Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Win32:Alureon-CY [Rtk], HELPPPPP!!!


  • This topic is locked This topic is locked
2 replies to this topic

#1 emaadali

emaadali

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 21 September 2009 - 10:28 AM

Please help..! here are my logs ..! HELP ME PLZ




Win32kDiag
-------------



Running from: C:\Users\Samina Khan\Desktop\----.exe

Log file at : C:\Users\Samina Khan\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2009-09-21 19:49:11 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

[1] 2009-09-21 00:47:28 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

[1] 2009-09-21 19:49:36 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

[1] 2009-09-21 19:49:34 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl

[1] 2009-09-21 00:48:39 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl ()





Finished!







#########################################################
#########################################################
#########################################################






ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/21 21:04
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8DDD3000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8DDC8000 Size: 45056 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x9507E000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: Volume C:\
Status: MBR Rootkit Detected!

Path: Volume C:\, Sector 1
Status: Sector mismatch

Path: Volume C:\, Sector 2
Status: Sector mismatch

Path: Volume C:\, Sector 3
Status: Sector mismatch

Path: Volume C:\, Sector 4
Status: Sector mismatch

Path: Volume C:\, Sector 5
Status: Sector mismatch

Path: Volume C:\, Sector 6
Status: Sector mismatch

Path: Volume C:\, Sector 7
Status: Sector mismatch

Path: Volume C:\, Sector 8
Status: Sector mismatch

Path: Volume C:\, Sector 9
Status: Sector mismatch

Path: Volume C:\, Sector 10
Status: Sector mismatch

Path: Volume C:\, Sector 11
Status: Sector mismatch

Path: Volume C:\, Sector 13
Status: Sector mismatch

Path: Volume C:\, Sector 14
Status: Sector mismatch

Path: Volume C:\, Sector 15
Status: Sector mismatch

Path: Volume C:\, Sector 17
Status: Sector mismatch

Path: Volume C:\, Sector 18
Status: Sector mismatch

Path: Volume C:\, Sector 19
Status: Sector mismatch

Path: Volume C:\, Sector 20
Status: Sector mismatch

Path: Volume C:\, Sector 24
Status: Sector mismatch

Path: Volume C:\, Sector 26
Status: Sector mismatch

Path: Volume C:\, Sector 28
Status: Sector mismatch

Path: Volume C:\, Sector 30
Status: Sector mismatch

Path: Volume C:\, Sector 33
Status: Sector mismatch

Path: Volume C:\, Sector 35
Status: Sector mismatch

Path: Volume C:\, Sector 38
Status: Sector mismatch

Path: Volume C:\, Sector 40
Status: Sector mismatch

Path: Volume C:\, Sector 42
Status: Sector mismatch

Path: Volume C:\, Sector 45
Status: Sector mismatch

Path: Volume C:\, Sector 47
Status: Sector mismatch

Path: Volume C:\, Sector 51
Status: Sector mismatch

Path: Volume C:\, Sector 54
Status: Sector mismatch

Path: Volume C:\, Sector 55
Status: Sector mismatch

Path: Volume C:\, Sector 56
Status: Sector mismatch

Path: Volume C:\, Sector 57
Status: Sector mismatch

Path: Volume C:\, Sector 58
Status: Sector mismatch

Path: Volume C:\, Sector 59
Status: Sector mismatch

Path: Volume C:\, Sector 60
Status: Sector mismatch

Path: Volume C:\, Sector 61
Status: Sector mismatch

Path: Volume C:\, Sector 62
Status: Sector mismatch

Path: c:\bc5\regsrvr.exe
Status: Allocation size mismatch (API: 81920, Raw: 57344)

Path: c:\bc5\unreg.exe
Status: Allocation size mismatch (API: 139264, Raw: 114688)

Path: c:\google\gtfirstboot.exe
Status: Allocation size mismatch (API: 94208, Raw: 65536)

Path: c:\bc5\bin\addonreg.exe
Status: Allocation size mismatch (API: 36864, Raw: 12288)

Path: c:\bc5\bin\bcc.exe
Status: Allocation size mismatch (API: 872448, Raw: 851968)

Path: c:\bc5\bin\hcrtf.exe
Status: Allocation size mismatch (API: 307200, Raw: 286720)

Path: c:\bc5\bin\hcw.exe
Status: Allocation size mismatch (API: 360448, Raw: 339968)

Path: c:\bc5\bin\idetomak.exe
Status: Allocation size mismatch (API: 122880, Raw: 98304)

Path: c:\bc5\bin\noname00.exe
Status: Allocation size mismatch (API: 90112, Raw: 69632)

Path: c:\bc5\bin\objxref.exe
Status: Allocation size mismatch (API: 110592, Raw: 86016)

Path: c:\bc5\bin\signcode.exe
Status: Allocation size mismatch (API: 106496, Raw: 86016)

Path: c:\bc5\bin\tdump.exe
Status: Allocation size mismatch (API: 208896, Raw: 184320)

Path: c:\bc5\bin\brc.exe
Status: Allocation size mismatch (API: 73728, Raw: 49152)

Path: c:\bc5\bin\brc32.exe
Status: Allocation size mismatch (API: 73728, Raw: 49152)

Path: c:\bc5\bin\brcc.exe
Status: Allocation size mismatch (API: 69632, Raw: 49152)

Path: c:\bc5\bin\brcc32.exe
Status: Allocation size mismatch (API: 102400, Raw: 77824)

Path: c:\bc5\bin\cabarc.exe
Status: Allocation size mismatch (API: 94208, Raw: 73728)

Path: c:\bc5\bin\capdos32.exe
Status: Allocation size mismatch (API: 32768, Raw: 8192)

Path: c:\bc5\bin\cpp.exe
Status: Allocation size mismatch (API: 184320, Raw: 159744)

Path: c:\bc5\bin\cpp32.exe
Status: Allocation size mismatch (API: 184320, Raw: 159744)

Path: c:\bc5\bin\ws32.exe
Status: Allocation size mismatch (API: 110592, Raw: 90112)

Path: c:\bc5\sdktools\bind.exe
Status: Allocation size mismatch (API: 57344, Raw: 36864)

Path: c:\bc5\sdktools\dobjview.exe
Status: Allocation size mismatch (API: 69632, Raw: 49152)

Path: c:\bc5\sdktools\irotview.exe
Status: Allocation size mismatch (API: 69632, Raw: 49152)

Path: c:\bc5\sdktools\mc.exe
Status: Allocation size mismatch (API: 49152, Raw: 32768)

Path: c:\bc5\sdktools\midl.exe
Status: Allocation size mismatch (API: 774144, Raw: 753664)

Path: c:\bc5\sdktools\mktyplib.exe
Status: Allocation size mismatch (API: 106496, Raw: 86016)

Path: c:\bc5\sdktools\porttool.exe
Status: Allocation size mismatch (API: 69632, Raw: 49152)

Path: c:\bc5\sdktools\rc.exe
Status: Allocation size mismatch (API: 49152, Raw: 32768)

Path: c:\bc5\sdktools\rebase.exe
Status: Allocation size mismatch (API: 77824, Raw: 57344)

Path: c:\bc5\sdktools\thunk.exe
Status: Allocation size mismatch (API: 245760, Raw: 225280)

Path: c:\bde32\redist\bdecfg32.exe
Status: Allocation size mismatch (API: 434176, Raw: 413696)

Path: c:\program files\bigfix\bigfix.exe
Status: Allocation size mismatch (API: 2363392, Raw: 2342912)

Path: c:\program files\camera assistant software for gateway\cec_main.exe
Status: Allocation size mismatch (API: 4861952, Raw: 4841472)

Path: c:\program files\camera assistant software for gateway\fixuvc.exe
Status: Allocation size mismatch (API: 131072, Raw: 106496)

Path: c:\program files\camera assistant software for gateway\removeoemlink.exe
Status: Allocation size mismatch (API: 413696, Raw: 393216)

Path: c:\program files\camera assistant software for gateway\snctrl.exe
Status: Allocation size mismatch (API: 53248, Raw: 32768)

Path: c:\program files\camera assistant software for gateway\traybar.exe
Status: Allocation size mismatch (API: 659456, Raw: 638976)

Path: c:\program files\windows journal\pdialog.exe
Status: Allocation size mismatch (API: 69632, Raw: 49152)

Path: c:\program files\windows live safety center\wlscuploader.exe
Status: Allocation size mismatch (API: 315392, Raw: 294912)

Path: c:\program files\windows mail\wabmig.exe
Status: Allocation size mismatch (API: 90112, Raw: 69632)

Path: c:\program files\windows mail\windowsmailgadget.exe
Status: Allocation size mismatch (API: 192512, Raw: 172032)

Path: c:\program files\windows media player\setup_wm.exe
Status: Allocation size mismatch (API: 1441792, Raw: 1421312)

Path: c:\program files\windows media player\wmlaunch.exe
Status: Allocation size mismatch (API: 262144, Raw: 241664)

Path: c:\program files\windows media player\wmpconfig.exe
Status: Allocation size mismatch (API: 131072, Raw: 110592)

Path: c:\program files\windows media player\wmpenc.exe
Status: Allocation size mismatch (API: 45056, Raw: 24576)

Path: c:\program files\windows media player\wmpnetwk.exe
Status: Allocation size mismatch (API: 917504, Raw: 897024)

Path: c:\program files\windows media player\wmprph.exe
Status: Allocation size mismatch (API: 81920, Raw: 61440)

Path: c:\program files\windows media player\wmpshare.exe
Status: Allocation size mismatch (API: 131072, Raw: 110592)

Path: c:\program files\windows media player\wmpsideshowgadget.exe
Status: Allocation size mismatch (API: 249856, Raw: 229376)

Path: c:\program files\windows photo gallery\imagingdevices.exe
Status: Allocation size mismatch (API: 225280, Raw: 204800)

Path: c:\program files\windows sidebar\sidebar.exe
Status: Allocation size mismatch (API: 1257472, Raw: 1236992)

Path: c:\program files\winrar\rar.exe
Status: Allocation size mismatch (API: 315392, Raw: 294912)

Path: c:\program files\winrar\uninstall.exe
Status: Allocation size mismatch (API: 118784, Raw: 98304)

Path: c:\program files\winrar\unrar.exe
Status: Allocation size mismatch (API: 217088, Raw: 196608)

Path: c:\program files\novativa streamster\uninstall.exe
Status: Allocation size mismatch (API: 57344, Raw: 36864)

Path: c:\program files\poweriso\piso.exe
Status: Allocation size mismatch (API: 28672, Raw: 8192)

Path: c:\program files\poweriso\poweriso.exe
Status: Allocation size mismatch (API: 946176, Raw: 925696)

Path: c:\program files\poweriso\pwrisovm.exe
Status: Allocation size mismatch (API: 221184, Raw: 200704)

Path: c:\program files\quicktime\pictureviewer.exe
Status: Allocation size mismatch (API: 569344, Raw: 548864)

Path: c:\program files\quicktime\qtinfo.exe
Status: Allocation size mismatch (API: 802816, Raw: 782336)

Path: c:\program files\quicktime\qttask.exe
Status: Allocation size mismatch (API: 434176, Raw: 413696)

Path: c:\program files\internet explorer\extexport.exe
Status: Allocation size mismatch (API: 167936, Raw: 147456)

Path: c:\program files\internet explorer\iecleanup.exe
Status: Allocation size mismatch (API: 147456, Raw: 126976)

Path: c:\program files\internet explorer\ieinstal.exe
Status: Allocation size mismatch (API: 278528, Raw: 258048)

Path: c:\program files\internet explorer\ielowutil.exe
Status: Allocation size mismatch (API: 139264, Raw: 118784)

Path: c:\program files\ebay\starturl.exe
Status: Allocation size mismatch (API: 45056, Raw: 24576)

Path: c:\program files\movie maker\capturewizard.exe
Status: Allocation size mismatch (API: 2965504, Raw: 2945024)

Path: c:\program files\movie maker\videocameraautoplaymanager.exe
Status: Allocation size mismatch (API: 81920, Raw: 61440)

Path: c:\program files\jetaudio\ffmpeg_vx.exe
Status: Allocation size mismatch (API: 2093056, Raw: 2072576)

Path: c:\program files\jetaudio\jcserver.exe
Status: Allocation size mismatch (API: 94208, Raw: 77824)

Path: c:\program files\jetaudio\jetcast.exe
Status: Allocation size mismatch (API: 1204224, Raw: 1187840)

Path: c:\program files\jetaudio\jetchat.exe
Status: Allocation size mismatch (API: 90112, Raw: 73728)

Path: c:\program files\jetaudio\jetdown.exe
Status: Allocation size mismatch (API: 471040, Raw: 454656)

Path: c:\program files\jetaudio\jetlyric.exe
Status: Allocation size mismatch (API: 159744, Raw: 143360)

Path: c:\program files\jetaudio\jetrecorder.exe
Status: Allocation size mismatch (API: 233472, Raw: 217088)

Path: c:\program files\jetaudio\jetshell.exe
Status: Allocation size mismatch (API: 1449984, Raw: 1429504)

Path: c:\program files\jetaudio\jettrim.exe
Status: Allocation size mismatch (API: 151552, Raw: 135168)

Path: c:\program files\jetaudio\jetupdate.exe
Status: Allocation size mismatch (API: 479232, Raw: 458752)

Path: c:\program files\jetaudio\jetvidcnv.exe
Status: Allocation size mismatch (API: 94208, Raw: 73728)

Path: c:\program files\jetaudio\jetvidcopy.exe
Status: Allocation size mismatch (API: 307200, Raw: 290816)

Path: c:\program files\jetaudio\jetlogo.exe
Status: Allocation size mismatch (API: 643072, Raw: 622592)

Path: c:\program files\limewire\limewire.exe
Status: Allocation size mismatch (API: 167936, Raw: 147456)

Path: c:\program files\usb disk security\usbguard.exe
Status: Allocation size mismatch (API: 819200, Raw: 798720)

Path: c:\program files\usb disk security\usbupd.exe
Status: Allocation size mismatch (API: 425984, Raw: 405504)

Path: c:\program files\valve\hl.exe
Status: Allocation size mismatch (API: 102400, Raw: 81920)

Path: c:\program files\valve\hlds.exe
Status: Allocation size mismatch (API: 409600, Raw: 389120)

Path: c:\program files\valve\hltv.exe
Status: Allocation size mismatch (API: 241664, Raw: 221184)

Path: c:\program files\valve\hlupdate.exe
Status: Allocation size mismatch (API: 36864, Raw: 16384)

Path: c:\program files\valve\sierraup.exe
Status: Allocation size mismatch (API: 487424, Raw: 466944)

Path: c:\program files\valve\voice_tweak.exe
Status: Allocation size mismatch (API: 196608, Raw: 176128)

Path: C:\Windows\System32\gasfkybtbbroix.dll
Status: Invisible to the Windows API!

Path: C:\Windows\System32\gasfkynrwciikw.dat
Status: Invisible to the Windows API!

Path: C:\Windows\System32\gasfkypxrxpuqd.dat
Status: Invisible to the Windows API!

Path: C:\Windows\System32\gasfkywpepewqj.dll
Status: Invisible to the Windows API!

Path: C:\Windows\System32\gasfkyxpiuhftr.dll
Status: Invisible to the Windows API!

Path: C:\Windows\Temp\gasfkyqgqgcxrthl.tmp
Status: Invisible to the Windows API!

Path: C:\Windows\Temp\gasfkyqieclbxbvv.tmp
Status: Invisible to the Windows API!

Path: C:\Windows\Temp\gasfkysgxmrjmtqa.tmp
Status: Invisible to the Windows API!

Path: c:\bc5\bin\oslabs\oslab1a.exe
Status: Allocation size mismatch (API: 94208, Raw: 69632)

Path: c:\bc5\bin\oslabs\oslab1b.exe
Status: Allocation size mismatch (API: 94208, Raw: 73728)

Path: c:\bc5\bin\oslabs\oslab2.exe
Status: Allocation size mismatch (API: 98304, Raw: 77824)

Path: c:\bc5\bin\oslabs\oslab3.exe
Status: Allocation size mismatch (API: 98304, Raw: 77824)

Path: c:\bc5\bin\oslabs\oslab4.exe
Status: Allocation size mismatch (API: 90112, Raw: 69632)

Path: c:\bc5\examples\dllmix\delphi2c.exe
Status: Allocation size mismatch (API: 249856, Raw: 229376)

Path: c:\bc5\examples\dllmix\vbtoc.exe
Status: Allocation size mismatch (API: 81920, Raw: 57344)

Path: c:\bc5\examples\dllmix\vctobc.exe
Status: Allocation size mismatch (API: 106496, Raw: 86016)

Path: c:\bc5\sdktools\win95\hw32.exe
Status: Allocation size mismatch (API: 81920, Raw: 61440)

Path: c:\bc5\sdktools\win95\sr32test.exe
Status: Allocation size mismatch (API: 405504, Raw: 385024)

Path: c:\bc5\sdktools\winnt\pstat.exe
Status: Allocation size mismatch (API: 65536, Raw: 45056)

Path: c:\bc5\sdktools\winnt\winobj.exe
Status: Allocation size mismatch (API: 217088, Raw: 196608)

Path: c:\program files\acceller\gateway connect\desktopicon.exe
Status: Allocation size mismatch (API: 573440, Raw: 552960)

Path: c:\program files\adobe\adobe extension manager\replace.exe
Status: Allocation size mismatch (API: 69632, Raw: 49152)

Path: c:\program files\adobe\adobe stock photos cs3\adobe stock photos cs3.exe
Status: Allocation size mismatch (API: 180224, Raw: 159744)

Path: c:\program files\adobe\security update\hotfix64.exe
Status: Allocation size mismatch (API: 77824, Raw: 57344)

Path: c:\program files\agi\python25\python.exe
Status: Allocation size mismatch (API: 45056, Raw: 24576)

Path: c:\program files\agi\python25\pythonw.exe
Status: Allocation size mismatch (API: 45056, Raw: 24576)

Path: c:\program files\alwil software\avast4\ashskpcc.exe
Status: Allocation size mismatch (API: 40960, Raw: 20480)

Path: c:\program files\alwil software\avast4\ashskpck.exe
Status: Allocation size mismatch (API: 81920, Raw: 61440)

Path: c:\program files\alwil software\avast4\aswregsvr.exe
Status: Allocation size mismatch (API: 45056, Raw: 24576)

Path: c:\program files\cyberlink\power2go\cldma.exe
Status: Allocation size mismatch (API: 77824, Raw: 57344)

Path: c:\program files\cyberlink\power2go\clregaccess.exe
Status: Allocation size mismatch (API: 69632, Raw: 49152)

Path: c:\program files\cyberlink\power2go\power2go.exe
Status: Allocation size mismatch (API: 2142208, Raw: 2121728)

Path: c:\program files\cyberlink\power2go\power2goexpress.exe
Status: Allocation size mismatch (API: 2490368, Raw: 2469888)

Path: c:\program files\cyberlink\power2go\cldrvchk.exe
Status: Allocation size mismatch (API: 81920, Raw: 61440)

Path: c:\program files\cyberlink\power2go\securitybrowser.exe
Status: Allocation size mismatch (API: 999424, Raw: 978944)

Path: c:\program files\cyberlink\shared files\richvideo.exe
Status: Allocation size mismatch (API: 262144, Raw: 245760)

Path: c:\program files\cyberlink\shared files\richvideoinstall.exe
Status: Allocation size mismatch (API: 69632, Raw: 49152)

Path: c:\program files\cyberlink\shared files\richvideouninstall.exe
Status: Allocation size mismatch (API: 65536, Raw: 45056)

Path: c:\program files\xilisoft\audio maker\audioenc.exe
Status: Allocation size mismatch (API: 651264, Raw: 630784)

Path: c:\program files\xilisoft\audio maker\avc.exe
Status: Allocation size mismatch (API: 151552, Raw: 131072)

Path: c:\program files\xilisoft\dvd copy express\cdejecter.exe
Status: Allocation size mismatch (API: 49152, Raw: 28672)

Path: c:\program files\xilisoft\dvd copy express\dvdassit.exe
Status: Allocation size mismatch (API: 45056, Raw: 24576)

Path: c:\program files\xilisoft\dvd copy express\dvdcopy_express.exe
Status: Allocation size mismatch (API: 405504, Raw: 385024)

Path: c:\program files\xilisoft\dvd creator3\dvdcore.exe
Status: Allocation size mismatch (API: 24576, Raw: 4096)

Path: c:\program files\xilisoft\dvd creator3\avc.exe
Status: Allocation size mismatch (API: 151552, Raw: 131072)

Path: c:\program files\xilisoft\dvd creator3\cdejecter.exe
Status: Allocation size mismatch (API: 32768, Raw: 12288)

Path: c:\program files\xilisoft\dvd creator3\dvdcreator.exe
Status: Allocation size mismatch (API: 73728, Raw: 53248)

Path: c:\program files\xilisoft\dvd creator3\mplex.exe
Status: Allocation size mismatch (API: 159744, Raw: 135168)

Path: c:\program files\xilisoft\dvd creator3\spumux.exe
Status: Allocation size mismatch (API: 200704, Raw: 176128)

Path: c:\program files\xilisoft\dvd creator3\directburner.exe
Status: Allocation size mismatch (API: 40960, Raw: 20480)

Path: c:\program files\xilisoft\dvd creator3\dvdauthor.exe
Status: Allocation size mismatch (API: 331776, Raw: 98304)

Path: c:\program files\xilisoft\dvd creator3\dvdcompress.exe
Status: Allocation size mismatch (API: 49152, Raw: 28672)

Path: c:\program files\xilisoft\dvd ripper ultimate 5\avc.exe
Status: Allocation size mismatch (API: 147456, Raw: 126976)

Path: c:\program files\xilisoft\dvd ripper ultimate 5\dvdrip.exe
Status: Allocation size mismatch (API: 1114112, Raw: 1093632)

Path: c:\program files\xilisoft\dvd ripper ultimate 5\inaspi.exe
Status: Allocation size mismatch (API: 172032, Raw: 147456)

Path: c:\program files\xilisoft\dvd ripper ultimate 5\xcrashreport.exe
Status: Allocation size mismatch (API: 126976, Raw: 106496)

Path: c:\program files\xilisoft\video converter ultimate\avc.exe
Status: Allocation size mismatch (API: 147456, Raw: 126976)

Path: c:\program files\xilisoft\video converter ultimate\avp.exe
Status: Allocation size mismatch (API: 114688, Raw: 86016)

Path: c:\program files\xilisoft\video converter ultimate\vc5.exe
Status: Allocation size mismatch (API: 389120, Raw: 368640)

Path: c:\program files\xilisoft\video converter ultimate\vcloader.exe
Status: Allocation size mismatch (API: 266240, Raw: 245760)

Path: c:\program files\xilisoft\video converter ultimate\xcrashreport.exe
Status: Allocation size mismatch (API: 126976, Raw: 106496)

Path: c:\program files\xilisoft\video converter ultimate\xilisoft video converter ultimate update.exe
Status: Allocation size mismatch (API: 221184, Raw: 200704)

Path: c:\program files\netbeans 6.1\bin\nb.exe
Status: Allocation size mismatch (API: 53248, Raw: 32768)

Path: c:\program files\quicktime\qtsystem\exportcontroller.exe
Status: Allocation size mismatch (API: 192512, Raw: 172032)

Path: c:\program files\quicktime\qtsystem\quicktimeupdatehelper.exe
Status: Allocation size mismatch (API: 180224, Raw: 159744)

Path: c:\program files\realtek\vista_8169\lansetv.exe
Status: Allocation size mismatch (API: 106496, Raw: 86016)

Path: c:\program files\realtek\vista_8169\lansetv6.exe
Status: Allocation size mismatch (API: 102400, Raw: 81920)

Path: c:\program files\realtek usb wireless lan driver\driver\scanf.exe
Status: Allocation size mismatch (API: 114688, Raw: 81920)

Path: c:\program files\realtek usb wireless lan driver\driver\setvistadrv.exe
Status: Allocation size mismatch (API: 69632, Raw: 49152)

Path: c:\program files\gateway games\bejeweled 2 deluxe\winbej2.exe
Status: Allocation size mismatch (API: 1695744, Raw: 1675264)

Path: c:\program files\gateway games\blackhawk striker 2\blackhawk2.exe
Status: Allocation size mismatch (API: 1404928, Raw: 1384448)

Path: c:\program files\gateway games\blasterball 3\blasterball3.exe
Status: Allocation size mismatch (API: 3690496, Raw: 3670016)

Path: c:\program files\gateway games\blasterball 3\blasterball3_levelhandler.exe
Status: Allocation size mismatch (API: 167936, Raw: 147456)

Path: c:\program files\gateway games\build-a-lot\buildalot.exe
Status: Allocation size mismatch (API: 49651712, Raw: 49631232)

Path: c:\program files\gateway games\fate\fate.exe
Status: Allocation size mismatch (API: 9711616, Raw: 9691136)

Path: c:\program files\gateway games\fate\help.exe
Status: Allocation size mismatch (API: 61440, Raw: 36864)

Path: c:\program files\gateway games\gateway game console\mergelocalconfig.exe
Status: Allocation size mismatch (API: 184320, Raw: 163840)

Path: c:\program files\gateway games\penguins!\datarepair.exe
Status: Allocation size mismatch (API: 118784, Raw: 90112)

Path: c:\program files\gateway games\penguins!\penguins.exe
Status: Allocation size mismatch (API: 3952640, Raw: 3932160)

Path: c:\program files\gateway games\polar bowler\polar.exe
Status: Allocation size mismatch (API: 638976, Raw: 618496)

Path: c:\program files\gateway games\polar golfer\golf.exe
Status: Allocation size mismatch (API: 1552384, Raw: 1531904)

Path: c:\program files\gateway games\tradewinds\tradewinds.exe
Status: Allocation size mismatch (API: 507904, Raw: 487424)

Path: c:\program files\gateway games\virtual villagers - chapter 2 - the lost children\virtual villagers - the lost children.exe
Status: Allocation size mismatch (API: 1388544, Raw: 1368064)

Path: c:\program files\globalscape\cuteftp 8 professional\cuteftppro.exe
Status: Allocation size mismatch (API: 2867200, Raw: 2846720)

Path: c:\program files\globalscape\cuteftp 8 professional\ftpte.exe
Status: Allocation size mismatch (API: 1826816, Raw: 1806336)

Path: c:\program files\globalscape\cuteftp 8 professional\patch.exe
Status: Allocation size mismatch (API: 1429504, Raw: 1409024)

Path: c:\program files\google\google earth\earthflashsol.exe
Status: Allocation size mismatch (API: 188416, Raw: 167936)

Path: c:\program files\google\google earth\googleearth.exe
Status: Allocation size mismatch (API: 13303808, Raw: 13283328)

Path: c:\program files\google\google earth\gpsbabel.exe
Status: Allocation size mismatch (API: 307200, Raw: 286720)

Path: c:\program files\huawei technologies\ptcl connect\ptclconnect.exe
Status: Allocation size mismatch (API: 413696, Raw: 393216)

Path: c:\program files\idt\wdm\stacsv.exe
Status: Allocation size mismatch (API: 122880, Raw: 102400)

Path: c:\program files\idt\wdm\stacsv64.exe
Status: Allocation size mismatch (API: 143360, Raw: 122880)

Path: c:\program files\idt\wdm\sttray.exe
Status: Allocation size mismatch (API: 425984, Raw: 405504)

Path: c:\program files\idt\wdm\sttray64.exe
Status: Allocation size mismatch (API: 446464, Raw: 425984)

Path: c:\program files\idt\wdm\suhlp.exe
Status: Allocation size mismatch (API: 49152, Raw: 28672)

Path: c:\program files\idt\wdm\suhlp64.exe
Status: Allocation size mismatch (API: 57344, Raw: 36864)

Path: c:\program files\installshield installation information\{91f34319-08de-457a-99c0-0bcdfac145b9}\setup.exe
Status: Allocation size mismatch (API: 77824, Raw: 57344)

Path: c:\program files\installshield installation information\{40bf1e83-20eb-11d8-97c5-0009c5020658}\setup.exe
Status: Allocation size mismatch (API: 188416, Raw: 167936)

Path: c:\program files\installshield installation information\{9867824a-c86d-4a83-8f3c-e7a86be0afd3}\setup.exe
Status: Allocation size mismatch (API: 331776, Raw: 311296)

Path: c:\program files\intermute\spysubtract\imreport.exe
Status: Allocation size mismatch (API: 303104, Raw: 282624)

Path: c:\program files\ivt corporation\bluesoleil\bluesoleil.exe
Status: Allocation size mismatch (API: 1064960, Raw: 1044480)

Path: c:\program files\jetaudio\skin\makejsk.exe
Status: Allocation size mismatch (API: 233472, Raw: 212992)

Path: c:\program files\jetaudio\vis\vis_synesth_config.exe
Status: Allocation size mismatch (API: 172032, Raw: 151552)

Path: c:\program files\k-lite codec pack\filters\ac3config.exe
Status: Allocation size mismatch (API: 40960, Raw: 20480)

Path: c:\program files\k-lite codec pack\tools\codectweaktool.exe
Status: Allocation size mismatch (API: 708608, Raw: 688128)

Path: c:\program files\k-lite codec pack\tools\dsconfig.exe
Status: Allocation size mismatch (API: 335872, Raw: 315392)

Path: c:\program files\k-lite codec pack\tools\graphedit.exe
Status: Allocation size mismatch (API: 233472, Raw: 212992)

Path: c:\program files\k-lite codec pack\tools\mediainfo.exe
Status: Allocation size mismatch (API: 950272, Raw: 929792)

Path: c:\program files\k-lite codec pack\tools\statsreader.exe
Status: Allocation size mismatch (API: 36864, Raw: 16384)

Path: c:\program files\k-lite codec pack\tools\vobsubstrip.exe
Status: Allocation size mismatch (API: 45056, Raw: 24576)

Path: c:\program files\maxis\simcity 4 deluxe\simcity 4.exe
Status: Allocation size mismatch (API: 7544832, Raw: 7524352)

Path: c:\program files\microsoft games\chess\chess.exe
Status: Allocation size mismatch (API: 2830336, Raw: 2809856)

Path: c:\program files\microsoft games\freecell\freecell.exe
Status: Allocation size mismatch (API: 659456, Raw: 638976)

Path: c:\program files\microsoft games\inkball\inkball.exe
Status: Allocation size mismatch (API: 1277952, Raw: 1257472)

Path: c:\program files\microsoft games\mahjong\mahjong.exe
Status: Allocation size mismatch (API: 618496, Raw: 598016)

Path: c:\program files\microsoft games\solitaire\solitaire.exe
Status: Allocation size mismatch (API: 663552, Raw: 643072)

Path: c:\program files\synaptics\syntp\synmood.exe
Status: Allocation size mismatch (API: 245760, Raw: 225280)

Path: c:\program files\synaptics\syntp\synzmetr.exe
Status: Allocation size mismatch (API: 258048, Raw: 237568)

Path: c:\program files\synaptics\syntp\tutorial.exe
Status: Allocation size mismatch (API: 339968, Raw: 319488)

Path: c:\program files\techsmith\camtasia studio 5\tsmsihlp.exe
Status: Allocation size mismatch (API: 139264, Raw: 118784)

Path: c:\program files\valve\mediabrowser\mediabrowser.exe
Status: Allocation size mismatch (API: 368640, Raw: 348160)

Path: c:\program files\valve\platform\steam.exe
Status: Allocation size mismatch (API: 978944, Raw: 958464)

Path: c:\program files\valve\platform\steamengine.exe
Status: Allocation size mismatch (API: 163840, Raw: 139264)

Path: c:\program files\valve\platform\steam_dev.exe
Status: Allocation size mismatch (API: 192512, Raw: 176128)

Path: c:\program files\valve\platform\writeminidump.exe
Status: Allocation size mismatch (API: 266240, Raw: 245760)

Path: c:\program files\vuze\.install4j\i4jdel.exe
Status: Allocation size mismatch (API: 28672, Raw: 8192)

Path: c:\programdata\temp\{9867824a-c86d-4a83-8f3c-e7a86be0afd3}\postbuild.exe
Status: Allocation size mismatch (API: 57344, Raw: 36864)

Path: C:\Windows\System32\drivers\gasfkytwosfilh.sys
Status: Invisible to the Windows API!

Path: C:\Windows\inf\.NET CLR Data\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\inf\.NET Data Provider for SqlServer\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_58843c41d2730d3f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_7658964504b9f3b6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path:Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Stealth Objects
-------------------
Object: Hidden Module [Name: gasfkyxpiuhftr.dll]
Process: svchost.exe (PID: 704) Address: 0x10000000 Size: 53248

Object: Hidden Module [Name: gasfkywpepewqj.dll]
Process: iexplore.exe (PID: 2420) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: gasfkywpepewqj.dll]
Process: iexplore.exe (PID: 3132) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: gasfkywpepewqj.dll]
Process: iexplore.exe (PID: 2620) Address: 0x10000000 Size: 32768

Hidden Services
-------------------
Service Name: gasfkywfxmpsio
Image Path: C:\Windows\system32\drivers\gasfkytwosfilh.sys

==EOF==

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:29 AM

Posted 08 October 2009 - 06:04 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Pleaseinclude a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:29 AM

Posted 14 October 2009 - 05:33 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
_temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users