Free Malware Removal Forum

[peku006]

Hi Driftmom

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  

  Code: Select all

  :regfind
  $sys$caj.dll
  

  
  
• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found at on your Desktop entitled SystemLook.txt

Thanks peku006

[Driftmom]

SystemLook v1.0 by jpshortstuff (24.04.09)
Log created at 19:37 on 14/05/2009 by HP_Administrator (Administrator - Elevation successful)

========== regfind ==========

Searching for "$sys$caj.dll"
No data found.

-=End Of File=-

Hmm...should I perform a scan with my anti-virus program?

[Driftmom]

If it'll help, here's the anti-virus scan:



Avira AntiVir Personal
Report file date: Thursday, May 14, 2009 19:38

Scanning for 1394607 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: ROSEMARY

Version information:
BUILD.DAT : 8.2.0.348 16934 Bytes 3/23/2009 13:44:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 14:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 13:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 18:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 13:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 17:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 01:31:59
ANTIVIR2.VDF : 7.1.3.185 2010112 Bytes 5/12/2009 00:50:27
ANTIVIR3.VDF : 7.1.3.207 98304 Bytes 5/14/2009 23:37:22
Engineversion : 8.2.0.166
AEVDF.DLL : 8.1.1.1 106868 Bytes 5/6/2009 18:52:04
AESCRIPT.DLL : 8.1.1.81 385401 Bytes 5/14/2009 00:50:42
AESCN.DLL : 8.1.1.10 127348 Bytes 4/5/2009 11:39:38
AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 19:58:38
AEPACK.DLL : 8.1.3.16 397686 Bytes 5/14/2009 00:50:40
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2/28/2009 03:54:51
AEHEUR.DLL : 8.1.0.128 1757559 Bytes 5/14/2009 00:50:37
AEHELP.DLL : 8.1.2.2 119158 Bytes 2/28/2009 03:54:43
AEGEN.DLL : 8.1.1.42 348531 Bytes 5/14/2009 00:50:30
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 16:05:56
AECORE.DLL : 8.1.6.9 176500 Bytes 4/18/2009 04:40:51
AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 16:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 14:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 15:28:01
AVREP.DLL : 8.0.0.3 155688 Bytes 4/18/2009 04:40:48
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 17:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 14:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 18:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 23:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 18:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 18:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 19:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 19:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Thursday, May 14, 2009 19:38

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'NOTEPAD.EXE' - '1' Module(s) have been scanned
Scan process 'SystemLook.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'kbd.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Scan process 'DiscStreamHub.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'Updates from HP.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'DISCover.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'hpgs2wnf.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'hpgs2wnd.exe' - '1' Module(s) have been scanned
Scan process 'DMAScheduler.exe' - '1' Module(s) have been scanned
Scan process 'arpwrmsg.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ZuneNss.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'WUSB54GC.exe' - '1' Module(s) have been scanned
Scan process 'WLService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'arservice.exe' - '1' Module(s) have been scanned
Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
63 processes with 63 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '75' files ).


Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\a18cfade43a197deb0f5\update\update.exe
[WARNING] The file could not be opened!
C:\a18cfade43a197deb0f5\update\wpdinstallutil.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent21.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent51.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[WARNING] The file was ignored!
C:\Documents and Settings\HP_Administrator\Desktop\Old Documents\Documents and Settings\Administrator\Desktop\Desktop Documents\Temporary Document.doc
[0] Archive type: CAB (Microsoft)
--> tdc.ocx
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Program Files\WildTangent\Apps\My HP Game Console\Uninstall.exe
[DETECTION] Contains recognition pattern of the DR/Zlob.Gen dropper
[WARNING] The file was ignored!
C:\Qoobox\Quarantine\C\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\ctfmon.exe.vir
[DETECTION] Is the TR/VB.AQT Trojan
[WARNING] The file was ignored!
C:\Qoobox\Quarantine\C\Recycled\Recycled\ctfmon.exe.vir
[DETECTION] Is the TR/VB.AQT Trojan
[WARNING] The file was ignored!
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\$sys$cor.sys.vir
[DETECTION] Contains recognition pattern of the RKIT/Rootkit.XCP.8 root kit
[WARNING] The file was ignored!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP540\A0060251.inf
[DETECTION] Contains recognition pattern of the WORM/VB.FI.9 worm
[WARNING] The file was ignored!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP540\A0060252.exe
[DETECTION] Is the TR/VB.AQT Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP540\A0060256.exe
[DETECTION] Is the TR/VB.AQT Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP542\A0060480.sys
[DETECTION] Contains recognition pattern of the RKIT/Rootkit.XCP.8 root kit
[WARNING] The file was ignored!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP551\A0061253.dll
[DETECTION] Contains recognition pattern of the RKIT/Rootkit.XCP.2 root kit
[WARNING] The file was ignored!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP551\A0061254.exe
[DETECTION] Contains recognition pattern of the RKIT/Rootkit.XCP.3 root kit
[WARNING] The file was ignored!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP553\A0061295.exe
[DETECTION] Contains recognition pattern of the RKIT/Rootkit.XCP.3 root kit
[WARNING] The file was ignored!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP555\A0061394.dll
[DETECTION] Contains recognition pattern of the RKIT/Rootkit.XCP.2 root kit
[WARNING] The file was ignored!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP555\A0061395.sys
[DETECTION] Contains recognition pattern of the RKIT/Rootkit.XCP.B.4 root kit
[WARNING] The file was ignored!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP555\A0061396.sys
[DETECTION] Contains recognition pattern of the RKIT/Rootkit.XCP.7 root kit
[WARNING] The file was ignored!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP555\A0061397.exe
[DETECTION] Contains recognition pattern of the RKIT/Rootkit.XCP.5 root kit
[WARNING] The file was ignored!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP555\A0061398.exe
[DETECTION] Contains recognition pattern of the RKIT/Rootkit.XCP.1 root kit
[WARNING] The file was ignored!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP555\A0061399.exe
[DETECTION] Contains recognition pattern of the RKIT/Rootkit.XCP.3 root kit
[WARNING] The file was ignored!
Begin scan in 'D:\' <HP_RECOVERY>
D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP540\A0060253.inf
[DETECTION] Is the TR/VB.aqt.58 Trojan
[WARNING] The file was ignored!
D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP549\A0060889.exe
[DETECTION] Is the TR/VB.AQT Trojan
[WARNING] The file was ignored!


End of the scan: Thursday, May 14, 2009 20:40
Used time: 1:02:08 Hour(s)

The scan has been done completely.

11569 Scanning directories
578949 Files were scanned
19 viruses and/or unwanted programs were found
2 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
4 Files cannot be scanned
578924 Files not concerned
16573 Archives were scanned
30 Warnings
2 Notes

[peku006]

Hi Driftmom
it looks good, but you need to do the following steps......

Please download OTCleanIt and save it to desktop.

• Double-click OTCleanIt.exe.
• Click the CleanUp! button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

• Clear Infected System Restore Points
  
  • Turn System Restore off
  • On the Desktop, right click on the My Computer icon.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
    Restart your computer
    
  • Turn System Restore on
  • On the Desktop, right click on the My Computer icon.
  • Click Properties.
  • Click the System Restore tab.
  • Uncheck *Turn off System Restore*.
  • Click Apply, and then click OK.

Note: only do this once,and not on a regular basis

How's the computer running now? Any problems?

Thanks peku006

[Driftmom]

Everything seems fine now. I've updated my anti-virus program and will then update to Service Pack 3. peku, I thank you for your help.

[NonSuch]

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.