System security 2009- cannot open any program files.

Yes please, and when it finished paste it all.

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-10 13:17:47
Windows 5.1.2600 Service Pack 2


---- User code sections - GMER 1.0.15 ----

.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[188] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10014020
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[188] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10013F4C
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[188] WS2_32.dll!send 71AB428A 5 Bytes JMP 10013734
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[188] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10012D80
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[188] WS2_32.dll!recv 71AB615A 5 Bytes JMP 10012CD0
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[188] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 10013F14
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[572] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10034020
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[572] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10033F4C
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[572] WS2_32.dll!send 71AB428A 5 Bytes JMP 10033734
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[572] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10032D80
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[572] WS2_32.dll!recv 71AB615A 5 Bytes JMP 10032CD0
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[572] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 10033F14
.text C:\WINDOWS\system32\winlogon.exe[628] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10014020
.text C:\WINDOWS\system32\winlogon.exe[628] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10013F4C
.text C:\WINDOWS\system32\winlogon.exe[628] WS2_32.dll!send 71AB428A 5 Bytes JMP 10013734
.text C:\WINDOWS\system32\winlogon.exe[628] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10012D80
.text C:\WINDOWS\system32\winlogon.exe[628] WS2_32.dll!recv 71AB615A 5 Bytes JMP 10012CD0
.text C:\WINDOWS\system32\winlogon.exe[628] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 10013F14
.text C:\WINDOWS\system32\services.exe[676] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10014020
.text C:\WINDOWS\system32\services.exe[676] ws2_32.dll!connect 71AB406A 5 Bytes JMP 10013F4C
.text C:\WINDOWS\system32\services.exe[676] ws2_32.dll!send 71AB428A 5 Bytes JMP 10013734
.text C:\WINDOWS\system32\services.exe[676] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10012D80
.text C:\WINDOWS\system32\services.exe[676] ws2_32.dll!recv 71AB615A 5 Bytes JMP 10012CD0
.text C:\WINDOWS\system32\services.exe[676] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10013F14
.text C:\WINDOWS\system32\lsass.exe[688] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10014020
.text C:\WINDOWS\system32\lsass.exe[688] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10013F4C
.text C:\WINDOWS\system32\lsass.exe[688] WS2_32.dll!send 71AB428A 5 Bytes JMP 10013734
.text C:\WINDOWS\system32\lsass.exe[688] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10012D80
.text C:\WINDOWS\system32\lsass.exe[688] WS2_32.dll!recv 71AB615A 5 Bytes JMP 10012CD0
.text C:\WINDOWS\system32\lsass.exe[688] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 10013F14
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10014020
.text C:\WINDOWS\system32\svchost.exe[868] ws2_32.dll!connect 71AB406A 5 Bytes JMP 10013F4C
.text C:\WINDOWS\system32\svchost.exe[868] ws2_32.dll!send 71AB428A 5 Bytes JMP 10013734
.text C:\WINDOWS\system32\svchost.exe[868] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10012D80
.text C:\WINDOWS\system32\svchost.exe[868] ws2_32.dll!recv 71AB615A 5 Bytes JMP 10012CD0
.text C:\WINDOWS\system32\svchost.exe[868] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10013F14
.text C:\WINDOWS\System32\svchost.exe[1028] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10014020
.text C:\WINDOWS\System32\svchost.exe[1028] ws2_32.dll!connect 71AB406A 5 Bytes JMP 10013F4C
.text C:\WINDOWS\System32\svchost.exe[1028] ws2_32.dll!send 71AB428A 5 Bytes JMP 10013734
.text C:\WINDOWS\System32\svchost.exe[1028] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10012D80
.text C:\WINDOWS\System32\svchost.exe[1028] ws2_32.dll!recv 71AB615A 5 Bytes JMP 10012CD0
.text C:\WINDOWS\System32\svchost.exe[1028] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10013F14
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10014020
.text C:\WINDOWS\system32\svchost.exe[1072] ws2_32.dll!connect 71AB406A 5 Bytes JMP 10013F4C
.text C:\WINDOWS\system32\svchost.exe[1072] ws2_32.dll!send 71AB428A 5 Bytes JMP 10013734
.text C:\WINDOWS\system32\svchost.exe[1072] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10012D80
.text C:\WINDOWS\system32\svchost.exe[1072] ws2_32.dll!recv 71AB615A 5 Bytes JMP 10012CD0
.text C:\WINDOWS\system32\svchost.exe[1072] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10013F14
.text C:\WINDOWS\Explorer.EXE[1672] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10014020
.text C:\WINDOWS\Explorer.EXE[1672] ws2_32.dll!connect 71AB406A 5 Bytes JMP 10013F4C
.text C:\WINDOWS\Explorer.EXE[1672] ws2_32.dll!send 71AB428A 5 Bytes JMP 10013734
.text C:\WINDOWS\Explorer.EXE[1672] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10012D80
.text C:\WINDOWS\Explorer.EXE[1672] ws2_32.dll!recv 71AB615A 5 Bytes JMP 10012CD0
.text C:\WINDOWS\Explorer.EXE[1672] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10013F14
.text C:\WINDOWS\System32\svchost.exe[1736] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10014020
.text C:\WINDOWS\System32\svchost.exe[1736] ws2_32.dll!connect 71AB406A 5 Bytes JMP 10013F4C
.text C:\WINDOWS\System32\svchost.exe[1736] ws2_32.dll!send 71AB428A 5 Bytes JMP 10013734
.text C:\WINDOWS\System32\svchost.exe[1736] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10012D80
.text C:\WINDOWS\System32\svchost.exe[1736] ws2_32.dll!recv 71AB615A 5 Bytes JMP 10012CD0
.text C:\WINDOWS\System32\svchost.exe[1736] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10013F14
.text C:\WINDOWS\system32\spoolsv.exe[1832] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10014020
.text C:\WINDOWS\system32\spoolsv.exe[1832] ws2_32.dll!connect 71AB406A 5 Bytes JMP 10013F4C
.text C:\WINDOWS\system32\spoolsv.exe[1832] ws2_32.dll!send 71AB428A 5 Bytes JMP 10013734
.text C:\WINDOWS\system32\spoolsv.exe[1832] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10012D80
.text C:\WINDOWS\system32\spoolsv.exe[1832] ws2_32.dll!recv 71AB615A 5 Bytes JMP 10012CD0
.text C:\WINDOWS\system32\spoolsv.exe[1832] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10013F14
.text C:\PROGRA~1\Mozilla Firefox\firefox.exe[2488] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10014020
.text C:\PROGRA~1\Mozilla Firefox\firefox.exe[2488] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10013F4C
.text C:\PROGRA~1\Mozilla Firefox\firefox.exe[2488] WS2_32.dll!send 71AB428A 5 Bytes JMP 10013734
.text C:\PROGRA~1\Mozilla Firefox\firefox.exe[2488] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10012D80
.text C:\PROGRA~1\Mozilla Firefox\firefox.exe[2488] WS2_32.dll!recv 71AB615A 5 Bytes JMP 10012CD0
.text C:\PROGRA~1\Mozilla Firefox\firefox.exe[2488] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 10013F14
? C:\WINDOWS\System32\svchost.exe[3028] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: MFC42.DLLunknown module: OLEAUT32.dll
.text C:\WINDOWS\System32\svchost.exe[3028] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10014020
.text C:\WINDOWS\System32\svchost.exe[3028] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10013F4C
.text C:\WINDOWS\System32\svchost.exe[3028] WS2_32.dll!send 71AB428A 5 Bytes JMP 10013734
.text C:\WINDOWS\System32\svchost.exe[3028] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10012D80
.text C:\WINDOWS\System32\svchost.exe[3028] WS2_32.dll!recv 71AB615A 5 Bytes JMP 10012CD0
.text C:\WINDOWS\System32\svchost.exe[3028] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 10013F14
.text C:\WINDOWS\system32\wuauclt.exe[3084] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10014020
.text C:\WINDOWS\system32\wuauclt.exe[3084] ws2_32.dll!connect 71AB406A 5 Bytes JMP 10013F4C
.text C:\WINDOWS\system32\wuauclt.exe[3084] ws2_32.dll!send 71AB428A 5 Bytes JMP 10013734
.text C:\WINDOWS\system32\wuauclt.exe[3084] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10012D80
.text C:\WINDOWS\system32\wuauclt.exe[3084] ws2_32.dll!recv 71AB615A 5 Bytes JMP 10012CD0
.text C:\WINDOWS\system32\wuauclt.exe[3084] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10013F14
.text C:\WINDOWS\system32\ctfmon.exe[3688] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10014020
.text C:\WINDOWS\system32\ctfmon.exe[3688] ws2_32.dll!connect 71AB406A 5 Bytes JMP 10013F4C
.text C:\WINDOWS\system32\ctfmon.exe[3688] ws2_32.dll!send 71AB428A 5 Bytes JMP 10013734
.text C:\WINDOWS\system32\ctfmon.exe[3688] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10012D80
.text C:\WINDOWS\system32\ctfmon.exe[3688] ws2_32.dll!recv 71AB615A 5 Bytes JMP 10012CD0
.text C:\WINDOWS\system32\ctfmon.exe[3688] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10013F14

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \FileSystem\Cdfs \Cdfs EF5F6400

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\UACymxdlsoy.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACymxdlsoy.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACymxdlsoy.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACvpakjaum.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACpixbopup.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACotkckbob.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACxdeatnod.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACltfaqglx.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACtssghvtp.db
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACjkdsxmti.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACjgmhyguu.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACwduehfnp.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACunthovby.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UAClkvkfrme.log
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACymxdlsoy.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACymxdlsoy.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACvpakjaum.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACpixbopup.dat
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACotkckbob.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACxdeatnod.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACltfaqglx.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACtssghvtp.db
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACjkdsxmti.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACjgmhyguu.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACwduehfnp.log
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACunthovby.log
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UAClkvkfrme.log

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE or HERE.

• Click on Avenger.zip to open the file
  
• Extract avenger.exe to your desktop
  

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Drivers to delete:
UACd.sys

Files to delete:
C:\WINDOWS\system32\drivers\UACymxdlsoy.sys

Registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
HKLM\SYSTEM\ControlSet002\Services\UACd.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

• Under "Input script here:", paste in the script from the quote box above.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

4. Please copy/paste the content of c:\avenger.txt into your reply.

ok so no black window... it did reboot. i went to c:\ avenger there's only a UAC systems file.
but i did find this on the avenger program itself

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Fri Jul 10 13:55:25 2009

13:54:51: Error: Could not execute registry backup. (error -2147221003: application not found)


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "UACd.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\UACymxdlsoy.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

should i restart the GMER scan?

No. See if you can run MBAM now.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 5.1.2600 Service Pack 2

7/11/2009 1:26:33 AM
mbam-log-2009-07-11 (01-26-33).txt

Scan type: Quick Scan
Objects scanned: 97673
Time elapsed: 23 minute(s), 34 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 2
Registry Keys Infected: 42
Registry Values Infected: 31
Registry Data Items Infected: 21
Folders Infected: 3
Files Infected: 33

Memory Processes Infected:
C:\WINDOWS\system32\sopidkc.exe (Backdoor.Bot) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\msncache.dll (Backdoor.Bot) -> Delete on reboot.
c:\WINDOWS\system32\6to4v32.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msncache (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msncache (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msncache (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bhonew.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bhonew.bho.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\f406.f406mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\f406.f406mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4937d5d1-2039-409a-bd83-fec9b39b2356} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{caf9d798-c659-4b9b-8e19-ee27c3d04ee7} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{15c7d7ad-a87a-4c0d-9d8b-637fcd3488ef} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c82b3296-fc52-4cd7-876b-8147e28da748} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fb0e529a-3d2c-473e-83fe-9e56ac6cc0eb} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sopidkc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\UNICCodec (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\UNICCodecSoft (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UNICCodec (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\eeekp (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\6to4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\6to4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sopidkc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sopidkc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Bind (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemSecurity2009 (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\net (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cognac (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\search page (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\search bar (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\default_search_url (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search bar (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\realteczs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mms (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdiol.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux (Trojan.JSRedir.H) -> Bad: (C:\DOCUME~1\Owner\LOCALS~1\Temp\..\psmsqhk.cjg) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\(default) (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\(default) (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://internetsearchservice.com/ie6.html) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://internetsearchservice.com/ie6.html) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.bat\(default) (Hijacked.BatFile) -> Bad: (csfile) Good: (batfile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.com\(default) (Hijacked.ComFile) -> Bad: (csfile) Good: (comfile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (csfile) Good: (exefile) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.189,85.255.112.178 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.189,85.255.112.178 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.189,85.255.112.178 -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\Owner\Start Menu\Programs\System Security (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\Start Menu\Programs\UNICCodec (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\UNICCodec (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Owner\Local Settings\psmsqhk.cjg (Trojan.JSRedir.H) -> Delete on reboot.
C:\WINDOWS\system32\msncache.dll (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\net.net (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aol2tbl.dll (Trojan.BHO) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\k56kshhui43wyugheh66hjfdsn44.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\prun.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\bucksnet.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\ZAN23.exe (Adware.Zango) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\txpxr_173206186897.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\Desktop\Setup.exe (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\start menu\Programs\system security\System Security (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\start menu\Programs\uniccodec\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\program files\uniccodec\Uninstall.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6to4v32.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\UACd.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sopidkc.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tpsaxyd.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\Local Settings\Temp\rasesnet.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\Local Settings\Temp\xpre.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Sysvxd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\b.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\favorites\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.
c:\WINDOWS\Fonts\services.exe (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\UACpixbopup.dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\UACwduehfnp.log (Trojan.Agent) -> Quarantined and deleted successfully.

Thanks a zillion guys programs are working fine. i hope that means everything's okay?

ok now they're not working so fine. I switched my laptop on today and it wont let me access any program.

Hello.
The malware has likely returned because MBAM didn't get it all, you forgot to update it before running the scan.
Can you run MBAM at all?

ohh.... no i can't. It says "you may not have the appropriate permission to access the file"

Are you able to run the avenger/GMER?

nope i get the same msg with any program i try to open

Are you logged on as an administrator?

Can you try running GMER from safe mode?

i can run anything in safe mode. however, i can't seem to find GMER :S should i run avenger instead or MBAM?

ok now i can run anything in normal mode.... hmmm.. am running GMER

okk so am back after a long break. i haven't used my laptop ever since my last post. i get a system32 or smth the like every time i my laptop on... and its much slower :S dont know what to do. thinking of just formatting the whole thing and reinstalling windows.. ?

Hello.
Can you post a new GMER log?