| |
01-16-2010, 09:02 AM
| ||||
| ||||
 Worm Helkern '... Attacking computer has not been blocked, its address is possibly spoofed' I am currently going through the Preliminary Removal Thread. I have checked the registry but there is no entry there for this worm. The last issue i had with this laptop, about 2 months ago was and is that i cannot install sp1 or 2 for vista home edition. There are 2 many other updates for vista, i did go through them but none of them updated so im stuck with what i have. I have been aware of this since i bought this laptop, and now it feels that either i dispose of it or wait for someone to steal my details. Will complete the Preliminary Removal Thread and post. Thanks       |
|
01-16-2010, 01:37 PM
| ||||
| ||||
| mba log: Malwarebytes' Anti-Malware 1.44 Database version: 3575 Windows 6.0.6000 Internet Explorer 7.0.6000.16945 16/01/2010 16:08:34 mbam-log-2010-01-16 (16-08-34).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 219071 Time elapsed: 2 hour(s), 41 minute(s), 41 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ------------------------------------------------------------------------------- gmer.log: GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-01-16 17:08:53 Windows 6.0.6000 Running: ewe6ty4f.exe; Driver: C:\Users\comet792\AppData\Local\Temp\kwlyrpog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x90825BD0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x9082752C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x90827782] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x908279FC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x90826450] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x90826B32] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x90826F3C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x908265F8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x90826E14] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x908257D6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x90826CD0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x90825992] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x9082706E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0x90828CB0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x908260EE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x90826D72] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x908286A2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x90829672] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x90826752] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x90828734] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x90828D64] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x90826FDE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x908264D2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x90826EAC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x90825DD6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x90828CDA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x90827110] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x90825CFA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x90827C3E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x9082907C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x908289CA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x9082749A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x90827360] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x90828442] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x90829554] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x9082686C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x9082630C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x90827CF2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x9082882E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x908291BC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x908292A0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x908293C8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x908285CE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x90825F4E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x90825EA4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x90828F32] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x9082602E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x908261EE] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 3D4 854808E0 16 Bytes [92, 59, 82, 90, 6E, 70, 82, ...] {XCHG EDX, EAX; POP ECX; ADC BYTE [EAX-0x6f7d8f92], -0x50; MOV WORD [EDX-0x7d9f1170], ES; NOP } .text ntkrnlpa.exe!ZwCallbackReturn + 7E0 85480CEC 12 Bytes [A0, 92, 82, 90, C8, 93, 82, ...] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7508FBC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7505B9AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7504A31F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [7504CBFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [75048AB2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7505CF28] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [75047D98] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [75047CFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [75046A64] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [750DC1D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [75067F56] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [750490CD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [75052179] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [750521A4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [75057F1C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [75057D3E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [750883D5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs AVHook.sys (PC Tools Filter Driver for Windows 2000/XP/PC Tools Research Pty Ltd.) AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D 79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D 79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D 79C293C1ED61418462E24595C90D04@ujdew 0x47 0x07 0x93 0x26 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@ujdew 0x47 0x07 0x93 0x26 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@ujdew 0x47 0x07 0x93 0x26 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@ujdew 0x47 0x07 0x93 0x26 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@ujdew 0x47 0x07 0x93 0x26 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@ujdew 0x47 0x07 0x93 0x26 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@ujdew 0x47 0x07 0x93 0x26 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@ujdew 0x47 0x07 0x93 0x26 ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@ujdew 0x47 0x07 0x93 0x26 ... Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@ujdew 0x47 0x07 0x93 0x26 ... Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@ujdew 0x47 0x07 0x93 0x26 ... Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@ujdew 0x47 0x07 0x93 0x26 ... Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@ujdew 0x47 0x07 0x93 0x26 ... Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@ujdew 0x47 0x07 0x93 0x26 ... Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@ujdew 0x47 0x07 0x93 0x26 ... Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@ujdew 0x47 0x07 0x93 0x26 ... Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@ujdew 0x47 0x07 0x93 0x26 ... Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@ujdew 0x47 0x07 0x93 0x26 ... Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@ujdew 0x47 0x07 0x93 0x26 ... Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@ujdew 0x47 0x07 0x93 0x26 ... Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@ujdew 0x47 0x07 0x93 0x26 ... Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@ujdew 0x47 0x07 0x93 0x26 ... Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@ujdew 0x47 0x07 0x93 0x26 ... Reg HKLM\SYSTEM\ControlSet024\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet024\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet024\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@ujdew 0x47 0x07 0x93 0x26 ... Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@ujdew 0x47 0x07 0x93 0x26 ... Reg HKLM\SYSTEM\ControlSet026\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet026\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet026\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@ujdew 0x47 0x07 0x93 0x26 ... Reg HKLM\SYSTEM\ControlSet027\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet027\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet027\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@ujdew 0x47 0x07 0x93 0x26 ... ---- EOF - GMER 1.0.15 ---- ------------------------------------------------------------------------------------ dds - dds is a scr (script) file, on my system this file type is associated with autocad, hence it does not run! That's it! Tell me one thing, if i use a on-screen keyboard to input login details whilst online banking, is this safe enough or should i not do anymore sensitive internet stuff? |
|
01-19-2010, 06:59 PM
| ||||
| ||||
| You might benefit for the information found here: http://forum.kaspersky.com/lofiversi...hp/t10632.html As for your keyboard question: it doesn't matter where the keyboard is- it's still putting the data through the computer system. FYI: dds.scr is the tool to run DDS.
__________________ wave:Computer Support and Help Virus & Malware Removal Tutorials on "How To...." Stop Nuisance Startups |
|
01-20-2010, 02:23 AM
| ||||
| ||||
| Thanks very much for your feedback. I already read various things like the posts in kaspersky forum. And i do realise that dds.scr is the tool to run DDS. It still wont run. Ultimately, this doesnt tell me if my computer is clean or not, so effectively it is useless, since i travel, live and work in different parts of the world and need to bank online from time to time. And i have read that using a 'on-screen' or 'virtual keyboard' (from other sites not here) can guard against keyloggers getting my data. This, then, is very irresponsible advice. You can close this post as i hand this laptop over to my 4 year old, with chocolate covered fingers, and see how long it takes her to take it apart. Thanks for your assistance. |
|
01-20-2010, 09:57 AM
| ||||
| ||||
| My apology for the "irresponsible advice." One has to ask- if you knew this already, why did you ask?
__________________ wave:Computer Support and Help Virus & Malware Removal Tutorials on "How To...." Stop Nuisance Startups |
 |
| Thread Tools | Search this Thread |
| Display Modes | |
| |
Copyright © 2009 Tech-101.com. All rights reserved.
Linear Mode
