Here's the results from GMER
GMER 1.0.15.15077 [btcndcl0.exe] -
http://www.gmer.netRootkit scan 2009-08-30 00:09:00
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT 89990BA0 ZwAlertResumeThread
SSDT 8990EC50 ZwAlertThread
SSDT 898A17B8 ZwAllocateVirtualMemory
SSDT 897FE108 ZwAssignProcessToJobObject
SSDT 898B1A20 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB6DD9020]
SSDT 89860C48 ZwCreateMutant
SSDT 89A36E30 ZwCreateSymbolicLinkObject
SSDT 89981CB8 ZwCreateThread
SSDT 899082E0 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB6DD92A0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB6DD9800]
SSDT 8989D7D8 ZwDuplicateObject
SSDT 898A4770 ZwFreeVirtualMemory
SSDT 8990AA48 ZwImpersonateAnonymousToken
SSDT 8997A210 ZwImpersonateThread
SSDT 89838108 ZwLoadDriver
SSDT 8977E1C0 ZwMapViewOfSection
SSDT 89898D28 ZwOpenEvent
SSDT 898B6A58 ZwOpenProcess
SSDT 89A65840 ZwOpenProcessToken
SSDT 8991D2F0 ZwOpenSection
SSDT 8989FB28 ZwOpenThread
SSDT 8994EE48 ZwProtectVirtualMemory
SSDT 89A4CC50 ZwResumeThread
SSDT 8998B758 ZwSetContextThread
SSDT 899E3988 ZwSetInformationProcess
SSDT 89921E30 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB6DD9A50]
SSDT 897A5228 ZwSuspendProcess
SSDT 89912460 ZwSuspendThread
SSDT 89A522A8 ZwTerminateProcess
SSDT 899922C8 ZwTerminateThread
SSDT 899874E8 ZwUnmapViewOfSection
SSDT 898039D8 ZwWriteVirtualMemory
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 VolumeFilter.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 VolumeFilter.sys
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdefrqmwi@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdefrqmwi@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdefrqmwi@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdefrqmwi@imagepath \systemroot\system32\drivers\SKYNETaldgwkvj.sys
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdefrqmwi\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdefrqmwi\main@aid 10002
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdefrqmwi\main@sid 1
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdefrqmwi\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdefrqmwi\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdefrqmwi\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdefrqmwi\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdefrqmwi\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdefrqmwi\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdefrqmwi\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETaldgwkvj.sys
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdefrqmwi\modules@SKYNETcmd.dll \systemroot\system32\SKYNETlixejynb.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdefrqmwi\modules@SKYNETlog.dat \systemroot\system32\SKYNETakstvuue.dat
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdefrqmwi\modules@SKYNETwsp.dll \systemroot\system32\SKYNETnkqonxex.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdefrqmwi\modules@SKYNET.dat \systemroot\system32\SKYNETyljapyah.dat
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACeagufqsmsm.sys
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACeagufqsmsm.sys
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACwfhlditqpx.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACceptgoelwj.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcyuifontie.dat
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACjrptgxqoke.db
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACqaikclytnt.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACxlwpabdlqr.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACngcvkadxmr.dll
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETdefrqmwi@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETdefrqmwi@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETdefrqmwi@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETdefrqmwi@imagepath \systemroot\system32\drivers\SKYNETaldgwkvj.sys
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETdefrqmwi\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETdefrqmwi\main@aid 10002
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETdefrqmwi\main@sid 1
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETdefrqmwi\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETdefrqmwi\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETdefrqmwi\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETdefrqmwi\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETdefrqmwi\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETdefrqmwi\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETdefrqmwi\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETaldgwkvj.sys
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETdefrqmwi\modules@SKYNETcmd.dll \systemroot\system32\SKYNETlixejynb.dll
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETdefrqmwi\modules@SKYNETlog.dat \systemroot\system32\SKYNETakstvuue.dat
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETdefrqmwi\modules@SKYNETwsp.dll \systemroot\system32\SKYNETnkqonxex.dll
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETdefrqmwi\modules@SKYNET.dat \systemroot\system32\SKYNETyljapyah.dat
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACeagufqsmsm.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACeagufqsmsm.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACwfhlditqpx.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACceptgoelwj.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcyuifontie.dat
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACjrptgxqoke.db
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACqaikclytnt.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACxlwpabdlqr.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACngcvkadxmr.dll
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETdefrqmwi@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETdefrqmwi@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETdefrqmwi@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETdefrqmwi@imagepath \systemroot\system32\drivers\SKYNETaldgwkvj.sys
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETdefrqmwi\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETdefrqmwi\main@aid 10002
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETdefrqmwi\main@sid 1
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETdefrqmwi\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETdefrqmwi\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETdefrqmwi\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETdefrqmwi\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETdefrqmwi\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETdefrqmwi\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETdefrqmwi\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETaldgwkvj.sys
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETdefrqmwi\modules@SKYNETcmd.dll \systemroot\system32\SKYNETlixejynb.dll
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETdefrqmwi\modules@SKYNETlog.dat \systemroot\system32\SKYNETakstvuue.dat
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETdefrqmwi\modules@SKYNETwsp.dll \systemroot\system32\SKYNETnkqonxex.dll
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETdefrqmwi\modules@SKYNET.dat \systemroot\system32\SKYNETyljapyah.dat
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACeagufqsmsm.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACeagufqsmsm.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACwfhlditqpx.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACceptgoelwj.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcyuifontie.dat
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACjrptgxqoke.db
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACqaikclytnt.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACxlwpabdlqr.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACngcvkadxmr.dll
Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETdefrqmwi@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETdefrqmwi@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETdefrqmwi@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETdefrqmwi@imagepath \systemroot\system32\drivers\SKYNETaldgwkvj.sys
Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETdefrqmwi\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETdefrqmwi\main@aid 10002
Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETdefrqmwi\main@sid 1
Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETdefrqmwi\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETdefrqmwi\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETdefrqmwi\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETdefrqmwi\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETdefrqmwi\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETdefrqmwi\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETdefrqmwi\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETaldgwkvj.sys
Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETdefrqmwi\modules@SKYNETcmd.dll \systemroot\system32\SKYNETlixejynb.dll
Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETdefrqmwi\modules@SKYNETlog.dat \systemroot\system32\SKYNETakstvuue.dat
Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETdefrqmwi\modules@SKYNETwsp.dll \systemroot\system32\SKYNETnkqonxex.dll
Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETdefrqmwi\modules@SKYNET.dat \systemroot\system32\SKYNETyljapyah.dat
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACeagufqsmsm.sys
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACeagufqsmsm.sys
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACwfhlditqpx.dll
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACceptgoelwj.dll
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcyuifontie.dat
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACjrptgxqoke.db
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACqaikclytnt.dll
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACxlwpabdlqr.dll
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACngcvkadxmr.dll
Reg HKLM\SYSTEM\ControlSet005\Services\SKYNETdefrqmwi@start 1
Reg HKLM\SYSTEM\ControlSet005\Services\SKYNETdefrqmwi@type 1
Reg HKLM\SYSTEM\ControlSet005\Services\SKYNETdefrqmwi@group file system
Reg HKLM\SYSTEM\ControlSet005\Services\SKYNETdefrqmwi@imagepath \systemroot\system32\drivers\SKYNETaldgwkvj.sys
Reg HKLM\SYSTEM\ControlSet005\Services\SKYNETdefrqmwi\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\SKYNETdefrqmwi\main@aid 10002
Reg HKLM\SYSTEM\ControlSet005\Services\SKYNETdefrqmwi\main@sid 1
Reg HKLM\SYSTEM\ControlSet005\Services\SKYNETdefrqmwi\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet005\Services\SKYNETdefrqmwi\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\SKYNETdefrqmwi\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\SKYNETdefrqmwi\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\ControlSet005\Services\SKYNETdefrqmwi\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\SKYNETdefrqmwi\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\SKYNETdefrqmwi\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETaldgwkvj.sys
Reg HKLM\SYSTEM\ControlSet005\Services\SKYNETdefrqmwi\modules@SKYNETcmd.dll \systemroot\system32\SKYNETlixejynb.dll
Reg HKLM\SYSTEM\ControlSet005\Services\SKYNETdefrqmwi\modules@SKYNETlog.dat \systemroot\system32\SKYNETakstvuue.dat
Reg HKLM\SYSTEM\ControlSet005\Services\SKYNETdefrqmwi\modules@SKYNETwsp.dll \systemroot\system32\SKYNETnkqonxex.dll
Reg HKLM\SYSTEM\ControlSet005\Services\SKYNETdefrqmwi\modules@SKYNET.dat \systemroot\system32\SKYNETyljapyah.dat
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACeagufqsmsm.sys
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACeagufqsmsm.sys
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACwfhlditqpx.dll
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACceptgoelwj.dll
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcyuifontie.dat
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACjrptgxqoke.db
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACqaikclytnt.dll
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACxlwpabdlqr.dll
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACngcvkadxmr.dll
Reg HKLM\SYSTEM\ControlSet006\Services\SKYNETdefrqmwi@start 1
Reg HKLM\SYSTEM\ControlSet006\Services\SKYNETdefrqmwi@type 1
Reg HKLM\SYSTEM\ControlSet006\Services\SKYNETdefrqmwi@group file system
Reg HKLM\SYSTEM\ControlSet006\Services\SKYNETdefrqmwi@imagepath \systemroot\system32\drivers\SKYNETaldgwkvj.sys
Reg HKLM\SYSTEM\ControlSet006\Services\SKYNETdefrqmwi\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\SKYNETdefrqmwi\main@aid 10002
Reg HKLM\SYSTEM\ControlSet006\Services\SKYNETdefrqmwi\main@sid 1
Reg HKLM\SYSTEM\ControlSet006\Services\SKYNETdefrqmwi\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet006\Services\SKYNETdefrqmwi\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\SKYNETdefrqmwi\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\SKYNETdefrqmwi\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\ControlSet006\Services\SKYNETdefrqmwi\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\SKYNETdefrqmwi\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\SKYNETdefrqmwi\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETaldgwkvj.sys
Reg HKLM\SYSTEM\ControlSet006\Services\SKYNETdefrqmwi\modules@SKYNETcmd.dll \systemroot\system32\SKYNETlixejynb.dll
Reg HKLM\SYSTEM\ControlSet006\Services\SKYNETdefrqmwi\modules@SKYNETlog.dat \systemroot\system32\SKYNETakstvuue.dat
Reg HKLM\SYSTEM\ControlSet006\Services\SKYNETdefrqmwi\modules@SKYNETwsp.dll \systemroot\system32\SKYNETnkqonxex.dll
Reg HKLM\SYSTEM\ControlSet006\Services\SKYNETdefrqmwi\modules@SKYNET.dat \systemroot\system32\SKYNETyljapyah.dat
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACeagufqsmsm.sys
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACeagufqsmsm.sys
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACwfhlditqpx.dll
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACceptgoelwj.dll
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcyuifontie.dat
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACjrptgxqoke.db
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACqaikclytnt.dll
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACxlwpabdlqr.dll
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACngcvkadxmr.dll
Reg HKLM\SYSTEM\ControlSet007\Services\SKYNETdefrqmwi@start 1
Reg HKLM\SYSTEM\ControlSet007\Services\SKYNETdefrqmwi@type 1
Reg HKLM\SYSTEM\ControlSet007\Services\SKYNETdefrqmwi@group file system
Reg HKLM\SYSTEM\ControlSet007\Services\SKYNETdefrqmwi@imagepath \systemroot\system32\drivers\SKYNETaldgwkvj.sys
Reg HKLM\SYSTEM\ControlSet007\Services\SKYNETdefrqmwi\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\SKYNETdefrqmwi\main@aid 10002
Reg HKLM\SYSTEM\ControlSet007\Services\SKYNETdefrqmwi\main@sid 1
Reg HKLM\SYSTEM\ControlSet007\Services\SKYNETdefrqmwi\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet007\Services\SKYNETdefrqmwi\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\SKYNETdefrqmwi\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\SKYNETdefrqmwi\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\ControlSet007\Services\SKYNETdefrqmwi\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\SKYNETdefrqmwi\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\SKYNETdefrqmwi\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETaldgwkvj.sys
Reg HKLM\SYSTEM\ControlSet007\Services\SKYNETdefrqmwi\modules@SKYNETcmd.dll \systemroot\system32\SKYNETlixejynb.dll
Reg HKLM\SYSTEM\ControlSet007\Services\SKYNETdefrqmwi\modules@SKYNETlog.dat \systemroot\system32\SKYNETakstvuue.dat
Reg HKLM\SYSTEM\ControlSet007\Services\SKYNETdefrqmwi\modules@SKYNETwsp.dll \systemroot\system32\SKYNETnkqonxex.dll
Reg HKLM\SYSTEM\ControlSet007\Services\SKYNETdefrqmwi\modules@SKYNET.dat \systemroot\system32\SKYNETyljapyah.dat
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACeagufqsmsm.sys
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACeagufqsmsm.sys
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACwfhlditqpx.dll
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACceptgoelwj.dll
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcyuifontie.dat
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACjrptgxqoke.db
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACqaikclytnt.dll
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACxlwpabdlqr.dll
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACngcvkadxmr.dll
Reg HKLM\SYSTEM\ControlSet008\Services\SKYNETdefrqmwi@start 1
Reg HKLM\SYSTEM\ControlSet008\Services\SKYNETdefrqmwi@type 1
Reg HKLM\SYSTEM\ControlSet008\Services\SKYNETdefrqmwi@group file system
Reg HKLM\SYSTEM\ControlSet008\Services\SKYNETdefrqmwi@imagepath \systemroot\system32\drivers\SKYNETaldgwkvj.sys
Reg HKLM\SYSTEM\ControlSet008\Services\SKYNETdefrqmwi\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\SKYNETdefrqmwi\main@aid 10002
Reg HKLM\SYSTEM\ControlSet008\Services\SKYNETdefrqmwi\main@sid 1
Reg HKLM\SYSTEM\ControlSet008\Services\SKYNETdefrqmwi\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet008\Services\SKYNETdefrqmwi\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\SKYNETdefrqmwi\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\SKYNETdefrqmwi\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\ControlSet008\Services\SKYNETdefrqmwi\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\SKYNETdefrqmwi\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\SKYNETdefrqmwi\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETaldgwkvj.sys
Reg HKLM\SYSTEM\ControlSet008\Services\SKYNETdefrqmwi\modules@SKYNETcmd.dll \systemroot\system32\SKYNETlixejynb.dll
Reg HKLM\SYSTEM\ControlSet008\Services\SKYNETdefrqmwi\modules@SKYNETlog.dat \systemroot\system32\SKYNETakstvuue.dat
Reg HKLM\SYSTEM\ControlSet008\Services\SKYNETdefrqmwi\modules@SKYNETwsp.dll \systemroot\system32\SKYNETnkqonxex.dll
Reg HKLM\SYSTEM\ControlSet008\Services\SKYNETdefrqmwi\modules@SKYNET.dat \systemroot\system32\SKYNETyljapyah.dat
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACeagufqsmsm.sys
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACeagufqsmsm.sys
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACwfhlditqpx.dll
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACceptgoelwj.dll
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcyuifontie.dat
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACjrptgxqoke.db
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACqaikclytnt.dll
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACxlwpabdlqr.dll
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACngcvkadxmr.dll
---- EOF - GMER 1.0.15 ----