Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot run anything


  • This topic is locked This topic is locked
2 replies to this topic

#1 xklips1

xklips1

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 19 October 2009 - 03:58 PM

Below are the logs I emailed to boopme so he could post them here.

Running from: E:\Win32kDiag.exe


Log file at : C:\Documents and Settings\Administrator\Desktop\Win32kDiag.txt


WARNING: Could not get backup privileges!


Searching 'C:\WINDOWS'...






Cannot access: C:\WINDOWS\kbcaptmf.dll


[1] 2008-04-13 20:12:08 49152 C:\WINDOWS\kbcaptmf.dll ()






Cannot access: C:\WINDOWS\system32\Irmonex.dll


[1] 2004-08-17 20:00:00 73728 C:\WINDOWS\system32\Irmonex.dll ()






Cannot access: C:\WINDOWS\system32\NWCWorkstation.dll


[1] 2004-08-17 20:00:00 143391 C:\WINDOWS\system32\NWCWorkstation.dll ()










Finished!





DDS





DDS (Ver_09-10-13.01) - NTFSx86 NETWORK

Run by Administrator at 23:21:42.98 on Sat 10/17/2009

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13



============== Pseudo HJT Report ===============



mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

uInternet Connection Wizard,ShellNext = hxxp://login..yahoo.com/config/reset_cookies_token?.token=kEv3UJ8W6je8Q5Vpn68vZFpSNC_MH2C2ErvCI8nP7hQG79wnFVGV48C70N4o3uvaZ4kDElFHEhfG_i7TvMj9IhX.9q7DbZ5iNF6Jr_zFM7SV3oiVaQBHSwxRG816Kqat_uPuW1HogNf5FNPrxSiu3ba.qIoHac.B73CX1oPUL3zttKDOx17O.HGvQp0JmVX6ROyxsnqm.tANL2OZpgkTT3Wi6xKN5yng89Rz1S4IBG.U5RwuWm5oAIzlhyCqmnja2Qvr.T70LpBqZXhHYgi_2LC6ki9hRiZZCCPAmpRfYF_PoWMP.De.PMPXxjPhYLQJ4KHWKDkWSuaeo_IaelPjIjT5pTTr8pHATQ9vktanX667a8rLVEkN..Z5BibpnxrPb_9cMg1FyqcpDY5qZ4fVgluguDg8fv6VQX6eAj88jJlWUw--&.done=http%3A%2F%2Fus%2Erd%2Eyahoo%2Ecom%2Fmessenger%2Fclient%2F%3Fhttp%3A%2F%2Fmail%2Eyahoo%2Ecom%2F

mWinlogon: UIHost=c:\documents and settings\all users\application data\tuneup software\tuneup utilities\winstyler\tu_logonui.exe

BHO: c:\windows\system32\aixsvm0l.dll: {a2234b15-23f2-42ad-f4e4-00aac39c0004} - c:\windows\system32\aixsvm0l.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.5.2.11\coIEPlg.dll

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Yjafosi8kdf98winmdkmnkmfnwe] c:\documents and settings\administrator\local settings\temp\services.exe

uRun: [system tool] c:\program files\brcymr\ybcusysguard.exe

mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [winupdate.exe] c:\windows\system32\winupdate.exe

mRun: [calc] rundll32.exe c:\windows\system32\calc.dll,_IWMPEvents@0

mRun: [csrs32] c:\windows\system32\csrs32.exe

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

mRun: [lunefopef] Rundll32.exe "c:\windows\system32\roloropo.dll",a

mRun: [system tool] c:\program files\brcymr\ybcusysguard.exe

mRun: [degejibaf] Rundll32.exe "c:\windows\system32\roloropo.dll",a

mRun: [mukozorapa] Rundll32.exe "valoreha.dll",s

uPolicies-explorer: NoFolderOptions = 1 (0x1)

uPolicies-system: DisableRegistryTools = 1 (0x1)

mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)

dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

dPolicies-system: DisableTaskMgr = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: c:\windows\system32\lsp.dll

DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233812685328

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

TCP: {C830E2CB-755D-42B3-A205-DFD055FEC942} = 207.69..188.186,207.69.188.187

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\xobni\Skype4COM.dll

Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.5.2.11\CoIEPlg.dll

Notify: WB - c:\program files\alienguise\fastload.dll

AppInit_DLLs: c:\windows\system32\roloropo.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SSODL: dofikehav - {481b5559-7d7e-495b-ab3a-95a3b43d0cac} - c:\windows\system32\roloropo.dll

STS: c:\windows\system32\aixsvm0l.dll: {a2234b15-23f2-42ad-f4e4-00aac39c0004} - c:\windows\system32\aixsvm0l.dll

STS: jugezatag: {481b5559-7d7e-495b-ab3a-95a3b43d0cac} - c:\windows\system32\roloropo.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

LSA: Notification Packages = scecli godojuje.dll kbcaptmf.dll

IFEO: ctfmon.exe - c:\windows\system32\ctfmon_pu.exe



Note: multiple IFEO entries found. Please refer to Attach.txt



================= FIREFOX ===================



FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\yatxudxk.default\

FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: XULRunner: {CFB8E8DD-D222-4875-AB59-C3AABBEF564D} - c:\documents and settings\administrator\local settings\application data\{CFB8E8DD-D222-4875-AB59-C3AABBEF564D}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}



============= SERVICES / DRIVERS ===============





=============== Created Last 30 ================



2009-10-17 18:20 536,293 a------- c:\windows\system32\35073.dll

2009-10-17 18:20 802,532 a------- c:\windows\system32\ner.exe

2009-10-17 16:10 178,432 a------- c:\windows\system32\lsp.dll

2009-10-17 16:10 119,808 a------- c:\windows\syssvc.exe

2009-10-17 16:10 12,032 a------- c:\windows\system32\iehelper.dll

2009-10-17 16:08 <DIR> --d----- c:\program files\brcymr

2009-10-17 15:42 <DIR> --d----- c:\windows\system32\schtml

2009-10-17 15:39 287,232 a------- c:\windows\svohost.exe

2009-10-17 15:39 58 a------- c:\windows\wp4.dat

2009-10-17 15:39 36 a------- c:\windows\system32\skynet.dat

2009-10-17 15:39 3 a------- c:\windows\wp3.dat

2009-10-17 15:39 565,248 a------- c:\windows\system32\plugie.dll

2009-10-17 15:39 9 a------- c:\windows\system32\nuar.old

2009-10-17 15:39 511,488 a------- c:\windows\system32\pump.exe

2009-10-17 15:39 90 a------- c:\windows\system32\wwp.htm

2009-10-17 15:39 <DIR> --d----- c:\program files\Windows Police Pro

2009-10-17 15:33 2,041,856 a------- c:\windows\system32\AVR09.exe

2009-10-17 15:33 22,528 a------- c:\windows\system32\winhelper.dll

2009-10-17 15:10 195,440 -------- c:\windows\system32\MpSigStub.exe

2009-10-17 15:05 48,966 a------- c:\windows\system32\certstore.dat

2009-10-17 14:57 19,578 a------- c:\windows\ikyz.dl

2009-10-17 14:57 18,376 a------- c:\windows\lekebyv.com

2009-10-17 14:57 16,700 a------- c:\windows\denacihel.dll

2009-10-17 14:57 11,392 a------- c:\windows\system32\uxetov._dl

2009-10-17 14:57 168,960 a------- c:\program files\_scui.vir

2009-10-17 14:56 <DIR> --d----- c:\program files\AntivirusPro_2010

2009-10-17 14:56 152 a------- c:\windows\system32\api.reg

2009-10-17 14:56 20,480 a------- c:\windows\system32\csrs32.exe

2009-10-17 14:43 0 a------- c:\windows\Ctusatazalebinu.bin

2009-10-17 14:43 120 a------- c:\windows\Broya.dat

2009-10-17 14:33 831 a------- c:\windows\system32\critical_warning.html

2009-10-17 14:32 25,600 a--sh--- c:\windows\system32\calc.dll

2009-10-17 14:32 15,000 a------- c:\windows\system32\aixsvm0l.dll

2009-10-17 14:32 24,576 a------- c:\windows\system32\winupdate.exe

2009-10-17 14:32 247,808 a------- C:\lyqr.exe

2009-10-17 14:32 24,576 a------- C:\jboy.exe

2009-10-17 14:32 69,120 a------- c:\windows\system32\~.exe

2009-10-17 11:09 <DIR> --d----- C:\Games

2009-10-16 13:17 <DIR> --d----- c:\program files\Coupons

2009-10-10 18:38 <DIR> --d----- c:\program files\ASIO4ALL v2

2009-10-10 18:37 225,280 a------- c:\windows\system32\rewire.dll

2009-10-10 18:37 1,554,944 a------- c:\windows\system32\vorbis.acm

2009-10-10 18:36 <DIR> --d----- c:\program files\VstPlugins

2009-10-10 18:36 <DIR> --d----- c:\program files\Outsim

2009-10-10 18:28 <DIR> --d----- c:\program files\Image-Line

2009-10-10 00:53 379,392 ---sh--- c:\windows\system32\SCX.dll

2009-10-10 00:53 164,352 ---sh--- c:\windows\system32\SCS.dll

2009-10-10 00:53 56,308 ---sh--- c:\windows\system32\game.jpg

2009-10-10 00:03 <DIR> --d----- c:\program files\Codemasters

2009-10-09 22:43 <DIR> --d----- c:\windows\system32\wbem\Repository

2009-10-07 11:34 <DIR> --d----- c:\documents and settings\administrator\application data\uTorrent

2009-10-07 11:15 <DIR> --d----- c:\documents and settings\administrator\IECompatCache

2009-10-07 10:40 <DIR> --dsh--- c:\documents and settings\administrator\PrivacIE

2009-10-07 10:40 <DIR> --d----- c:\documents and settings\administrator\application data\TuneUp Software

2009-10-06 23:14 552 a------- c:\windows\system32\d3d8caps.dat

2009-10-06 22:29 <DIR> --d----- c:\program files\CompuChess

2009-10-04 14:51 <DIR> --d----- c:\program files\Deep Silver

2009-10-04 14:26 <DIR> -cd-h--- c:\windows\ie8

2009-10-04 14:24 100,352 -c------ c:\windows\system32\dllcache\iecompat.dll

2009-10-02 18:26 <DIR> --d----- c:\program files\uTorrent

2009-09-30 23:28 158,224 a------- c:\windows\system32\drivers\tmcomm.sys

2009-09-30 23:28 59,920 a------- c:\windows\system32\drivers\tmactmon.sys

2009-09-30 23:28 50,704 a------- c:\windows\system32\drivers\tmevtmgr.sys

2009-09-30 23:22 <DIR> --d----- c:\program files\Trend Micro

2009-09-30 23:14 661,808 a------- c:\windows\system32\UfWSC.cpl

2009-09-30 23:14 1,223,832 a------- c:\windows\system32\drivers\vsapint.sys

2009-09-30 23:14 339,984 a------- c:\windows\system32\drivers\TM_CFW.sys

2009-09-30 23:14 225,808 a------- c:\windows\system32\drivers\tmxpflt.sys

2009-09-30 23:14 89,872 a------- c:\windows\system32\drivers\tmtdi.sys

2009-09-30 23:14 36,368 a------- c:\windows\system32\drivers\tmpreflt.sys

2009-09-30 22:45 <DIR> --d----- c:\program files\WebEx

2009-09-30 22:44 23,984 a------- c:\windows\system32\drivers\pnarp.sys

2009-09-30 22:44 25,264 a------- c:\windows\system32\drivers\purendis.sys

2009-09-30 22:44 <DIR> --d----- c:\program files\common files\Pure Networks Shared

2009-09-30 22:40 939,368 a----r-- c:\windows\system32\myflash.ocx

2009-09-30 20:32 <DIR> --d----- c:\windows\vbSkinner

2009-09-30 20:32 <DIR> --d----- c:\program files\PFConfig

2009-09-29 19:43 176,128 a------- c:\windows\system32\nvusmb.exe

2009-09-29 19:43 1,864 a----r-- c:\windows\system32\nvsmb.nvu

2009-09-29 19:37 176,128 a------- c:\windows\system32\nvunrm.exe

2009-09-29 19:37 101,888 a------- c:\windows\system32\drivers\nvtcp.sys

2009-09-29 19:37 3,903 a------- c:\windows\system32\nvnrm.nvu

2009-09-29 18:54 <DIR> --d----- c:\program files\Uniblue

2009-09-29 18:17 <DIR> --d----- c:\program files\Spyware Doctor

2009-09-27 19:30 <DIR> --d----- c:\program files\CONEXANT

2009-09-25 20:23 <DIR> --d----- c:\program files\Kalypso

2009-09-23 00:57 279,712 a------- c:\windows\system32\drivers\atksgt.sys

2009-09-23 00:57 25,888 a------- c:\windows\system32\drivers\lirsgt.sys

2009-09-22 23:54 <DIR> --d----- c:\program files\The Witcher Enhanced Edition

2009-09-22 19:47 604,488 a------- c:\windows\system32\TUProgSt.exe

2009-09-22 19:47 29,000 a------- c:\windows\system32\uxtuneup.dll

2009-09-22 19:47 361,288 a------- c:\windows\system32\TuneUpDefragService..exe

2009-09-22 19:45 <DIR> --d----- c:\program files\TuneUp Utilities 2009



==================== Find3M ====================



2009-10-17 14:57 13,790 a------- c:\program files\common files\epugaloqux._dl

2009-09-11 10:18 136,192 a------- c:\windows\system32\msv1_0.dll

2009-09-04 17:03 58,880 a------- c:\windows\system32\msasn1.dll

2009-08-31 18:46 124,976 a------- c:\windows\system32\drivers\SYMEVENT.SYS

2009-08-31 18:46 60,808 a------- c:\windows\system32\S32EVNT1.DLL

2009-08-31 18:46 7,456 a------- c:\windows\system32\drivers\SYMEVENT.CAT

2009-08-31 18:46 806 a------- c:\windows\system32\drivers\SYMEVENT.INF

2009-08-31 18:44 107,368 a----r-- c:\windows\system32\GEARAspi.dll

2009-08-31 18:44 26,600 a----r-- c:\windows\system32\drivers\GEARAspiWDM.sys

2009-08-29 04:08 916,480 a------- c:\windows\system32\wininet.dll

2009-08-26 04:00 247,326 a------- c:\windows\system32\strmdll.dll

2009-08-22 04:13 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys

2009-08-17 23:33 1,193,832 a------- c:\windows\system32\FM20.DLL

2009-08-16 10:02 4,096 a------- c:\windows\d3dx.dat

2009-08-13 18:54 221,184 a------- c:\windows\system32\xwr14772.dll

2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll

2009-08-06 19:23 215,920 a------- c:\windows\system32\muweb.dll

2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll

2009-08-04 11:13 2,145,280 a------- c:\windows\system32\ntoskrnl.exe

2009-08-04 10:20 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe

2009-06-21 17:38 262,144 a------- C:\ntuser.dat

2009-07-17 15:38 1,079,842 a--sh--- c:\windows\system32\disolada.exe

2009-07-17 14:32 52,736 a--sh--- c:\windows\system32\godojuje.dll

2009-07-17 14:32 52,736 a--sh--- c:\windows\system32\mujuwepa.dll

2009-07-17 15:38 24,576 a--sh--- c:\windows\system32\pibujudo.exe

2009-07-17 15:38 90,624 a--sh--- c:\windows\system32\roloropo.dll

2009-07-17 14:32 52,736 a--sh--- c:\windows\system32\valoreha.dll

2009-07-17 15:38 1,113,004 a--sh--- c:\windows\system32\vekukedu.exe

2009-07-17 15:38 39,424 a--sh--- c:\windows\system32\zitotela.dll



============= FINISH: 23:22:30.26 ===============





ARK



ROOTREPEAL AD, 2007-2009

==================================================

Scan Start Time: 2009/10/17 23:26

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP3

==================================================



Drivers

-------------------

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xBA4A8000 Size: 49152 File Visible: No Signed: -

Status: -



Name: SYMEFA.SYS

Image Path: SYMEFA.SYS

Address: 0xF7451000 Size: 323584 File Visible: No Signed: -

Status: -



Hidden/Locked Files

-------------------

Path: c:\windows\ntbtlog.txt

Status: Size mismatch (API: 2274570, Raw: 2274446)



Path: c:\documents and settings\x-klips\local settings\temp\~dfb8cb.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfb8fb.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfb969.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfba65.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfbdc1.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfbfa7.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfc17c.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfc30a.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfc6ae.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df143.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df30ea.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df35a3.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df387b.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df3ac2.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df3ad5.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df4187.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df4712.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df4759.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df4a0.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df4c3a.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df4fde.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df502.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df930b.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df9435.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df99cb.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df9a7d.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df9de6.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df9e24.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfa0c.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfa437.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfa4ce.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfa98e.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfae25.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfb210.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfb393.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfb406.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfb853.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df685d.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df6a41.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df6ab1.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df6afb.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfe585.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfe5b1.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df22f7.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df24ce.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df29fb.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df8f4a.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df8f97.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df9148.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df51e2.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df545.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df54a4.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df58dc.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df58e1.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df6150.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df64da.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfebcf.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfed1b.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfee4c.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfef5e.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dff1d0.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dff1d4.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dff362.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dff374.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dff3df.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dff4f0.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dff929.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dff93.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dffa79.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dffb4f.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dffcea.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dffe77.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df14c.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df15c5.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df1669.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df169f.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df1a2d.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df1aa1.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df1ae9.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df1b01.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df1b40.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df1c9.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df1e20.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df2132.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfc7c6.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfc99a.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfca18.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfcaaf.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfcf05.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfd47b.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfd9d9.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfe21a.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df6e80.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df715b.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df7175.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df7207.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df7855.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df7bd8.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df849d.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df8779.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df8ba4.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\wer728b.dir00\appcompat.txt

Status: Allocation size mismatch (API: 32768, Raw: 0)



==EOF==





Attach



ROOTREPEAL AD, 2007-2009

==================================================

Scan Start Time: 2009/10/17 23:26

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP3

==================================================



Drivers

-------------------

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xBA4A8000 Size: 49152 File Visible: No Signed: -

Status: -



Name: SYMEFA.SYS

Image Path: SYMEFA.SYS

Address: 0xF7451000 Size: 323584 File Visible: No Signed: -

Status: -



Hidden/Locked Files

-------------------

Path: c:\windows\ntbtlog.txt

Status: Size mismatch (API: 2274570, Raw: 2274446)



Path: c:\documents and settings\x-klips\local settings\temp\~dfb8cb.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfb8fb.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfb969.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfba65.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfbdc1.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfbfa7.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfc17c.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfc30a.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfc6ae.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df143.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df30ea.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df35a3.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df387b.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df3ac2.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df3ad5.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df4187.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df4712.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df4759.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df4a0.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df4c3a.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df4fde.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df502.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df930b.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df9435.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df99cb.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df9a7d.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df9de6.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df9e24.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfa0c.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfa437.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfa4ce.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfa98e.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfae25.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfb210.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfb393.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfb406.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfb853.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df685d.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df6a41.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df6ab1.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df6afb.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfe585.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfe5b1.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df22f7.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df24ce.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df29fb.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df8f4a.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df8f97.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df9148.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df51e2.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df545.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df54a4.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df58dc.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df58e1.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df6150.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df64da.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfebcf.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfed1b.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfee4c.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfef5e.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dff1d0.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dff1d4.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dff362.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dff374.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dff3df.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dff4f0.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dff929.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dff93.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dffa79.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dffb4f.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dffcea.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dffe77.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df14c.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df15c5.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df1669.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df169f.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df1a2d.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df1aa1.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df1ae9.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df1b01.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df1b40.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df1c9.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df1e20.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df2132.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfc7c6.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfc99a.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfca18.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfcaaf.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfcf05.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfd47b.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfd9d9.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~dfe21a.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df6e80.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df715b.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df7175.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df7207.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df7855.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df7bd8.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df849d.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df8779.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\~df8ba4.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)



Path: c:\documents and settings\x-klips\local settings\temp\wer728b.dir00\appcompat.txt

Status: Allocation size mismatch (API: 32768, Raw: 0)



==EOF==


DDS





DDS (Ver_09-10-13.01) - NTFSx86 NETWORK

Run by Administrator at 23:21:42.98 on Sat 10/17/2009

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13



============== Pseudo HJT Report ===============



mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

uInternet Connection Wizard,ShellNext = hxxp://login..yahoo.com/config/reset_cookies_token?.token=kEv3UJ8W6je8Q5Vpn68vZFpSNC_MH2C2ErvCI8nP7hQG79wnFVGV48C70N4o3uvaZ4kDElFHEhfG_i7TvMj9IhX.9q7DbZ5iNF6Jr_zFM7SV3oiVaQBHSwxRG816Kqat_uPuW1HogNf5FNPrxSiu3ba.qIoHac.B73CX1oPUL3zttKDOx17O.HGvQp0JmVX6ROyxsnqm.tANL2OZpgkTT3Wi6xKN5yng89Rz1S4IBG.U5RwuWm5oAIzlhyCqmnja2Qvr.T70LpBqZXhHYgi_2LC6ki9hRiZZCCPAmpRfYF_PoWMP.De.PMPXxjPhYLQJ4KHWKDkWSuaeo_IaelPjIjT5pTTr8pHATQ9vktanX667a8rLVEkN..Z5BibpnxrPb_9cMg1FyqcpDY5qZ4fVgluguDg8fv6VQX6eAj88jJlWUw--&.done=http%3A%2F%2Fus%2Erd%2Eyahoo%2Ecom%2Fmessenger%2Fclient%2F%3Fhttp%3A%2F%2Fmail%2Eyahoo%2Ecom%2F

mWinlogon: UIHost=c:\documents and settings\all users\application data\tuneup software\tuneup utilities\winstyler\tu_logonui.exe

BHO: c:\windows\system32\aixsvm0l.dll: {a2234b15-23f2-42ad-f4e4-00aac39c0004} - c:\windows\system32\aixsvm0l.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.5.2.11\coIEPlg.dll

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Yjafosi8kdf98winmdkmnkmfnwe] c:\documents and settings\administrator\local settings\temp\services.exe

uRun: [system tool] c:\program files\brcymr\ybcusysguard.exe

mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [winupdate.exe] c:\windows\system32\winupdate.exe

mRun: [calc] rundll32.exe c:\windows\system32\calc.dll,_IWMPEvents@0

mRun: [csrs32] c:\windows\system32\csrs32.exe

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

mRun: [lunefopef] Rundll32.exe "c:\windows\system32\roloropo.dll",a

mRun: [system tool] c:\program files\brcymr\ybcusysguard.exe

mRun: [degejibaf] Rundll32.exe "c:\windows\system32\roloropo.dll",a

mRun: [mukozorapa] Rundll32.exe "valoreha.dll",s

uPolicies-explorer: NoFolderOptions = 1 (0x1)

uPolicies-system: DisableRegistryTools = 1 (0x1)

mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)

dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

dPolicies-system: DisableTaskMgr = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: c:\windows\system32\lsp.dll

DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233812685328

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

TCP: {C830E2CB-755D-42B3-A205-DFD055FEC942} = 207.69..188.186,207.69.188.187

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\xobni\Skype4COM.dll

Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.5.2.11\CoIEPlg.dll

Notify: WB - c:\program files\alienguise\fastload.dll

AppInit_DLLs: c:\windows\system32\roloropo.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SSODL: dofikehav - {481b5559-7d7e-495b-ab3a-95a3b43d0cac} - c:\windows\system32\roloropo.dll

STS: c:\windows\system32\aixsvm0l.dll: {a2234b15-23f2-42ad-f4e4-00aac39c0004} - c:\windows\system32\aixsvm0l.dll

STS: jugezatag: {481b5559-7d7e-495b-ab3a-95a3b43d0cac} - c:\windows\system32\roloropo.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

LSA: Notification Packages = scecli godojuje.dll kbcaptmf.dll

IFEO: ctfmon.exe - c:\windows\system32\ctfmon_pu.exe



Note: multiple IFEO entries found. Please refer to Attach.txt



================= FIREFOX ===================



FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\yatxudxk.default\

FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: XULRunner: {CFB8E8DD-D222-4875-AB59-C3AABBEF564D} - c:\documents and settings\administrator\local settings\application data\{CFB8E8DD-D222-4875-AB59-C3AABBEF564D}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}



============= SERVICES / DRIVERS ===============





=============== Created Last 30 ================



2009-10-17 18:20 536,293 a------- c:\windows\system32\35073.dll

2009-10-17 18:20 802,532 a------- c:\windows\system32\ner.exe

2009-10-17 16:10 178,432 a------- c:\windows\system32\lsp.dll

2009-10-17 16:10 119,808 a------- c:\windows\syssvc.exe

2009-10-17 16:10 12,032 a------- c:\windows\system32\iehelper.dll

2009-10-17 16:08 <DIR> --d----- c:\program files\brcymr

2009-10-17 15:42 <DIR> --d----- c:\windows\system32\schtml

2009-10-17 15:39 287,232 a------- c:\windows\svohost.exe

2009-10-17 15:39 58 a------- c:\windows\wp4.dat

2009-10-17 15:39 36 a------- c:\windows\system32\skynet.dat

2009-10-17 15:39 3 a------- c:\windows\wp3.dat

2009-10-17 15:39 565,248 a------- c:\windows\system32\plugie.dll

2009-10-17 15:39 9 a------- c:\windows\system32\nuar.old

2009-10-17 15:39 511,488 a------- c:\windows\system32\pump.exe

2009-10-17 15:39 90 a------- c:\windows\system32\wwp.htm

2009-10-17 15:39 <DIR> --d----- c:\program files\Windows Police Pro

2009-10-17 15:33 2,041,856 a------- c:\windows\system32\AVR09.exe

2009-10-17 15:33 22,528 a------- c:\windows\system32\winhelper.dll

2009-10-17 15:10 195,440 -------- c:\windows\system32\MpSigStub.exe

2009-10-17 15:05 48,966 a------- c:\windows\system32\certstore.dat

2009-10-17 14:57 19,578 a------- c:\windows\ikyz.dl

2009-10-17 14:57 18,376 a------- c:\windows\lekebyv.com

2009-10-17 14:57 16,700 a------- c:\windows\denacihel.dll

2009-10-17 14:57 11,392 a------- c:\windows\system32\uxetov._dl

2009-10-17 14:57 168,960 a------- c:\program files\_scui.vir

2009-10-17 14:56 <DIR> --d----- c:\program files\AntivirusPro_2010

2009-10-17 14:56 152 a------- c:\windows\system32\api.reg

2009-10-17 14:56 20,480 a------- c:\windows\system32\csrs32.exe

2009-10-17 14:43 0 a------- c:\windows\Ctusatazalebinu.bin

2009-10-17 14:43 120 a------- c:\windows\Broya.dat

2009-10-17 14:33 831 a------- c:\windows\system32\critical_warning.html

2009-10-17 14:32 25,600 a--sh--- c:\windows\system32\calc.dll

2009-10-17 14:32 15,000 a------- c:\windows\system32\aixsvm0l.dll

2009-10-17 14:32 24,576 a------- c:\windows\system32\winupdate.exe

2009-10-17 14:32 247,808 a------- C:\lyqr.exe

2009-10-17 14:32 24,576 a------- C:\jboy.exe

2009-10-17 14:32 69,120 a------- c:\windows\system32\~.exe

2009-10-17 11:09 <DIR> --d----- C:\Games

2009-10-16 13:17 <DIR> --d----- c:\program files\Coupons

2009-10-10 18:38 <DIR> --d----- c:\program files\ASIO4ALL v2

2009-10-10 18:37 225,280 a------- c:\windows\system32\rewire.dll

2009-10-10 18:37 1,554,944 a------- c:\windows\system32\vorbis.acm

2009-10-10 18:36 <DIR> --d----- c:\program files\VstPlugins

2009-10-10 18:36 <DIR> --d----- c:\program files\Outsim

2009-10-10 18:28 <DIR> --d----- c:\program files\Image-Line

2009-10-10 00:53 379,392 ---sh--- c:\windows\system32\SCX.dll

2009-10-10 00:53 164,352 ---sh--- c:\windows\system32\SCS.dll

2009-10-10 00:53 56,308 ---sh--- c:\windows\system32\game.jpg

2009-10-10 00:03 <DIR> --d----- c:\program files\Codemasters

2009-10-09 22:43 <DIR> --d----- c:\windows\system32\wbem\Repository

2009-10-07 11:34 <DIR> --d----- c:\documents and settings\administrator\application data\uTorrent

2009-10-07 11:15 <DIR> --d----- c:\documents and settings\administrator\IECompatCache

2009-10-07 10:40 <DIR> --dsh--- c:\documents and settings\administrator\PrivacIE

2009-10-07 10:40 <DIR> --d----- c:\documents and settings\administrator\application data\TuneUp Software

2009-10-06 23:14 552 a------- c:\windows\system32\d3d8caps.dat

2009-10-06 22:29 <DIR> --d----- c:\program files\CompuChess

2009-10-04 14:51 <DIR> --d----- c:\program files\Deep Silver

2009-10-04 14:26 <DIR> -cd-h--- c:\windows\ie8

2009-10-04 14:24 100,352 -c------ c:\windows\system32\dllcache\iecompat.dll

2009-10-02 18:26 <DIR> --d----- c:\program files\uTorrent

2009-09-30 23:28 158,224 a------- c:\windows\system32\drivers\tmcomm.sys

2009-09-30 23:28 59,920 a------- c:\windows\system32\drivers\tmactmon.sys

2009-09-30 23:28 50,704 a------- c:\windows\system32\drivers\tmevtmgr.sys

2009-09-30 23:22 <DIR> --d----- c:\program files\Trend Micro

2009-09-30 23:14 661,808 a------- c:\windows\system32\UfWSC.cpl

2009-09-30 23:14 1,223,832 a------- c:\windows\system32\drivers\vsapint.sys

2009-09-30 23:14 339,984 a------- c:\windows\system32\drivers\TM_CFW.sys

2009-09-30 23:14 225,808 a------- c:\windows\system32\drivers\tmxpflt.sys

2009-09-30 23:14 89,872 a------- c:\windows\system32\drivers\tmtdi.sys

2009-09-30 23:14 36,368 a------- c:\windows\system32\drivers\tmpreflt.sys

2009-09-30 22:45 <DIR> --d----- c:\program files\WebEx

2009-09-30 22:44 23,984 a------- c:\windows\system32\drivers\pnarp.sys

2009-09-30 22:44 25,264 a------- c:\windows\system32\drivers\purendis.sys

2009-09-30 22:44 <DIR> --d----- c:\program files\common files\Pure Networks Shared

2009-09-30 22:40 939,368 a----r-- c:\windows\system32\myflash.ocx

2009-09-30 20:32 <DIR> --d----- c:\windows\vbSkinner

2009-09-30 20:32 <DIR> --d----- c:\program files\PFConfig

2009-09-29 19:43 176,128 a------- c:\windows\system32\nvusmb.exe

2009-09-29 19:43 1,864 a----r-- c:\windows\system32\nvsmb.nvu

2009-09-29 19:37 176,128 a------- c:\windows\system32\nvunrm.exe

2009-09-29 19:37 101,888 a------- c:\windows\system32\drivers\nvtcp.sys

2009-09-29 19:37 3,903 a------- c:\windows\system32\nvnrm.nvu

2009-09-29 18:54 <DIR> --d----- c:\program files\Uniblue

2009-09-29 18:17 <DIR> --d----- c:\program files\Spyware Doctor

2009-09-27 19:30 <DIR> --d----- c:\program files\CONEXANT

2009-09-25 20:23 <DIR> --d----- c:\program files\Kalypso

2009-09-23 00:57 279,712 a------- c:\windows\system32\drivers\atksgt.sys

2009-09-23 00:57 25,888 a------- c:\windows\system32\drivers\lirsgt.sys

2009-09-22 23:54 <DIR> --d----- c:\program files\The Witcher Enhanced Edition

2009-09-22 19:47 604,488 a------- c:\windows\system32\TUProgSt.exe

2009-09-22 19:47 29,000 a------- c:\windows\system32\uxtuneup.dll

2009-09-22 19:47 361,288 a------- c:\windows\system32\TuneUpDefragService..exe

2009-09-22 19:45 <DIR> --d----- c:\program files\TuneUp Utilities 2009



==================== Find3M ====================



2009-10-17 14:57 13,790 a------- c:\program files\common files\epugaloqux._dl

2009-09-11 10:18 136,192 a------- c:\windows\system32\msv1_0.dll

2009-09-04 17:03 58,880 a------- c:\windows\system32\msasn1.dll

2009-08-31 18:46 124,976 a------- c:\windows\system32\drivers\SYMEVENT.SYS

2009-08-31 18:46 60,808 a------- c:\windows\system32\S32EVNT1.DLL

2009-08-31 18:46 7,456 a------- c:\windows\system32\drivers\SYMEVENT.CAT

2009-08-31 18:46 806 a------- c:\windows\system32\drivers\SYMEVENT.INF

2009-08-31 18:44 107,368 a----r-- c:\windows\system32\GEARAspi.dll

2009-08-31 18:44 26,600 a----r-- c:\windows\system32\drivers\GEARAspiWDM.sys

2009-08-29 04:08 916,480 a------- c:\windows\system32\wininet.dll

2009-08-26 04:00 247,326 a------- c:\windows\system32\strmdll.dll

2009-08-22 04:13 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys

2009-08-17 23:33 1,193,832 a------- c:\windows\system32\FM20.DLL

2009-08-16 10:02 4,096 a------- c:\windows\d3dx.dat

2009-08-13 18:54 221,184 a------- c:\windows\system32\xwr14772.dll

2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll

2009-08-06 19:23 215,920 a------- c:\windows\system32\muweb.dll

2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll

2009-08-04 11:13 2,145,280 a------- c:\windows\system32\ntoskrnl.exe

2009-08-04 10:20 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe

2009-06-21 17:38 262,144 a------- C:\ntuser.dat

2009-07-17 15:38 1,079,842 a--sh--- c:\windows\system32\disolada.exe

2009-07-17 14:32 52,736 a--sh--- c:\windows\system32\godojuje.dll

2009-07-17 14:32 52,736 a--sh--- c:\windows\system32\mujuwepa.dll

2009-07-17 15:38 24,576 a--sh--- c:\windows\system32\pibujudo.exe

2009-07-17 15:38 90,624 a--sh--- c:\windows\system32\roloropo.dll

2009-07-17 14:32 52,736 a--sh--- c:\windows\system32\valoreha.dll

2009-07-17 15:38 1,113,004 a--sh--- c:\windows\system32\vekukedu.exe

2009-07-17 15:38 39,424 a--sh--- c:\windows\system32\zitotela.dll



============= FINISH: 23:22:30.26 ===============

==============

Pasting in additional information from another post. ~ OB

can't run anything, states its a virus... every ten seconds or so a new internet tabs opens to porns and viagras sites... tried using malaware and other fix programs but won't execute as said. Antivirus System Pro alert keeps popping up, Antivirus system pro running in tab winsecurity alert running in tab, windows firewall keeps popping up stating trojans backdoors etc... many stuff and the unblock block tabs won't highlights only the cancel butten on that highlights. Police pro was up earlier and after I click the X to close it hadn't seen it since but I know its there. luckly internet still working for now. I had very similiar problems a week ago with this but has taken my internet connection from me that time, and I tried cleaning it thought I did ok till an hour ago, these alert are constently popping up neverending no break in between my typing here as well have to close them to get back on this to type again.

End of added information. ~ OB

Edited by Orange Blossom, 23 October 2009 - 07:02 PM.


BC AdBot (Login to Remove)

 


#2 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:07:49 AM

Posted 30 October 2009 - 09:26 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
PW

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:49 AM

Posted 09 November 2009 - 11:29 PM

Due to the lack of feedback, this Topic is now closed.

In case you still have problems, please send me a Private message to reopen this topic within the next 5 days. Beyond that point, please start a new topic.

Orange Blossom :(
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users