module [Name: UACbmcvcsrklikbhylwg.dll] Process: svchost.exe (PID: 468) Address: 0x00db0000 Size: 81920 Object: Hidden Module [Name: UACcovibiyjhsthpdwit.dll] Process: svchost.exe (PID: 468) Address: 0x00e60000 Size: 73728 Object: Hidden Module [Name: UACuslmwlkencusduorl.dll] Process: svchost.exe (PID: 576) Address: 0x00950000 Size: 204800 Object: Hidden Module [Name: UACgafstkohxoueirsoi.dll] Process: svchost.exe (PID: 576) Address: 0x00a30000 Size: 45056 Object: Hidden Module [Name: UACpykyvmkenbubixgij.dll] Process: svchost.exe (PID: 576) Address: 0x00ac0000 Size: 49152 Object: Hidden Module [Name: SKYNETwvtxmnst.dll] Process: svchost.exe (PID: 576) Address: 0x10000000 Size: 32768 Object: Hidden Module [Name: UACpykyvmkenbubixgij.dll] Process: svchost.exe (PID: 640) Address: 0x00bd0000 Size: 49152 Object: Hidden Module [Name: SKYNETwvtxmnst.dll] Process: svchost.exe (PID: 640) Address: 0x008f0000 Size: 32768 Object: Hidden Module [Name: UACuslmwlkencusduorl.dll] Process: svchost.exe (PID: 640) Address: 0x00950000 Size: 204800 Object: Hidden Module [Name: UACgafstkohxoueirsoi.dll] Process: svchost.exe (PID: 640) Address: 0x00b40000 Size: 45056 Object: Hidden Module [Name: SKYNETwvtxmnst.dll] Process: Explorer.EXE (PID: 1220) Address: 0x00b80000 Size: 32768 Object: Hidden Module [Name: UACgafstkohxoueirsoi.dll] Process: Explorer.EXE (PID: 1220) Address: 0x00bd0000 Size: 45056 Object: Hidden Module [Name: UACpykyvmkenbubixgij.dll] Process: Explorer.EXE (PID: 1220) Address: 0x00d30000 Size: 49152 Object: Hidden Module [Name: SKYNETwvtxmnst.dll] Process: ctfmon.exe (PID: 1320) Address: 0x00a70000 Size: 32768 Object: Hidden Module [Name: UACgafstkohxoueirsoi.dll] Process: ctfmon.exe (PID: 1320) Address: 0x00bc0000 Size: 45056 Object: Hidden Module [Name: UACpykyvmkenbubixgij.dll] Process: ctfmon.exe (PID: 1320) Address: 0x00d10000 Size: 49152 Object: Hidden Module [Name: UACgafstkohxoueirsoi.dll] Process: RootRepeal.exe (PID: 1456) Address: 0x01270000 Size: 45056 Object: Hidden Module [Name: UACpykyvmkenbubixgij.dll] Process: RootRepeal.exe (PID: 1456) Address: 0x013c0000 Size: 49152 Object: Hidden Module [Name: SKYNETwvtxmnst.dll] Process: RootRepeal.exe (PID: 1456) Address: 0x10000000 Size: 32768 Object: Hidden Module [Name: SKYNETwvtxmnst.dll] Process: Iexplore.exe (PID: 560) Address: 0x00ca0000 Size: 32768 Object: Hidden Module [Name: UACuslmwlkencusduorl.dll] Process: Iexplore.exe (PID: 560) Address: 0x00e80000 Size: 204800 Object: Hidden Module [Name: UACpykyvmkenbubixgij.dll] Process: Iexplore.exe (PID: 560) Address: 0x00f60000 Size: 49152 Object: Hidden Module [Name: UACgafstkohxoueirsoi.dll] Process: Iexplore.exe (PID: 560) Address: 0x01060000 Size: 45056 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE] Process: System Address: 0x8ae641f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE] Process: System Address: 0x8ae641f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ] Process: System Address: 0x8ae641f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE] Process: System Address: 0x8ae641f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8ae641f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8ae641f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA] Process: System Address: 0x8ae641f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA] Process: System Address: 0x8ae641f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8ae641f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8ae641f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x8ae641f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8ae641f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8ae641f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8ae641f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN] Process: System Address: 0x8ae641f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8ae641f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP] Process: System Address: 0x8ae641f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x8ae641f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY] Process: System Address: 0x8ae641f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x8ae641f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA] Process: System Address: 0x8ae641f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP] Process: System Address: 0x8ae641f8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE] Process: System Address: 0x8a920500 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE] Process: System Address: 0x8a920500 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ] Process: System Address: 0x8a920500 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE] Process: System Address: 0x8a920500 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8a920500 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8a920500 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA] Process: System Address: 0x8a920500 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA] Process: System Address: 0x8a920500 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8a920500 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8a920500 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x8a920500 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8a920500 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8a920500 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a920500 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a920500 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8a920500 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP] Process: System Address: 0x8a920500 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP] Process: System Address: 0x8a920500 Size: 121 Object: Hidden Code [Driver: , IRP_MJ_CREATE] Process: System Address: 0x8a8821f8 Size: 121 Object: Hidden Code [Driver: , IRP_MJ_CLOSE] Process: System Address: 0x8a8821f8 Size: 121 Object: Hidden Code [Driver: , IRP_MJ_READ] Process: System Address: 0x8a8821f8 Size: 121 Object: Hidden Code [Driver: , IRP_MJ_WRITE] Process: System Address: 0x8a8821f8 Size: 121 Object: Hidden Code [Driver: , IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8a8821f8 Size: 121 Object: Hidden Code [Driver: , IRP_MJ_SET_INFORMATION] Process: System Address: 0x8a8821f8 Size: 121 Object: Hidden Code [Driver: , IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8a8821f8 Size: 121 Object: Hidden Code [Driver: , IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8a8821f8 Size: 121 Object: Hidden Code [Driver: , IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8a8821f8 Size: 121 Object: Hidden Code [Driver: , IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a8821f8 Size: 121 Object: Hidden Code [Driver: , IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8a8821f8 Size: 121 Object: Hidden Code [Driver: , IRP_MJ_CLEANUP] Process: System Address: 0x8a8821f8 Size: 121 Object: Hidden Code [Driver: , IRP_MJ_PNP] Process: System Address: 0x8a8821f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE] Process: System Address: 0x8aa351f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE] Process: System Address: 0x8aa351f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ] Process: System Address: 0x8aa351f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE] Process: System Address: 0x8aa351f8 Size: 121 Object: Hidden Code [Driver: Cdrom==EOF==