Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Advanced virus remover,blue screen


  • Please log in to reply
1 reply to this topic

#1 pan_sdn

pan_sdn

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 11 August 2009 - 11:42 AM

Hi I was infected with advanced virus remover. So i ran MBAM and it found and cleaned the virus.
But then i realized that i still have the problem and the screen turned blue.
Now i can boot only in safe mode.
Any ideas? Thank you.

OS:windows xp

BC AdBot (Login to Remove)

 


#2 pan_sdn

pan_sdn
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 11 August 2009 - 03:02 PM

This is the report from rootrepeal



ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/11 11:53
Program Version: Version 1.3.3.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAA40D000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8A1D000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA997E000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SKYNETxfqpphqp.sys
Image Path: C:\WINDOWS\system32\drivers\SKYNETxfqpphqp.sys
Address: 0xAA752000 Size: 155648 File Visible: - Signed: -
Status: Hidden from the Windows API!

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\SKYNETemovmtki.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNETexjuciqr.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNETjfthoigt.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNETsbcimqxe.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNETtnberflx.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNETxlyxmcuw.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\fgcba86.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\drivers\SKYNETxfqpphqp.sys
Status: Invisible to the Windows API!

Path: c:\documents and settings\george sdonas\local settings\application data\mozilla\firefox\profiles\oxu7bvx8.default\cache\_cache_001_
Status: Size mismatch (API: 1128286, Raw: 1124195)

Path: c:\documents and settings\george sdonas\local settings\application data\mozilla\firefox\profiles\oxu7bvx8.default\cache\_cache_002_
Status: Size mismatch (API: 1074412, Raw: 1054500)

Path: c:\documents and settings\george sdonas\local settings\application data\mozilla\firefox\profiles\oxu7bvx8.default\cache\_cache_003_
Status: Size mismatch (API: 1961006, Raw: 1950200)

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Mozilla\Firefox\Profiles\oxu7bvx8.default\Cache\A632D23Dd01
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\pan_sdn@hotmail.com\DFSR\Staging\CS{BB8C51D9-9141-2BC5-308F-85565A11FF97}\00\200-{C~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\pan_sdn@hotmail.com\DFSR\Staging\CS{BB8C51D9-9141-2BC5-308F-85565A11FF97}\01\201-{C~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\pan_sdn@hotmail.com\DFSR\Staging\CS{BB8C51D9-9141-2BC5-308F-85565A11FF97}\02\202-{C~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\pan_sdn@hotmail.com\DFSR\Staging\CS{BB8C51D9-9141-2BC5-308F-85565A11FF97}\03\203-{C~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\pan_sdn@hotmail.com\DFSR\Staging\CS{BB8C51D9-9141-2BC5-308F-85565A11FF97}\04\204-{C~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\pan_sdn@hotmail.com\DFSR\Staging\CS{BB8C51D9-9141-2BC5-308F-85565A11FF97}\05\205-{C~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\pan_sdn@hotmail.com\DFSR\Staging\CS{BB8C51D9-9141-2BC5-308F-85565A11FF97}\06\206-{C~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\pan_sdn@hotmail.com\DFSR\Staging\CS{BB8C51D9-9141-2BC5-308F-85565A11FF97}\07\207-{C~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\pan_sdn@hotmail.com\DFSR\Staging\CS{BB8C51D9-9141-2BC5-308F-85565A11FF97}\08\208-{C~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\pan_sdn@hotmail.com\DFSR\Staging\CS{BB8C51D9-9141-2BC5-308F-85565A11FF97}\09\209-{C~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\pan_sdn@hotmail.com\DFSR\Staging\CS{BB8C51D9-9141-2BC5-308F-85565A11FF97}\10\210-{C~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\pan_sdn@hotmail.com\DFSR\Staging\CS{BB8C51D9-9141-2BC5-308F-85565A11FF97}\11\211-{C~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\pan_sdn@hotmail.com\DFSR\Staging\CS{BB8C51D9-9141-2BC5-308F-85565A11FF97}\12\212-{C~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\pan_sdn@hotmail.com\DFSR\Staging\CS{BB8C51D9-9141-2BC5-308F-85565A11FF97}\13\213-{C~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\pan_sdn@hotmail.com\DFSR\Staging\CS{BB8C51D9-9141-2BC5-308F-85565A11FF97}\14\214-{C~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\pan_sdn@hotmail.com\DFSR\Staging\CS{BB8C51D9-9141-2BC5-308F-85565A11FF97}\15\215-{C~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\pan_sdn@hotmail.com\DFSR\Staging\CS{BB8C51D9-9141-2BC5-308F-85565A11FF97}\16\216-{C~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\pan_sdn@hotmail.com\DFSR\Staging\CS{BB8C51D9-9141-2BC5-308F-85565A11FF97}\80\180-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v180-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v180-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\pan_sdn@hotmail.com\DFSR\Staging\CS{BB8C51D9-9141-2BC5-308F-85565A11FF97}\81\181-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v181-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v181-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\pan_sdn@hotmail.com\DFSR\Staging\CS{BB8C51D9-9141-2BC5-308F-85565A11FF97}\82\182-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v182-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v182-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\pan_sdn@hotmail.com\DFSR\Staging\CS{BB8C51D9-9141-2BC5-308F-85565A11FF97}\83\183-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v183-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v183-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\pan_sdn@hotmail.com\DFSR\Staging\CS{BB8C51D9-9141-2BC5-308F-85565A11FF97}\84\184-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v184-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v184-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\pan_sdn@hotmail.com\DFSR\Staging\CS{BB8C51D9-9141-2BC5-308F-85565A11FF97}\85\185-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v185-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v185-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\pan_sdn@hotmail.com\DFSR\Staging\CS{BB8C51D9-9141-2BC5-308F-85565A11FF97}\86\186-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v186-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v186-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\pan_sdn@hotmail.com\DFSR\Staging\CS{BB8C51D9-9141-2BC5-308F-85565A11FF97}\87\187-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v187-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v187-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\pan_sdn@hotmail.com\DFSR\Staging\CS{BB8C51D9-9141-2BC5-308F-85565A11FF97}\88\188-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v188-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v188-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\pan_sdn@hotmail.com\DFSR\Staging\CS{BB8C51D9-9141-2BC5-308F-85565A11FF97}\89\189-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v189-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v189-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\pan_sdn@hotmail.com\DFSR\Staging\CS{BB8C51D9-9141-2BC5-308F-85565A11FF97}\90\190-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v190-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v190-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\pan_sdn@hotmail.com\DFSR\Staging\CS{BB8C51D9-9141-2BC5-308F-85565A11FF97}\91\191-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v191-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v191-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\pan_sdn@hotmail.com\DFSR\Staging\CS{BB8C51D9-9141-2BC5-308F-85565A11FF97}\92\192-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v192-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v192-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\pan_sdn@hotmail.com\DFSR\Staging\CS{BB8C51D9-9141-2BC5-308F-85565A11FF97}\93\193-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v193-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v193-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\pan_sdn@hotmail.com\DFSR\Staging\CS{BB8C51D9-9141-2BC5-308F-85565A11FF97}\94\194-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v194-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v194-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\pan_sdn@hotmail.com\DFSR\Staging\CS{BB8C51D9-9141-2BC5-308F-85565A11FF97}\95\195-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v195-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v195-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\pan_sdn@hotmail.com\DFSR\Staging\CS{BB8C51D9-9141-2BC5-308F-85565A11FF97}\96\196-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v196-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v196-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\pan_sdn@hotmail.com\DFSR\Staging\CS{BB8C51D9-9141-2BC5-308F-85565A11FF97}\97\197-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v197-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v197-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\pan_sdn@hotmail.com\DFSR\Staging\CS{BB8C51D9-9141-2BC5-308F-85565A11FF97}\98\198-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v198-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v198-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\pan_sdn@hotmail.com\DFSR\Staging\CS{BB8C51D9-9141-2BC5-308F-85565A11FF97}\99\199-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v199-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v199-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\theclash1234@hotmail.com\DFSR\Staging\CS{F8FBB476-7D9C-8BFD-52C4-F2EA5AA47435}\20\120-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v120-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v120-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\theclash1234@hotmail.com\DFSR\Staging\CS{F8FBB476-7D9C-8BFD-52C4-F2EA5AA47435}\24\124-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v124-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v124-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\theclash1234@hotmail.com\DFSR\Staging\CS{F8FBB476-7D9C-8BFD-52C4-F2EA5AA47435}\25\125-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v125-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v125-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\vp-vagner@hotmail.com\DFSR\Staging\CS{AD3EE039-BAC7-AF05-DF5C-5B4F18A0F25B}\19\20-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v19-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\vp-vagner@hotmail.com\DFSR\Staging\CS{AD3EE039-BAC7-AF05-DF5C-5B4F18A0F25B}\21\21-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v21-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\vp-vagner@hotmail.com\DFSR\Staging\CS{AD3EE039-BAC7-AF05-DF5C-5B4F18A0F25B}\23\23-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v23-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\vp-vagner@hotmail.com\DFSR\Staging\CS{AD3EE039-BAC7-AF05-DF5C-5B4F18A0F25B}\24\24-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v24-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v24-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\vp-vagner@hotmail.com\DFSR\Staging\CS{AD3EE039-BAC7-AF05-DF5C-5B4F18A0F25B}\26\26-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v26-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\vp-vagner@hotmail.com\DFSR\Staging\CS{AD3EE039-BAC7-AF05-DF5C-5B4F18A0F25B}\27\27-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v27-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\vp-vagner@hotmail.com\DFSR\Staging\CS{AD3EE039-BAC7-AF05-DF5C-5B4F18A0F25B}\28\28-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v28-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\vp-vagner@hotmail.com\DFSR\Staging\CS{AD3EE039-BAC7-AF05-DF5C-5B4F18A0F25B}\29\29-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v29-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\vp-vagner@hotmail.com\DFSR\Staging\CS{AD3EE039-BAC7-AF05-DF5C-5B4F18A0F25B}\91\1890-{~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\George Sdonas\Local Settings\Application Data\Microsoft\Messenger\gsdonas@hotmail.com\SharingMetadata\vp-vagner@hotmail.com\DFSR\Staging\CS{AD3EE039-BAC7-AF05-DF5C-5B4F18A0F25B}\92\94-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v92-{C0A8D4CD-00BE-4F78-ADE2-682CEE542D1D}-v94-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

SSDT
-------------------
#: 066 Function Name: NtDeviceIoControlFile
Status: Hooked by "<unknown>" at address 0x82f8c4a0

Stealth Objects
-------------------
Object: Hidden Module [Name: SKYNETexjuciqr.dll]
Process: winlogon.exe (PID: 1128) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: SKYNETexjuciqr.dll]
Process: services.exe (PID: 1180) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: SKYNETexjuciqr.dll]
Process: lsass.exe (PID: 1200) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: SKYNETemovmtki.dll]
Process: svchost.exe (PID: 1376) Address: 0x00880000 Size: 53248

Object: Hidden Module [Name: SKYNETexjuciqr.dll]
Process: svchost.exe (PID: 1376) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: SKYNETexjuciqr.dll]
Process: svchost.exe (PID: 1468) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: SKYNETexjuciqr.dll]
Process: svchost.exe (PID: 1532) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: SKYNETexjuciqr.dll]
Process: svchost.exe (PID: 1612) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: SKYNETexjuciqr.dll]
Process: svchost.exe (PID: 1776) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: SKYNETexjuciqr.dll]
Process: spoolsv.exe (PID: 168) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: SKYNETexjuciqr.dll]
Process: ZcfgSvc.exe (PID: 236) Address: 0x00b70000 Size: 28672

Object: Hidden Module [Name: SKYNETexjuciqr.dll]
Process: Explorer.EXE (PID: 408) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: SKYNETexjuciqr.dll]
Process: svchost.exe (PID: 1108) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: SKYNETexjuciqr.dll]
Process: avgwdsvc.exe (PID: 1344) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: SKYNETexjuciqr.dll]
Process: svchost.exe (PID: 1556) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: SKYNETexjuciqr.dll]
Process: ehRecvr.exe (PID: 1624) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: SKYNETexjuciqr.dll]
Process: ehSched.exe (PID: 1656) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: SKYNETexjuciqr.dll]
Process: jqs.exe (PID: 1812) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: SKYNETexjuciqr.dll]
Process: avgrsx.exe (PID: 476) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: SKYNETexjuciqr.dll]
Process: avgnsx.exe (PID: 488) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: SKYNETexjuciqr.dll]
Process: MSCamSvc.exe (PID: 692) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: SKYNETexjuciqr.dll]
Process: svchost.exe (PID: 776) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: SKYNETexjuciqr.dll]
Process: svchost.exe (PID: 900) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: SKYNETexjuciqr.dll]
Process: mcrdsvc.exe (PID: 1876) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: SKYNETexjuciqr.dll]
Process: fxssvc.exe (PID: 2100) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: SKYNETexjuciqr.dll]
Process: alg.exe (PID: 2632) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: SKYNETexjuciqr.dll]
Process: dllhost.exe (PID: 2976) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: svchost.exe]
Process: svchost.exe (PID: 3076) Address: 0x01000000 Size: 20480

Object: Hidden Module [Name: SKYNETexjuciqr.dll]
Process: svchost.exe (PID: 3076) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: SKYNETexjuciqr.dll]
Process: svchost.exe (PID: 3264) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: SKYNETexjuciqr.dll]
Process: wuauclt.exe (PID: 3952) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: SKYNETexjuciqr.dll]
Process: firefox.exe (PID: 356) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: SKYNETexjuciqr.dll]
Process: RootRepeal.exe (PID: 2684) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: SKYNETexjuciqr.dll]
Process: avgscanx.exe (PID: 3928) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: SKYNETexjuciqr.dll]
Process: avgcsrvx.exe (PID: 736) Address: 0x10000000 Size: 28672

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x82f87ad0 Size: 1332

Object: Hidden Code [Driver: sr, IRP_MJ_CREATE]
Process: System Address: 0x82f87ad0 Size: 1332

Object: Hidden Code [Driver: FltMgr, IRP_MJ_CREATE]
Process: System Address: 0x82f87ad0 Size: 1332

Object: Hidden Code [Driver: Mup, IRP_MJ_CREATE]
Process: System Address: 0x82f87ad0 Size: 1332

Object: Hidden Code [Driver: AvgTdiX, IRP_MJ_CREATE]
Process: System Address: 0x82f8a740 Size: 1715

Object: Hidden Code [Driver: AvgTdiX, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x82f8a740 Size: 1715

Object: Hidden Code [Driver: AvgTdiX, IRP_MJ_CLOSE]
Process: System Address: 0x82f8a740 Size: 1715

Object: Hidden Code [Driver: AvgTdiX, IRP_MJ_READ]
Process: System Address: 0x82f8a740 Size: 1715

Object: Hidden Code [Driver: AvgTdiX, IRP_MJ_WRITE]
Process: System Address: 0x82f8a740 Size: 1715

Object: Hidden Code [Driver: AvgTdiX, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x82f8a740 Size: 1715

Object: Hidden Code [Driver: AvgTdiX, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x82f8a740 Size: 1715

Object: Hidden Code [Driver: AvgTdiX, IRP_MJ_QUERY_EA]
Process: System Address: 0x82f8a740 Size: 1715

Object: Hidden Code [Driver: AvgTdiX, IRP_MJ_SET_EA]
Process: System Address: 0x82f8a740 Size: 1715

Object: Hidden Code [Driver: AvgTdiX, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x82f8a740 Size: 1715

Object: Hidden Code [Driver: AvgTdiX, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x82f8a740 Size: 1715

Object: Hidden Code [Driver: AvgTdiX, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x82f8a740 Size: 1715

Object: Hidden Code [Driver: AvgTdiX, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x82f8a740 Size: 1715

Object: Hidden Code [Driver: AvgTdiX, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x82f8a740 Size: 1715

Object: Hidden Code [Driver: AvgTdiX, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82f8a740 Size: 1715

Object: Hidden Code [Driver: AvgTdiX, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x82f8a740 Size: 1715

Object: Hidden Code [Driver: AvgTdiX, IRP_MJ_SHUTDOWN]
Process: System Address: 0x82f8a740 Size: 1715

Object: Hidden Code [Driver: AvgTdiX, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x82f8a740 Size: 1715

Object: Hidden Code [Driver: AvgTdiX, IRP_MJ_CLEANUP]
Process: System Address: 0x82f8a740 Size: 1715

Object: Hidden Code [Driver: AvgTdiX, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x82f8a740 Size: 1715

Object: Hidden Code [Driver: AvgTdiX, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x82f8a740 Size: 1715

Object: Hidden Code [Driver: AvgTdiX, IRP_MJ_SET_SECURITY]
Process: System Address: 0x82f8a740 Size: 1715

Object: Hidden Code [Driver: AvgTdiX, IRP_MJ_POWER]
Process: System Address: 0x82f8a740 Size: 1715

Object: Hidden Code [Driver: AvgTdiX, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x82f8a740 Size: 1715

Object: Hidden Code [Driver: AvgTdiX, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x82f8a740 Size: 1715

Object: Hidden Code [Driver: AvgTdiX, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x82f8a740 Size: 1715

Object: Hidden Code [Driver: AvgTdiX, IRP_MJ_SET_QUOTA]
Process: System Address: 0x82f8a740 Size: 1715

Object: Hidden Code [Driver: RAW, IRP_MJ_CREATE]
Process: System Address: 0x82f87ad0 Size: 1332

Object: Hidden Code [Driver: PCTCore, IRP_MJ_CREATE]
Process: System Address: 0x82f87ad0 Size: 1332

Hidden Services
-------------------
Service Name: MBAMSwissArmy
Image Path: C:\WINDOWS\system32\drivers\mbamswissarmy.sys

Service Name: SKYNETbrnswvbl
Image Path: C:\WINDOWS\system32\drivers\SKYNETxfqpphqp.sys

==EOF==




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users