Thread: Pop ups, slow machine..
View Single Post
Old 06-20-2006, 08:11 PM   #10 (permalink)
dirtmcgirt
Registered User
 
Join Date: Jan 2006
Posts: 28
OS: 2000/XP


GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-06-20 19:27:57
Windows 5.1.2600 Service Pack 1


---- System - GMER 1.0.10 ----

SSDT 845A8109 ZwCreateThread

---- EOF - GMER 1.0.10 ----


-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, June 20, 2006 9:10:55 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 21/06/2006
Kaspersky Anti-Virus database records: 201686
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 84674
Number of viruses found: 37
Number of infected objects: 82
Number of suspicious objects: 2
Duration of the scan process: 00:33:29

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\hostsmgr.exe/BAT Infected: Trojan.BAT.KillAV.cr skipped
C:\WINDOWS\hostsmgr.exe QuickBatch: infected - 1 skipped
C:\WINDOWS\hostsmgr.exe PECompact: infected - 1 skipped
C:\WINDOWS\hostsmgr.exe PecBundle: infected - 1 skipped
C:\WINDOWS\hostsmgr.exe PE_Patch.PECompact: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MaxSearch.zip/mc-110-12-0000228.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MaxSearch.zip ZIP: suspicious - 1 skipped
C:\Program Files\Screensavers.com\Installer\temp\pltbinst.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.Comet.ax skipped
C:\Program Files\Screensavers.com\Installer\temp\pltbinst.exe/stream Infected: not-a-virus:AdWare.Win32.Comet.ax skipped
C:\Program Files\Screensavers.com\Installer\temp\pltbinst.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP725\A0058972.exe/hostsmgr.exe/BAT Infected: Trojan.BAT.KillAV.cr skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP725\A0058972.exe/hostsmgr.exe Infected: Trojan.BAT.KillAV.cr skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP725\A0058972.exe/mc-110-12-0000488.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP725\A0058972.exe/mc-110-12-0000488.exe Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP725\A0058972.exe Instyler: infected - 4 skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP727\A0061534.EXE Infected: Backdoor.Win32.SdBot.aad skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP727\A0061581.pif Infected: Trojan-Downloader.Win32.Adload.bq skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP727\A0061582.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP727\A0061583.exe Infected: Trojan-Downloader.Win32.Adload.bq skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP727\A0061584.EXE Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP727\A0061585.exe/data.rar/booterror.exe Infected: Trojan-Downloader.Win32.Adload.bo skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP727\A0061585.exe/data.rar/cmdmgr.exe/hostsmgr.exe/BAT Infected: Trojan.BAT.KillAV.cr skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP727\A0061585.exe/data.rar/cmdmgr.exe/hostsmgr.exe Infected: Trojan.BAT.KillAV.cr skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP727\A0061585.exe/data.rar/cmdmgr.exe/mc-110-12-0000488.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP727\A0061585.exe/data.rar/cmdmgr.exe/mc-110-12-0000488.exe Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP727\A0061585.exe/data.rar/cmdmgr.exe Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP727\A0061585.exe/data.rar Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP727\A0061585.exe RarSFX: infected - 7 skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP727\A0061586.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP727\A0061587.exe Infected: Trojan-Dropper.Win32.Agent.aie skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP727\A0061588.exe Infected: Trojan-Downloader.Win32.Agent.ala skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP727\A0061589.exe Infected: Trojan-Downloader.Win32.Small.cqy skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP727\A0061590.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP727\A0061591.exe Infected: Trojan-Dropper.Win32.Mudrop.bq skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP727\A0061592.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP727\A0061593.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP728\A0061660.exe/data0004 Infected: Trojan-Downloader.MSIL.Agent.a skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP728\A0061660.exe/data0010 Infected: Trojan.Win32.Zapchast.bl skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP728\A0061660.exe/data0011/data0006 Infected: Trojan-Dropper.Win32.VB.mz skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP728\A0061660.exe/data0011 Infected: Trojan-Dropper.Win32.VB.mz skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP728\A0061660.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP728\A0061662.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP728\A0061662.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP728\A0061662.exe UPX: infected - 1 skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP728\A0061662.exe PE_Patch.UPX: infected - 1 skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP728\A0061664.exe Infected: Trojan-Downloader.Win32.Tiny.cl skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP728\A0061666.exe/data0002 Infected: not-a-virus:AdWare.Win32.CASClient.l skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP728\A0061666.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP728\A0061672.scr Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP652\A0044038.exe Infected: Trojan-Downloader.Win32.IstBar.gen skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP708\A0052171.exe/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.at skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP708\A0052171.exe/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.at skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP708\A0052171.exe/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ao skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP708\A0052171.exe/InpB/Ssk3RepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP708\A0052171.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP708\A0052171.exe CAB: infected - 5 skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP711\A0052685.exe/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.at skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP711\A0052685.exe/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.at skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP711\A0052685.exe/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ao skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP711\A0052685.exe/InpB/Ssk3RepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP711\A0052685.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP711\A0052685.exe CAB: infected - 5 skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059857.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.p skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059858.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ai skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059859.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.d skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059860.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.z skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059861.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059862.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059864.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.af skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059865.SCR Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059866.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.v skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059867.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059868.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059869.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059870.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059872.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.f skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059873.DLL Infected: not-a-virus:AdWare.Win32.IWon.a skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059874.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059875.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.t skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059876.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ad skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059878.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059879.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059880.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{9CC45980-3CE7-42AE-8CEE-55865BC21B9A}\RP726\A0059881.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped

Scan process completed.
dirtmcgirt is offline