Zelokore.dll problem. DDS and GMER reports

[mcomputer01]

This is my first time posting on a forum. I am computer tech working on a friends computer and everytime the computer starts I get a message saying "the application or DLL C:\WINDOWS\system32\zelokore.dll is not a valid image. Please check this against your installation diskette." this is for any program loading. Here are the logs for this that was done a little while ago. Please help. I have tried alot of programs to get rid of this and nothing is working. I have put a thread on bleepingcomputer.com and I do not have access to a install disc right now but I might be able to get a hold of one.



DDS (Ver_09-10-26.01) - NTFSx86
Run by Owner at 0:20:42.28 on Wed 10/28/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.640 [GMT -4:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
C:\WINDOWS\system32\wuauclt.exe

============== Pseudo HJT Report ===============

uSearch Bar =
uStart Page = hxxp://www.google.com
uSearch Page =
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/
uSearchAssistant = hxxp://www.google.com
mSearchAssistant =
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
mRun: [IntelAudioStudio] "c:\program files\intel audio studio\IntelAudioStudio.exe" BOOT
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254714669234
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: zelokore.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\rqRIyYOg
LSA: Notification Packages = scecli yobijowu.dll

============= SERVICES / DRIVERS ===============

S1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\sasdifsv.sys --> c:\program files\superantispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S3 DPCNET5U;Satellite USB Driver;c:\windows\system32\drivers\dpcnet5u.sys --> c:\windows\system32\drivers\dpcnet5u.sys [?]
S3 gAGP440p;gAGP440p;\??\c:\docume~1\owner\locals~1\temp\gagp440p.sys --> c:\docume~1\owner\locals~1\temp\gAGP440p.sys [?]
S4 scsiaae;scsiaae;c:\docume~1\owner\locals~1\temp\msi19.tmp --> c:\docume~1\owner\locals~1\temp\MSI19.tmp [?]

=============== Created Last 30 ================

2009-10-16 05:22:14 0 d-----w- c:\program files\Trend Micro
2009-10-16 0547 0 d-----w- c:\program files\CCleaner
2009-10-15 05:48:55 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-15 05:47:12 0 d-----w- c:\program files\Microsoft Security Essentials
2009-10-13 05:21:01 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-10-13 05:21:01 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-13 04:51:06 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-10-13 04:51:06 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-10-12 10:11:19 0 d-sh--w- c:\documents and settings\owner\UserData
2009-10-12 05:31:15 27496 ----a-w- c:\windows\system32\mucltui.dll.mui
2009-10-12 05:31:15 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-10-05 06:27:56 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-10-05 06:27:50 0 d-----w- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2009-10-05 04:10:46 0 d---a-w- c:\windows\system32\images
2009-10-05 04:07:58 0 ----a-w- c:\windows\system32\skynet.dat
2009-10-05 0444 58 ----a-w- c:\windows\wf4.dat
2009-10-05 0444 3 ----a-w- c:\windows\wf3.dat
2009-10-05 0440 9 ----a-w- c:\windows\system32\nuar.old
2009-10-05 0438 88 ----a-w- c:\windows\system32\wwp.htm
2009-10-05 03:59:22 46 ----a-w- C:\p2hhr.bat
2009-10-05 03:55:42 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-10-02 07:13:20 0 d-----w- C:\6b20aeed6de42b68175f00a2
2009-09-30 15:19:54 0 d-----w- C:\cabs
2009-09-30 14:23:41 0 d-----w- c:\windows\system32\NtmsData

==================== Find3M ====================

2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 18:54:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-09 23:57:28 19779 ----a-w- c:\program files\common files\fakiv.vbs
2009-09-09 23:57:28 19376 ----a-w- c:\docume~1\owner\applic~1\halerabami.bin
2009-09-09 23:57:28 15616 ----a-w- c:\windows\ycyrujogy.bat
2009-09-09 23:57:28 15518 ----a-w- c:\windows\amulacem.dll
2009-09-09 23:57:28 12470 ----a-w- c:\windows\hatywyb.exe
2009-09-09 23:57:28 11786 ----a-w- c:\program files\common files\tiwyxywum.lib
2009-09-09 23:57:28 10931 ----a-w- c:\docume~1\owner\applic~1\gasigydewe.dll
2009-09-09 23:57:28 10885 ----a-w- c:\windows\ypezeb.sys
2009-09-09 23:57:28 10229 ----a-w- c:\docume~1\owner\applic~1\sisedaber.sys
2009-09-09 23:57:28 10049 ----a-w- c:\windows\amumov.bat
2009-09-09 23:57:27 18661 ----a-w- c:\windows\ozalu.reg
2009-09-09 22:09:06 17095 ----a-w- c:\windows\saxybyjo.dat
2009-09-09 22:09:06 17021 ----a-w- c:\program files\common files\ratip.lib
2009-09-09 22:09:06 16828 ----a-w- c:\windows\iwepefybi.pif
2009-09-09 22:09:06 16573 ----a-w- c:\program files\common files\xynepun.sys
2009-09-09 22:09:06 15441 ----a-w- c:\windows\ilifiliwik.scr
2009-09-09 22:09:06 14618 ----a-w- c:\docume~1\owner\applic~1\unosacuj.scr
2009-09-09 22:09:06 13150 ----a-w- c:\windows\system32\nijyp.sys
2009-09-09 22:09:06 12215 ----a-w- c:\docume~1\alluse~1\applic~1\qupodef.pif
2009-09-09 22:09:05 19810 ----a-w- c:\program files\common files\otuhyty.dl
2009-09-09 22:09:05 16656 ----a-w- c:\docume~1\owner\applic~1\negef.dll
2009-09-07 17:04:57 774 -c--a-w- c:\docume~1\owner\applic~1\wklnhst.dat
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36:27 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36:24 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2001-09-28 22:00:28 164864 -c--a-w- c:\program files\UNWISE.EXE
2009-07-05 03:59:21 0 --sha-w- c:\windows\system32\zelokore.dll

============= FINISH: 0:22:16.67 ===============

[tetonbob]

As you're already receiving help from Blade81 at BleepingComputer, this thread is closed. If you have open topics for this same issue at other forums as well, please use only one, and let the others know.