Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Troublesome Malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Troublesome Malware

Unread postby peku006 » May 14th, 2009, 3:20 am

Hi Driftmom

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :regfind
    $sys$caj.dll
    

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway
Advertisement
Register to Remove

Re: Troublesome Malware

Unread postby Driftmom » May 14th, 2009, 7:39 pm

SystemLook v1.0 by jpshortstuff (24.04.09)
Log created at 19:37 on 14/05/2009 by HP_Administrator (Administrator - Elevation successful)

========== regfind ==========

Searching for "$sys$caj.dll"
No data found.

-=End Of File=-

Hmm...should I perform a scan with my anti-virus program?
Driftmom
Regular Member
 
Posts: 20
Joined: April 11th, 2009, 12:46 pm

Re: Troublesome Malware

Unread postby Driftmom » May 14th, 2009, 8:43 pm

If it'll help, here's the anti-virus scan:



Avira AntiVir Personal
Report file date: Thursday, May 14, 2009 19:38

Scanning for 1394607 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: ROSEMARY

Version information:
BUILD.DAT : 8.2.0.348 16934 Bytes 3/23/2009 13:44:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 14:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 13:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 18:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 13:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 17:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 01:31:59
ANTIVIR2.VDF : 7.1.3.185 2010112 Bytes 5/12/2009 00:50:27
ANTIVIR3.VDF : 7.1.3.207 98304 Bytes 5/14/2009 23:37:22
Engineversion : 8.2.0.166
AEVDF.DLL : 8.1.1.1 106868 Bytes 5/6/2009 18:52:04
AESCRIPT.DLL : 8.1.1.81 385401 Bytes 5/14/2009 00:50:42
AESCN.DLL : 8.1.1.10 127348 Bytes 4/5/2009 11:39:38
AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 19:58:38
AEPACK.DLL : 8.1.3.16 397686 Bytes 5/14/2009 00:50:40
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2/28/2009 03:54:51
AEHEUR.DLL : 8.1.0.128 1757559 Bytes 5/14/2009 00:50:37
AEHELP.DLL : 8.1.2.2 119158 Bytes 2/28/2009 03:54:43
AEGEN.DLL : 8.1.1.42 348531 Bytes 5/14/2009 00:50:30
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 16:05:56
AECORE.DLL : 8.1.6.9 176500 Bytes 4/18/2009 04:40:51
AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 16:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 14:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 15:28:01
AVREP.DLL : 8.0.0.3 155688 Bytes 4/18/2009 04:40:48
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 17:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 14:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 18:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 23:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 18:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 18:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 19:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 19:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Thursday, May 14, 2009 19:38

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'NOTEPAD.EXE' - '1' Module(s) have been scanned
Scan process 'SystemLook.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'kbd.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Scan process 'DiscStreamHub.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'Updates from HP.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'DISCover.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'hpgs2wnf.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'hpgs2wnd.exe' - '1' Module(s) have been scanned
Scan process 'DMAScheduler.exe' - '1' Module(s) have been scanned
Scan process 'arpwrmsg.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ZuneNss.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'WUSB54GC.exe' - '1' Module(s) have been scanned
Scan process 'WLService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'arservice.exe' - '1' Module(s) have been scanned
Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
63 processes with 63 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '75' files ).


Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\a18cfade43a197deb0f5\update\update.exe
[WARNING] The file could not be opened!
C:\a18cfade43a197deb0f5\update\wpdinstallutil.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent21.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent51.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[WARNING] The file was ignored!
C:\Documents and Settings\HP_Administrator\Desktop\Old Documents\Documents and Settings\Administrator\Desktop\Desktop Documents\Temporary Document.doc
[0] Archive type: CAB (Microsoft)
--> tdc.ocx
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Program Files\WildTangent\Apps\My HP Game Console\Uninstall.exe
[DETECTION] Contains recognition pattern of the DR/Zlob.Gen dropper
[WARNING] The file was ignored!
C:\Qoobox\Quarantine\C\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\ctfmon.exe.vir
[DETECTION] Is the TR/VB.AQT Trojan
[WARNING] The file was ignored!
C:\Qoobox\Quarantine\C\Recycled\Recycled\ctfmon.exe.vir
[DETECTION] Is the TR/VB.AQT Trojan
[WARNING] The file was ignored!
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\$sys$cor.sys.vir
[DETECTION] Contains recognition pattern of the RKIT/Rootkit.XCP.8 root kit
[WARNING] The file was ignored!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP540\A0060251.inf
[DETECTION] Contains recognition pattern of the WORM/VB.FI.9 worm
[WARNING] The file was ignored!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP540\A0060252.exe
[DETECTION] Is the TR/VB.AQT Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP540\A0060256.exe
[DETECTION] Is the TR/VB.AQT Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP542\A0060480.sys
[DETECTION] Contains recognition pattern of the RKIT/Rootkit.XCP.8 root kit
[WARNING] The file was ignored!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP551\A0061253.dll
[DETECTION] Contains recognition pattern of the RKIT/Rootkit.XCP.2 root kit
[WARNING] The file was ignored!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP551\A0061254.exe
[DETECTION] Contains recognition pattern of the RKIT/Rootkit.XCP.3 root kit
[WARNING] The file was ignored!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP553\A0061295.exe
[DETECTION] Contains recognition pattern of the RKIT/Rootkit.XCP.3 root kit
[WARNING] The file was ignored!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP555\A0061394.dll
[DETECTION] Contains recognition pattern of the RKIT/Rootkit.XCP.2 root kit
[WARNING] The file was ignored!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP555\A0061395.sys
[DETECTION] Contains recognition pattern of the RKIT/Rootkit.XCP.B.4 root kit
[WARNING] The file was ignored!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP555\A0061396.sys
[DETECTION] Contains recognition pattern of the RKIT/Rootkit.XCP.7 root kit
[WARNING] The file was ignored!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP555\A0061397.exe
[DETECTION] Contains recognition pattern of the RKIT/Rootkit.XCP.5 root kit
[WARNING] The file was ignored!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP555\A0061398.exe
[DETECTION] Contains recognition pattern of the RKIT/Rootkit.XCP.1 root kit
[WARNING] The file was ignored!
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP555\A0061399.exe
[DETECTION] Contains recognition pattern of the RKIT/Rootkit.XCP.3 root kit
[WARNING] The file was ignored!
Begin scan in 'D:\' <HP_RECOVERY>
D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP540\A0060253.inf
[DETECTION] Is the TR/VB.aqt.58 Trojan
[WARNING] The file was ignored!
D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP549\A0060889.exe
[DETECTION] Is the TR/VB.AQT Trojan
[WARNING] The file was ignored!


End of the scan: Thursday, May 14, 2009 20:40
Used time: 1:02:08 Hour(s)

The scan has been done completely.

11569 Scanning directories
578949 Files were scanned
19 viruses and/or unwanted programs were found
2 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
4 Files cannot be scanned
578924 Files not concerned
16573 Archives were scanned
30 Warnings
2 Notes
Driftmom
Regular Member
 
Posts: 20
Joined: April 11th, 2009, 12:46 pm

Re: Troublesome Malware

Unread postby peku006 » May 15th, 2009, 2:56 am

Hi Driftmom
it looks good, but you need to do the following steps......

Please download OTCleanIt and save it to desktop.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

  • Clear Infected System Restore Points
    • Turn System Restore off
    • On the Desktop, right click on the My Computer icon.
    • Click Properties.
    • Click the System Restore tab.
    • Check Turn off System Restore.
    • Click Apply, and then click OK.
      Restart your computer
    • Turn System Restore on
    • On the Desktop, right click on the My Computer icon.
    • Click Properties.
    • Click the System Restore tab.
    • Uncheck *Turn off System Restore*.
    • Click Apply, and then click OK.
Note: only do this once,and not on a regular basis

How's the computer running now? Any problems?

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Troublesome Malware

Unread postby Driftmom » May 16th, 2009, 9:08 pm

Everything seems fine now. I've updated my anti-virus program and will then update to Service Pack 3. peku, I thank you for your help.
Driftmom
Regular Member
 
Posts: 20
Joined: April 11th, 2009, 12:46 pm

Re: Troublesome Malware

Unread postby NonSuch » May 19th, 2009, 6:10 pm

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 30 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware