System Security blocking every program

hi, i had this awhile ago but removed it easy but it came back today and is now stronger then ever.... every program i try and open is blocked i try runing malwayre bytes its blocked i try runing procexp to stop it but guess what its blocked..... I need help bad Thanks

Hello see if you can run HijackThis:

http://www.sendspace.com/pro/dl/932rpd

Download that and see if it runs.

kk i did got one log file but when i try and open it its instantly closed

Please download Ice Sword from HERE

1. Download the zip to your desktop and extract it.
   
2. Open the Ice Sword folder and then launch IceSword.exe.
   
3. Then look in the left hand bottom of the program and press "Registry"
   
4. When the registry list opens, drag the line between the two windows so you can see which registry hive you need.
   
5. Next, open the HKEY_LOCAL_MACHINE, and navigate to the following key:
   
   HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
   
   
6. Now look in the right side pane for two run values that are just random numbers.
   
7. Once you have found the value(s), right click it and press "Delete"
   
8. Okay the prompt and close IceSword.
   

k donwloaded it tried runing the exe file and its saying its infected and blocking it

nvm after 4 attempts it some how got through

Please rename IceSword to winlogon.exe if for some reason it does not want to work, now follow my instructions for IceSword.

ok got to current virsion but.... i dont see a run button and the chain continues after current version to exploer<Browser Helper objects

GOT! it man i jut went to the process tab and boom saw the shield and was liek good bye punk ! thaks man

but... i have a fear of it coming back how should i prevent it?

i ran malwayre bytes after its process was stoped also.

See if you can do the following:

Download the GMER rootkit scan from here: GMER

1. Unzip it and start GMER.
   
2. Click the >>> tab and then click the Scan button.
   
3. Once done, click the Copy button.
   
4. This will copy the results to your clipboard.
   
5. Paste the results in your next reply.
   

Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.

Scaning now Malware Bytes got 9 and restarted my comp now im starting the gmer scan. one poped up some error asking if i wanted it to still fully scan my comp i just said yes and its scaning now...

ok so far one thing poped up red in my windows\system32\drivers\vsforcejbmlwlxe.sys(***hidden**)

Have you finished the GMER scan?

not yet almost done

Ok please post the log once finished

GMER 1.0.15.15011 [jxoxm375.exe] - http://www.gmer.net
Rootkit scan 2009-08-02 17:51:30
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code 86E89208 ZwEnumerateKey
Code 86E89460 ZwFlushInstructionCache
Code 86E7B5B6 ZwSaveKey
Code 86E82D86 ZwSaveKeyEx
Code 86E7AC96 IofCallDriver
Code 86E7A37E IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EE130 5 Bytes JMP 86E7AC9B
.text ntkrnlpa.exe!IofCompleteRequest 804EE1C0 5 Bytes JMP 86E7A383
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805ABEC4 5 Bytes JMP 86E89464
PAGE ntkrnlpa.exe!ZwEnumerateKey 8061AB70 5 Bytes JMP 86E8920C
PAGE ntkrnlpa.exe!ZwSaveKey 8061BDE4 5 Bytes JMP 86E7B5BA
PAGE ntkrnlpa.exe!ZwSaveKeyEx 8061BECA 5 Bytes JMP 86E82D8A
? system32\drivers\fksherkw.sys The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\services.exe[780] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003A000A
.text C:\WINDOWS\RTHDCPL.EXE[976] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003F000A
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0066000A
.text C:\Program Files\Java\jre6\bin\jusched.exe[1200] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 012C000A
.text C:\WINDOWS\system32\svchost.exe[1244] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0066000A
.text ...
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4B9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E351F8F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E351F10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E351F54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E351E9C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E351ED6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E351FCA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E2017EA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E35218C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3868] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003D000A

.text C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe[4616] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003A000A
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe[4868] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0106000A
.text C:\Program Files\AIM6\aolsoftware.exe[5012] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003B000A
.text C:\Program Files\jxoxm375.exe[5600] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003A000A
.text ...

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\AIM6\aim6.exe[1708] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[1708] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[1708] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[1708] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[1708] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[1708] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[1708] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[1708] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[1708] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[1708] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[1708] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[1708] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[1708] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[1708] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[1708] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[1708] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[1708] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[1708] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[1708] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[1708] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[1708] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[1708] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[1708] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[1708] @

C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[1708] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[1708] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[1708] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[1708] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[1708] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[1708] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[1708] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[1708] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[1708] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[1708] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[1708] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[1708] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[1708] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[1708] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[1708] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3260] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3260] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3260] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3260] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3260] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3260] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3260] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3260] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3260] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3260] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3260] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3260] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3260] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3260] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3260] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3260] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3260] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3260] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3260] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3260] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3260] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3260] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3260] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3260] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3260] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3260] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3260] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3260] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3260] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\AIM6\aolsoftware.exe[5012] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5012] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5012] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5012] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5012] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5012] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5012] @

C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5012] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5012] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5012] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5012] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5012] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5012] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5012] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5012] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5012] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5012] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5012] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5012] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5012] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5012] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5012] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5012] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5012] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5012] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5012] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5012] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5012] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5012] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5012] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5012] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5012] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5012] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5012] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\vsfocejbmlwlxe.sys (*** hidden *** ) [SYSTEM] vsfocerjkvtftp <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocerjkvtftp
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocerjkvtftp@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocerjkvtftp@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocerjkvtftp@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocerjkvtftp@imagepath \systemroot\system32\drivers\vsfocejbmlwlxe.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocerjkvtftp\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocerjkvtftp\main@aid 10002
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocerjkvtftp\main@sid 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocerjkvtftp\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocerjkvtftp\main\connections
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocerjkvtftp\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocerjkvtftp\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocerjkvtftp\main\injector@* vsfocewsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocerjkvtftp\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocerjkvtftp\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocerjkvtftp\modules@vsfocerk.sys \systemroot\system32\drivers\vsfocejbmlwlxe.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocerjkvtftp\modules@vsfocecmd.dll \systemroot\system32\vsfoceyabrntyp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocerjkvtftp\modules@vsfocelog.dat \systemroot\system32\vsfoceylmfvitu.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocerjkvtftp\modules@vsfocewsp.dll \systemroot\system32\vsfoceiycvprue.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfocerjkvtftp\modules@vsfoce.dat \systemroot\system32\vsfocegqkhxjyi.dat
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocerjkvtftp (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocerjkvtftp@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocerjkvtftp@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocerjkvtftp@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocerjkvtftp@imagepath \systemroot\system32\drivers\vsfocejbmlwlxe.sys
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocerjkvtftp\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocerjkvtftp\main@aid 10002
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocerjkvtftp\main@sid 1
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocerjkvtftp\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocerjkvtftp\main\connections (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocerjkvtftp\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocerjkvtftp\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocerjkvtftp\main\injector@* vsfocewsp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocerjkvtftp\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocerjkvtftp\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocerjkvtftp\modules@vsfocerk.sys \systemroot\system32\drivers\vsfocejbmlwlxe.sys
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocerjkvtftp\modules@vsfocecmd.dll \systemroot\system32\vsfoceyabrntyp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocerjkvtftp\modules@vsfocelog.dat \systemroot\system32\vsfoceylmfvitu.dat
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocerjkvtftp\modules@vsfocewsp.dll \systemroot\system32\vsfoceiycvprue.dll
Reg HKLM\SYSTEM\ControlSet003\Services\vsfocerjkvtftp\modules@vsfoce.dat \systemroot\system32\vsfocegqkhxjyi.dat

---- Files - GMER 1.0.15 ----

File C:\Program Files\Uniblue\DriverScanner\QtDesignerComponents4.dll 1130496 bytes executable
File C:\Program Files\Uniblue\DriverScanner\designer 0 bytes
File C:\Program Files\Uniblue\DriverScanner\designer\BackupView.dll 638976 bytes executable
File C:\Program Files\Uniblue\DriverScanner\designer\MainPluginView.dll 557056 bytes executable
File C:\Program Files\Uniblue\DriverScanner\designer\MessageWindowPlugin.dll 638976 bytes executable
File C:\Program Files\Uniblue\DriverScanner\designer\ProxySettingsView.dll 577536 bytes executable
File C:\Program Files\Uniblue\DriverScanner\designer\RestoreView.dll 647168 bytes executable
File C:\Program Files\Uniblue\DriverScanner\designer\ScanPluginView.dll 774144 bytes executable
File C:\Program Files\Uniblue\DriverScanner\designer\SerialView.dll 569344 bytes executable
File C:\Program Files\Uniblue\DriverScanner\designer\SettingsPluginView.dll 606208 bytes executable
File C:\Program Files\Uniblue\DriverScanner\designer\SystemOverview.dll 647168 bytes executable
File C:\Program Files\Uniblue\DriverScanner\designer\UniblueComponents.dll 450560 bytes executable
File C:\Program Files\Uniblue\DriverScanner\designer\UpdatePluginView.dll 589824 bytes executable
File C:\Program Files\Uniblue\DriverScanner\difxapi.dll 337320 bytes executable
File C:\Program Files\Uniblue\DriverScanner\DriverPresenter.dll 15872 bytes executable
File C:\Program Files\Uniblue\DriverScanner\DriverScanner.dll 581632 bytes
File C:\Program Files\Uniblue\DriverScanner\DriverScanner.exe 212992 bytes executable
File C:\Program Files\Uniblue\DriverScanner\DriverScannerCommon.dll 110592 bytes executable
File C:\Program Files\Uniblue\DriverScanner\imageformats 0 bytes
File C:\Program Files\Uniblue\DriverScanner\imageformats\qgif4.dll 21504 bytes executable
File C:\Program Files\Uniblue\DriverScanner\imageformats\qjpeg4.dll 131072 bytes executable
File C:\Program Files\Uniblue\DriverScanner\license 0 bytes
File C:\Program Files\Uniblue\DriverScanner\license\x32 0 bytes
File C:\Program Files\Uniblue\DriverScanner\license\x32\IsLicense30.dll 344064 bytes executable
File C:\Program Files\Uniblue\DriverScanner\LicenseCommon.dll 24064 bytes executable
File C:\Program Files\Uniblue\DriverScanner\LicenseManager.dll 14336 bytes executable
File C:\Program Files\Uniblue\DriverScanner\Model.dll 40960 bytes executable
File C:\Program Files\Uniblue\DriverScanner\PresenterCommon.dll 8192 bytes executable
File C:\Program Files\Uniblue\DriverScanner\QtCore4.dll 1581056 bytes executable
File C:\Program Files\Uniblue\DriverScanner\QtDesigner4.dll 1622016 bytes executable
File C:\Program Files\Uniblue\DriverScanner\QtGui4.dll 6418432 bytes executable
File C:\Program Files\Uniblue\DriverScanner\QtNetwork4.dll 348160 bytes executable
File C:\Program Files\Uniblue\DriverScanner\QtSvg4.dll 262144 bytes executable
File C:\Program Files\Uniblue\DriverScanner\QtXml4.dll 356352 bytes executable
File C:\Program Files\Uniblue\DriverScanner\rollback 0 bytes
File C:\Program Files\Uniblue\DriverScanner\rollback\vista 0 bytes
File C:\Program Files\Uniblue\DriverScanner\rollback\vista\DriverScannerApi.exe 77312 bytes executable
File C:\Program Files\Uniblue\DriverScanner\rollback\xp 0 bytes
File C:\Program Files\Uniblue\DriverScanner\rollback\xp\DriverScannerApi.exe 57344 bytes executable
File C:\Program Files\Uniblue\DriverScanner\ScannerAdaptor.dll 118784 bytes executable
File C:\Program Files\Uniblue\DriverScanner\UniblueCommon.dll 204800 bytes
File C:\Program Files\Uniblue\DriverScanner\unrar.dll 168448 bytes
File C:\Program Files\Uniblue\DriverScanner\ViewPluginLoader.dll 23040 bytes executable
File C:\Program Files\Uniblue\DriverScanner\XceedCry.dll 526184 bytes executable
File C:\Program Files\Uniblue\DriverScanner\XceedZip.dll 496384 bytes executable
File C:\WINDOWS\system32\drivers\vsfocejbmlwlxe.sys 65024 bytes <-- ROOTKIT !!!
File C:\WINDOWS\system32\vsfocegqkhxjyi.dat 91 bytes
File C:\WINDOWS\system32\vsfoceiycvprue.dll 18432 bytes
File C:\WINDOWS\system32\vsfoceyabrntyp.dll 40448 bytes
File C:\WINDOWS\system32\vsfoceylmfvitu.dat 39437 bytes
File C:\WINDOWS\Temp\vsfocebrfssipnti.tmp 91 bytes

---- EOF - GMER 1.0.15 ----

• Download combofix from here
  Link 1
  Link 2
  

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouse click combofix's window whilst it's running. That may cause it to stall.
  

i can not figure out how to disable avast? and what did you find out by the log does it look bad?

ok i did the combofix scan and have the log should i post it?

ComboFix 09-08-01.09 - Collin 08/02/2009 18:53.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.616 [GMT -4:00]
Running from: c:\documents and settings\Collin\Desktop\Combo-Fix.exe
AV: avast! antivirus 4.8.1335 [VPS 090801-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Collin\My Documents\winlogon.exe
c:\windows\Installer\106afbfd.msi
c:\windows\system32\drivers\vsfocejbmlwlxe.sys
c:\windows\system32\vsfocegqkhxjyi.dat
c:\windows\system32\vsfoceiycvprue.dll
c:\windows\system32\vsfoceyabrntyp.dll
c:\windows\system32\vsfoceylmfvitu.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_vsfocerjkvtftp


((((((((((((((((((((((((( Files Created from 2009-07-02 to 2009-08-02 )))))))))))))))))))))))))))))))
.

2009-08-02 19:01 . 2009-08-02 19:01 287232 ----a-w- c:\program files\jxoxm375.exe
2009-08-02 18:25 . 2009-08-02 18:25 401720 ----a-w- c:\program files\HijackThis.exe
2009-07-27 07:06 . 2009-07-27 07:06 -------- d-----w- c:\program files\Microsoft Games
2009-07-27 06:13 . 2009-07-27 06:13 -------- d-----w- c:\documents and settings\Collin\Application Data\Malwarebytes
2009-07-27 06:12 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-27 06:12 . 2009-07-27 06:12 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-07-27 06:12 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-27 06:12 . 2009-07-27 06:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-18 18:50 . 2009-07-18 18:50 -------- d-----w- c:\documents and settings\Default User\Application Data\Screaming Bee
2009-07-18 06:34 . 2009-07-18 18:50 -------- d-----w- c:\program files\Screaming Bee
2009-07-18 05:50 . 2009-07-18 05:51 -------- d-----w- c:\documents and settings\Collin\Application Data\Screaming Bee
2009-07-18 05:49 . 2009-07-18 05:51 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Screaming Bee
2009-07-17 20:50 . 2009-07-17 22:51 -------- d-----w- c:\documents and settings\Collin\Local Settings\Application Data\FullTiltPoker.NET
2009-07-16 07:01 . 2009-07-17 22:51 -------- d-----w- c:\program files\Full Tilt Poker.Net
2009-07-11 08:15 . 2008-10-27 14:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2009-07-11 08:14 . 2009-07-11 08:14 -------- d-----w- c:\windows\Logs
2009-07-11 08:02 . 2009-07-11 08:02 -------- d-----w- c:\documents and settings\Collin\Application Data\DriverCure
2009-07-11 08:02 . 2009-07-11 08:17 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\DriverCure
2009-07-11 08:02 . 2009-07-11 08:02 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\ParetoLogic

.

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-02 23:17 . 2008-10-03 01:42 256 ----a-w- c:\windows\system32\pool.bin
2009-08-02 18:35 . 2009-08-02 18:35 8290 ----a-w- c:\program files\log
2009-08-02 18:35 . 2009-08-02 18:27 8290 ----a-w- c:\program files\hijackthis.log
2009-07-27 15:35 . 2008-01-25 01:26 38552 ----a-w- c:\documents and settings\Collin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-27 07:11 . 2006-10-29 23:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-16 22:11 . 2008-01-25 00:31 -------- d-----w- c:\program files\World of Warcraft
2009-07-11 08:09 . 2009-04-23 23:17 -------- d-----w- c:\program files\EA Games
2009-07-08 21:21 . 2008-08-20 18:54 -------- d-----w- c:\documents and settings\Collin\Application Data\Hamachi
2009-06-29 16:12 . 2004-08-04 06:56 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 06:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-04 06:56 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 03:46 . 2009-06-25 03:46 216 ----a-w- c:\documents and settings\Collin\CdHack.vbs
2009-06-24 17:10 . 2009-06-23 15:30 -------- d-----w- c:\program files\Lineage II
2009-06-24 06:39 . 2009-06-24 06:27 -------- d-----w- c:\program files\GRT
2009-06-23 15:09 . 2008-12-06 06:34 -------- d-----w- c:\program files\Lineage 2
2009-06-22 07:28 . 2009-06-22 07:28 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Trymedia
2009-06-22 07:27 . 2009-06-22 07:27 -------- d-----w- c:\program files\Hunting Unlimited 2009
2009-06-21 20:09 . 2008-05-01 16:58 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-06-19 02:27 . 2009-06-19 02:22 -------- d-----w- c:\program files\M&Ms The Lost Formulas
2009-06-18 14:59 . 2008-09-14 08:02 -------- d-----w- c:\program files\Hamachi
2009-06-18 14:58 . 2008-08-20 18:54 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-06-18 14:47 . 2009-06-18 04:24 -------- d-----w- c:\program files\3.1.1 Server
2009-06-18 04:29 . 2009-06-18 04:29 -------- d-----w- c:\program files\3.1.1 private server
2009-06-16 14:36 . 2004-08-04 06:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2001-08-23 13:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 04:05 . 2009-06-16 02:07 -------- d-----w- c:\program files\DAoC
2009-06-13 19:53 . 2009-06-13 19:53 5632 --sha-w- c:\program files\Thumbs.db
2009-06-05 00:24 . 2008-08-13 01:23 -------- d-----w- c:\documents and settings\Collin\Application Data\Yahoo!
2009-06-04 21:52 . 2009-06-04 21:52 102912 ----a-w- c:\program files\Shimmer_Book_Talk.ppt
2009-06-04 06:23 . 2009-06-04 06:19 3654839479 ----a-w- c:\program files\Runes-of-Magic-2011821.exe
2009-06-03 19:09 . 2004-08-04 06:56 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-07 15:32 . 2004-08-04 06:56 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 02:41 . 2009-05-06 02:41 10558400 ----a-w- c:\program files\Vuze_Installer.exe
2009-05-05 02:47 . 2009-05-05 02:47 101464 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-03-14 03:24 . 2009-03-14 03:24 6667912 ----a-w- c:\program files\eadm-installer.exe
2009-03-14 03:15 . 2009-03-14 03:15 43396077 ----a-w- c:\program files\WarhammerOnlineInstaller.zip
2008-12-27 06:51 . 2008-12-27 06:51 25740144 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
2008-11-26 21:53 . 2008-11-26 21:53 130757 ----a-w- c:\program files\wh8.zip
2008-11-26 21:49 . 2008-11-26 21:49 39629592 ----a-w- c:\program files\Xenomorph_slim.exe
2008-11-26 02:19 . 2008-11-26 02:19 3064736 ----a-w- c:\program files\ventrilo-3.0.4-Windows-i386.exe
2008-11-19 20:01 . 2008-11-19 20:00 1234120 ----a-w- c:\program files\wrar380.exe
2008-11-18 22:46 . 2008-11-18 22:45 77738200 ----a-w- c:\program files\N3602008_2.0_Build_242A_EN_OEM90_Microsoft.exe
2008-11-18 22:34 . 2008-11-18 22:34 1751280 ----a-w- c:\program files\mirc635.exe
2008-11-17 20:36 . 2008-11-17 20:36 14896 ----a-w- c:\program files\[isoHunt]_I_Am_Legend[2007]DvDrip[Eng]-FXG.4034949.TPB.torrent
2008-11-17 20:32 . 2008-11-17 20:32 270128 ----a-w- c:\program files\utorrent.exe
2008-11-14 03:27 . 2008-11-14 03:27 35124856 ----a-w- c:\program files\AdbeRdr90_en_US.exe
2008-11-12 21:29 . 2008-11-12 21:29 1191056 ----a-w- c:\program files\Downloader_Diablo2_enUS.exe
2008-11-12 02:22 . 2008-11-12 02:22 1105069 ----a-w- c:\program files\Downloader_Diablo2_Lord_of_Destruction_enUS.exe
2008-06-30 04:34 . 2008-11-07 22:52 2839 ----a-w- c:\program files\README.txt
2009-07-23 17:00 . 2009-04-14 21:55 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-04-27 49968]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-25 136600]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-10-25 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"ULiRaid"="c:\program files\ULi5287\ULi5287.exe" [2005-08-24 409600]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-09-22 14854144]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]

c:\documents and settings\Collin\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2008-1-25 1447184]
MorphVOXJr.lnk - c:\program files\Screaming Bee\MorphVOX Junior\MorphVOXJr.exe [2009-5-19 1533264]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.3.0-enUS-downloader.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"=
"c:\\Program Files\\3.1.1 Server\\Hearthstone\\mysql\\bin\\mysqld.exe"=
"c:\\Documents and Settings\\Collin\\Desktop\\3.1.1 Server\\Hearthstone\\mysql\\bin\\mysqld.exe"=
"c:\\Documents and Settings\\Collin\\Desktop\\3.1.1 Server\\Hearthstone\\hearthstone-world.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"56550:TCP"= 56550:TCP:Pando Media Booster
"56550:UDP"= 56550:UDP:Pando Media Booster

R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [10/29/2006 11:18 PM 101120]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [3/2/2009 1:10 AM 114768]
R2 Apache2.2;Apache2.2;c:\program files\Wotlk Private Server\Server\apache\bin\apache.exe [11/5/2008 7:07 PM 17408]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/2/2009 1:10 AM 20560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/13/2007 5:31 PM 24652]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [12/19/2007 2:09 AM 23064]
S3 ghcegftwc;ghcegftwc;\??\c:\documents and settings\Collin\Desktop\ghcegftwc.sys --> c:\documents and settings\Collin\Desktop\ghcegftwc.sys [?]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-NWEReboot - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.wowhead.com/
mStart Page = hxxp://www.myspace.com
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: download.com\www
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.15.0.cab
FF - ProfilePath - c:\docume~1\Collin\APPLIC~1\Mozilla\Firefox\Profiles\qam37ngw.default\
FF - prefs.js: browser.startup.homepage - hxxp://risenguildlh.com/
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJPI150_12.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-02 19:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-448539723-616249376-839522115-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(4512)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\rundll32.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2009-08-02 19:23 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-02 23:23

Pre-Run: 197,355,671,552 bytes free
Post-Run: 198,634,528,768 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

247 --- E O F --- 2009-07-29 21:15

Just waiting for the next step Thanks guys

bump

Hello.
Next,

• Open HijackThis.
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Open Uninstall Manager"
  
• Click on "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Adobe Shockwave Player 11.5
AIM 6
AIMTunes
Apple Mobile Device Support
Apple Software Update
Athlon 64 Processor Driver
ATI - Software Uninstall Utility
ATI Display Driver
avast! Antivirus
AviSynth 2.5
BlackBerry Desktop Software 4.3
BlackBerry Desktop Software 4.3
Critical Update for Windows Media Player 11 (KB959772)
Diablo II
DivX Web Player
EA Download Manager
EVE-ONLINE (remove only)
Fraps (remove only)
FSX Flight Weather Report
Full Tilt Poker.Net
GearDrvs
Hamachi 1.0.3.0
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hunting Unlimited 2009
J2SE Runtime Environment 5.0 Update 12
Java(TM) 6 Update 10
M&Ms The Lost Formulas
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Flight Simulator X Demo
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
mIRC
MorphVOX Junior
MorphVOX Pro
Mozilla Firefox (3.0.12)
MSXML 4.0
MSXML 4.0
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
Nero 7 Premium
NVIDIA Drivers
Pando Media Booster
Realtek High Definition Audio Driver
Roxio Media Manager
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
SpeechRedist
ULi Chipset Driver
Uniblue DriverScanner 2009
Uniblue DriverScanner 2009
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
Viewpoint Media Player
Visual C++ 8.0 CRT (x86) WinSXS MSM
VobSub v2.23 (Remove Only)
Vuze
Warhammer Online - Age of Reckoning
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
World of Warcraft
XviD MPEG4 Video Codec (remove only)
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger

bump

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

J2SE Runtime Environment 5.0 Update 12
Java(TM) 6 Update 10
Uniblue DriverScanner 2009
Uniblue DriverScanner 2009
Viewpoint Media Player
Vuze

Now open a new notepad file.
Input this into the notepad file:

File::
c:\program files\jxoxm375.exe

Driver::
ghcegftwc

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-04-27 49968]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-10-25 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"ULiRaid"="c:\program files\ULi5287\ULi5287.exe" [2005-08-24 409600]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_12\bin\jusched.exe" [2007-05-02 75520]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-09-22 14854144]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]

c:\documents and settings\Collin\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2008-1-25 1447184]
MorphVOXJr.lnk - c:\program files\Screaming Bee\MorphVOX Junior\MorphVOXJr.exe [2009-5-19 1533264]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.3.0-enUS-downloader.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"56550:TCP"= 56550:TCP:Pando Media Booster
"56550:UDP"= 56550:UDP:Pando Media Booster

R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [10/29/2006 11:18 PM 101120]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [3/2/2009 1:10 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/2/2009 1:10 AM 20560]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [12/19/2007 2:09 AM 23064]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.wowhead.com/
mStart Page = hxxp://www.myspace.com
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: download.com\www
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.15.0.cab
FF - ProfilePath - c:\docume~1\Collin\APPLIC~1\Mozilla\Firefox\Profiles\qam37ngw.default\
FF - prefs.js: browser.startup.homepage - hxxp://risenguildlh.com/
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJPI150_12.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-05 17:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-448539723-616249376-839522115-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2388)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\rundll32.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2009-08-05 17:09 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-05 21:09
ComboFix2.txt 2009-08-02 23:23

Pre-Run: 205,457,129,472 bytes free
Post-Run: 205,462,589,440 bytes free

231 --- E O F --- 2009-07-29 21:15

Hello.
Please go back to add/remove programs and uninstall this too: J2SE Runtime Environment 5.0 Update 12

How is the machine running now?

it is running just fine i just wanted to make sure system security never came back...

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

This should be fine now.