Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Is this infection causing my desktop problem?

Started by Plutox , Jan 01 2010 11:17 AM

  • Please log in to reply

#1
Plutox
Posted 01 January 2010 - 11:17 AM

Plutox

    Member

  • Member
  • PipPipPip
  • 349 posts
Although I have uninstalled the Canon i350 driver program (with Revo Uninstaller) my desktop is full of its eula and Readme files which I cannot get rid of.

I have been instructed to run Malware and Spyware programs and have come up with the following logs showing some infection.

Whether removing this will solve or not the desktop problem I'd be grateful to know how I can fix this infection. My netbook (with Ad-Aware and pre installed McAfee Pro) is new and the downloading of the Canon driver started this off.

It won't be much trouble to go back to Factory Settings - will this help? Please see the following logs:-

Malwarebytes' Anti-Malware 1.43
Database version: 3468
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

01/01/2010 15:44:54
mbam-log-2010-01-01 (15-44-44).txt

Scan type: Quick Scan
Objects scanned: 104402
Time elapsed: 14 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\kt_bho.KettleBho (Trojan.BHO) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/01 15:57
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9F16000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B35000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA9801000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "Lbd.sys" at address 0xf765b87e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "Lbd.sys" at address 0xf765bbfe

==EOF==

Opening the oldtimer OTL.exe I got these error messages

16:30:37: FOPS - DeviceIoControl Error! Error Code = 0xc0000001 Extended Info (0x00000094)
16:30:37: DeviceIoControl Error! Error Code = 0x1e7
16:30:37: FOPS - DeviceIoControl Error! Error Code = 0xc0000001 Extended Info (0x00000094)
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP