Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Is this infection causing my desktop problem?


  • Please log in to reply

#1
Plutox

Plutox

    Member

  • Member
  • PipPipPip
  • 334 posts
Although I have uninstalled the Canon i350 driver program (with Revo Uninstaller) my desktop is full of its eula and Readme files which I cannot get rid of.

I have been instructed to run Malware and Spyware programs and have come up with the following logs showing some infection.

Whether removing this will solve or not the desktop problem I'd be grateful to know how I can fix this infection. My netbook (with Ad-Aware and pre installed McAfee Pro) is new and the downloading of the Canon driver started this off.

It won't be much trouble to go back to Factory Settings - will this help? Please see the following logs:-

Malwarebytes' Anti-Malware 1.43
Database version: 3468
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

01/01/2010 15:44:54
mbam-log-2010-01-01 (15-44-44).txt

Scan type: Quick Scan
Objects scanned: 104402
Time elapsed: 14 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\kt_bho.KettleBho (Trojan.BHO) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/01 15:57
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9F16000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B35000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA9801000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "Lbd.sys" at address 0xf765b87e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "Lbd.sys" at address 0xf765bbfe

==EOF==

Opening the oldtimer OTL.exe I got these error messages

16:30:37: FOPS - DeviceIoControl Error! Error Code = 0xc0000001 Extended Info (0x00000094)
16:30:37: DeviceIoControl Error! Error Code = 0x1e7
16:30:37: FOPS - DeviceIoControl Error! Error Code = 0xc0000001 Extended Info (0x00000094)
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP