MBAM won't open and false warnings...

I keep getting this notification:

"Attention! System detected a potential hazard (TrojanSPM/LX) on your computer that may infect executable files. Your private information and PC safety is at risk. To get rid of unwanted spyware and keep your computer safe you need update your current security software. Click OK to download official intrusion system. (IDS software)"

The desktop turns white. Once it turned blue but changed back to white when I restarted the computer. I am restricted from sites such as Twitter and get this message:

"This web site is restricted based on your security preferences. (Even though I don't even know how to set my security preferences...) Your system is infected. Please activate your antivirus software."

The computer is slower. When I try to open the control panel or something like notepad I get this warning:

"Application cannot be executed. The file is infected. Please activate your antivirus sofware."

I can not open Malwarebytes so I uninstalled/reinstalled it but it doesn't work. Idk if this has anything to do with the problem but I remember getting two..files(?) One was mbam-setup and another was winlogon(?) but when I was trying to reinstall Malwarebytes I only got mbam-setup.

This all I can remember for now.

And here is the log file.

Thank you in advance. <3~

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:57:26 PM, on 1/28/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\ESTsoft\ALYac\AYServiceNt.aye
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBAgent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\npkcmsvc.exe
C:\Program Files\Microsoft Dynamics - Point of Sale\Possum.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\smss32.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys\Network Storage\Network Drive Mapping Utility.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\ESTsoft\ALYac\AYAgent.aye
C:\Program Files\SoftRun\NoPhishing\NoPhishing.exe
C:\WINDOWS\system32\ctfmonnpe.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\kristin\Desktop\winlogon.scr

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
O1 - Hosts: ::1 localhost
O1 - Hosts: 209.44.111.62 aviremover-2009.com
O1 - Hosts: 209.44.111.62 www.aviremover-2009.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: SSVHelper Class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Network Drive Mapping Utility] "C:\Program Files\Linksys\Network Storage\Network Drive Mapping Utility.exe" Z
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [NoPhishing] C:\Program Files\SoftRun\NoPhishing\NPUpdate.exe -s
O4 - HKLM\..\Run: [ALYac] "C:\Program Files\ESTsoft\ALYac\AYUpdate.exe" /run
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [jahajujud] Rundll32.exe "c:\windows\system32\pebapehe.dll",a
O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus CX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE /FU "C:\WINDOWS\TEMP\E_SE1.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Network Drive Mapping Utility] "C:\Program Files\Linksys\Network Storage\Network Drive Mapping Utility.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [] C:\DOCUME~1\kristin\LOCALS~1\Temp\koh5te3a.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [LabelMaker2.0] regsvr32 C:\Program Files\Common Files\MySoftware\regdll.dll /s (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [LabelMaker2.0] regsvr32 C:\Program Files\Common Files\MySoftware\regdll.dll /s (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll
O11 - Options group: [java_sun] Java (Sun)
O15 - Trusted Zone: *.hometax.go.kr
O15 - Trusted Zone: http://*.shinhan.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {044123B5-35DF-4C4E-BAED-26B8ED964342} (HLiveRobotWeb Control) - http://fx.hauri.net/HProduct/livesuite/shinhan/CLIENT/LiveSuite/web/HLiveRobotWeb.cab
O16 - DPF: {1A29905C-C082-11D4-9376-00AA00BFFB71} (checkVerX Control) - http://download.hts.nefficient.co.kr/hts/wcom/cab/checkVer.cab
O16 - DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} (INISAFEWeb6 V6 Class) - http://banking.nonghyup.com/plugin/client/INIS.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {39461460-2552-4D51-A062-3AB6A7B902E9} (INISAFE Updater Control) - http://img.shinhan.com/shttp/install/down/INIS70.cab
O16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} (SCSK Control) - http://k-defence.kbstar.com/scsk/scsk4.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {53EED863-B547-40F8-B24A-2D6DE807CFE8} (Printmade Control) - http://img.shinhan.com/rib//ko/print/Printmade.cab
O16 - DPF: {66413DC2-F891-40BC-822D-B7EEC8ADC281} (ProWorksGrid Control) - http://img.shinhan.com/rib/common/ProWorksGrid_78.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6FE760D3-7851-4879-8838-62D9881D7177} (IniMasHandler Class) - http://ibs.kt.co.kr/imas/IniMasPlugin.cab
O16 - DPF: {861EAB1D-F1FD-45FA-BA28-52595ED4B628} (axWEIK2592 Control) - http://download.hts.nefficient.co.kr/hts/wefile/ers_oil/bde/WEIK2592.cab
O16 - DPF: {8FA8D5F7-7CBA-46D4-9568-68D70C5280E8} (NoPhishingX Control) - http://www.nophishing.co.kr/softrun/SH02/SRNPSH.cab
O16 - DPF: {95A57FEB-0909-4FEA-B819-63DA7C4D9E1E} (Printmade S 1.5.6) - http://img.shinhan.com/rib/ko/print/PrintmadeActiveX.cab
O16 - DPF: {99C709C7-4F58-46C1-855B-90213C760395} (V3D Client Control) - https://v3d.kcp.co.kr/file/kcp_ansimclick.cab
O16 - DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} (mkdplusCtrl Class) - http://ahnlabdownload.nefficient.co.kr/asp/cab/mkdplus.cab
O16 - DPF: {B0A75875-3622-48BA-B5FF-45AD77AC2D0E} (BankPayEFTCtrl Control) - http://download.auction.co.kr/activexpay/20080430/BankPayEFT.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://mail.daum.net/hanmail-ax/DaumActiveX/2_0_0_4/DaumActiveX.cab?ver=2,0,0,4
O16 - DPF: {CF392830-663F-11D5-89EE-000086551DF6} (PS_NTSATL Class) - http://download.hts.nefficient.co.kr/hts/wcom/cab/efile_crypto.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://update.nprotect.net/nprotect/module/npx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://update.nprotect.net/keycrypt/nts/npkcx_vista2.cab
O16 - DPF: {D923AE0C-190D-4EDF-B07A-76AC571FBFD4} (SCSKEx Control) - http://scsk.kbstar.com/scsk/scskex.cab
O16 - DPF: {DC4207CE-C03E-4449-ACB1-032CA4137053} (Npz Control) - http://n-protect.kbstar.com/nprotect/netizenv4/npz.cab
O16 - DPF: {e2883e8f-472f-4fb0-9522-ac9bf37916a7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} (KvpIspCtlD Control) - https://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
O16 - DPF: {EA0995BF-45DD-4DB0-ADD5-A39C37397841} (ShbAutoTrustSite Control) - http://img.shinhan.com/rib/common/TrustSite/vista/ShbAutoTrustSiteX.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - C:\Program Files\INITECH\SHTTP\InitechSHTTPInterface.10111.dll
O20 - AppInit_DLLs: c:\windows\system32\degipeme.dll c:\windows\system32\fohavato.dll wenunuve.dll c:\windows\system32\tahisepi.dll fohomugu.dll c:\windows\system32\powenewe.dll c:\windows\system32\dibiyowa.dll c:\windows\system32\nelufuyu.dll lijohoyo.dll c:\windows\system32\zoyegetu.dll c:\windows\system32\pebapehe.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: teyekuwen - {eb55e953-626b-44ae-af2b-db244230eb1b} - c:\windows\system32\fohavato.dll (file missing)
O21 - SSODL: ravikijed - {d5f972b6-6596-4bf6-a8af-13f35fa5f54d} - c:\windows\system32\tahisepi.dll (file missing)
O21 - SSODL: buhabusow - {0d8b8726-39f7-4f48-a1c1-acae3842fb8d} - c:\windows\system32\tahisepi.dll (file missing)
O21 - SSODL: kuvewenan - {07247711-05c3-4b30-a5ac-ebb558386ce1} - c:\windows\system32\degipeme.dll (file missing)
O21 - SSODL: hukezusoh - {5db4f3b1-d4e7-45da-9b78-d25bcb6f1221} - c:\windows\system32\powenewe.dll (file missing)
O21 - SSODL: sabiyozam - {4ffddf62-5285-4cdb-bd1a-6775c06721f9} - c:\windows\system32\nelufuyu.dll (file missing)
O21 - SSODL: buziwiluh - {edd83229-7df4-4678-ae9b-e99c38466da4} - c:\windows\system32\dibiyowa.dll (file missing)
O21 - SSODL: vutebudal - {c15e99b9-5344-4776-9a81-4ad7a5702333} - c:\windows\system32\zoyegetu.dll (file missing)
O21 - SSODL: nufajewun - {de9d3477-7d40-426d-8f3f-dc79f527348e} - c:\windows\system32\pebapehe.dll
O22 - SharedTaskScheduler: mujuzedij - {eb55e953-626b-44ae-af2b-db244230eb1b} - c:\windows\system32\fohavato.dll (file missing)
O22 - SharedTaskScheduler: tokatiluy - {d5f972b6-6596-4bf6-a8af-13f35fa5f54d} - c:\windows\system32\tahisepi.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {0d8b8726-39f7-4f48-a1c1-acae3842fb8d} - c:\windows\system32\tahisepi.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {07247711-05c3-4b30-a5ac-ebb558386ce1} - c:\windows\system32\degipeme.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {5db4f3b1-d4e7-45da-9b78-d25bcb6f1221} - c:\windows\system32\powenewe.dll (file missing)
O22 - SharedTaskScheduler: tokatiluy - {4ffddf62-5285-4cdb-bd1a-6775c06721f9} - c:\windows\system32\nelufuyu.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {edd83229-7df4-4678-ae9b-e99c38466da4} - c:\windows\system32\dibiyowa.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {c15e99b9-5344-4776-9a81-4ad7a5702333} - c:\windows\system32\zoyegetu.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {de9d3477-7d40-426d-8f3f-dc79f527348e} - c:\windows\system32\pebapehe.dll
O23 - Service: ALYac_PZSrv - Unknown owner - C:\Program.exe (file missing)
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: EpsonBidirectionalAgent - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBAgent.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcmsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 15880 bytes

Last edited by Lickumz on 29th January 2010, 1:26 am; edited 1 time in total

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
  O1 - Hosts: ::1 localhost
  O1 - Hosts: 209.44.111.62 aviremover-2009.com
  O1 - Hosts: 209.44.111.62 www.aviremover-2009.com
  O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
  O4 - HKLM\..\Run: [jahajujud] Rundll32.exe "c:\windows\system32\pebapehe.dll",a
  O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
  O4 - HKCU\..\Run: [] C:\DOCUME~1\kristin\LOCALS~1\Temp\koh5te3a.exe
  O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
  O4 - HKUS\S-1-5-18\..\RunOnce: [LabelMaker2.0] regsvr32 C:\Program Files\Common Files\MySoftware\regdll.dll /s (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\RunOnce: [LabelMaker2.0] regsvr32 C:\Program Files\Common Files\MySoftware\regdll.dll /s (User 'Default user')
  O20 - AppInit_DLLs: c:\windows\system32\degipeme.dll c:\windows\system32\fohavato.dll wenunuve.dll c:\windows\system32\tahisepi.dll fohomugu.dll c:\windows\system32\powenewe.dll c:\windows\system32\dibiyowa.dll c:\windows\system32\nelufuyu.dll lijohoyo.dll c:\windows\system32\zoyegetu.dll c:\windows\system32\pebapehe.dll
  O21 - SSODL: teyekuwen - {eb55e953-626b-44ae-af2b-db244230eb1b} - c:\windows\system32\fohavato.dll (file missing)
  O21 - SSODL: ravikijed - {d5f972b6-6596-4bf6-a8af-13f35fa5f54d} - c:\windows\system32\tahisepi.dll (file missing)
  O21 - SSODL: buhabusow - {0d8b8726-39f7-4f48-a1c1-acae3842fb8d} - c:\windows\system32\tahisepi.dll (file missing)
  O21 - SSODL: kuvewenan - {07247711-05c3-4b30-a5ac-ebb558386ce1} - c:\windows\system32\degipeme.dll (file missing)
  O21 - SSODL: hukezusoh - {5db4f3b1-d4e7-45da-9b78-d25bcb6f1221} - c:\windows\system32\powenewe.dll (file missing)
  O21 - SSODL: sabiyozam - {4ffddf62-5285-4cdb-bd1a-6775c06721f9} - c:\windows\system32\nelufuyu.dll (file missing)
  O21 - SSODL: buziwiluh - {edd83229-7df4-4678-ae9b-e99c38466da4} - c:\windows\system32\dibiyowa.dll (file missing)
  O21 - SSODL: vutebudal - {c15e99b9-5344-4776-9a81-4ad7a5702333} - c:\windows\system32\zoyegetu.dll (file missing)
  O21 - SSODL: nufajewun - {de9d3477-7d40-426d-8f3f-dc79f527348e} - c:\windows\system32\pebapehe.dll
  O22 - SharedTaskScheduler: mujuzedij - {eb55e953-626b-44ae-af2b-db244230eb1b} - c:\windows\system32\fohavato.dll (file missing)
  O22 - SharedTaskScheduler: tokatiluy - {d5f972b6-6596-4bf6-a8af-13f35fa5f54d} - c:\windows\system32\tahisepi.dll (file missing)
  O22 - SharedTaskScheduler: kupuhivus - {0d8b8726-39f7-4f48-a1c1-acae3842fb8d} - c:\windows\system32\tahisepi.dll (file missing)
  O22 - SharedTaskScheduler: kupuhivus - {07247711-05c3-4b30-a5ac-ebb558386ce1} - c:\windows\system32\degipeme.dll (file missing)
  O22 - SharedTaskScheduler: kupuhivus - {5db4f3b1-d4e7-45da-9b78-d25bcb6f1221} - c:\windows\system32\powenewe.dll (file missing)
  O22 - SharedTaskScheduler: tokatiluy - {4ffddf62-5285-4cdb-bd1a-6775c06721f9} - c:\windows\system32\nelufuyu.dll (file missing)
  O22 - SharedTaskScheduler: kupuhivus - {edd83229-7df4-4678-ae9b-e99c38466da4} - c:\windows\system32\dibiyowa.dll (file missing)
  O22 - SharedTaskScheduler: kupuhivus - {c15e99b9-5344-4776-9a81-4ad7a5702333} - c:\windows\system32\zoyegetu.dll (file missing)
  O22 - SharedTaskScheduler: kupuhivus - {de9d3477-7d40-426d-8f3f-dc79f527348e} - c:\windows\system32\pebapehe.dll
  O23 - Service: ALYac_PZSrv - Unknown owner - C:\Program.exe (file missing)
  
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

The weird warning notifications are gone. 8D I can open notepad without a problem. Thank you so much for your help! <3 ^^
But MBAM isn't opening. If I try to open it using the icon on the start menu it says that something is wrong with the shortcut and gives me the option of deleting it or fixing it. I chose to fix it but it's not doing anything. Now I don't get anything at all no matter how I try to open it. I right clicked on the icon and, went to the program file, and the start menu. I still can't go to twitter either. It gives me the same warning. =( Is it a technical problem?

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

I have this Korean anitivirus on my computer so I couldn't disable that. I tried to look it up on the net but I'm not all that fluent in the language so I just ended up with a headache. -_- But the Combo-fix ran anyway and my desktop is back to normal! Yay!! Thank you so much for your help!! ^^ <3~ This computer is used for business purposes so this much is a relief.
I still can't open MBAM nor can I access regular sites such as twitter or youtube. =T

And here is the thingy you asked me to post. =)

ComboFix 10-01-29.02 - kristin 9/2010 Fri 10:47:34.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.949.82.1033.18.2038.1492 [GMT -8:00]
Running from: c:\documents and settings\kristin\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: 알약 *On-access scanning enabled* (Updated) {B9431E5A-E196-4B6F-843A-10E01DB25461}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
Error: Cfiles.dat
PEV Error: ProgramsFolder

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\92034056.ini
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\sFX
C:\temp_hts.tmp
c:\windows\system32\11478.exe
c:\windows\system32\15724.exe
c:\windows\system32\18467.exe
c:\windows\system32\19169.exe
c:\windows\system32\26500.exe
c:\windows\system32\41.exe
c:\windows\system32\6334.exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\geyekrtfotvyvc.dat
c:\windows\system32\hkcmd .exe
c:\windows\system32\igfxpers .exe
c:\windows\system32\igfxtray .exe
c:\windows\system32\IS15.exe
c:\windows\Tasks\htndeioe.job
c:\windows\Tasks\qbboflix.job
c:\windows\Tasks\tjkwfjel.job
c:\windows\Tasks\zccggpko.job

----- BITS: Possible infected sites -----

hxxp://vipwebmail.info
Infected copy of c:\windows\system32\srsvc.dll was found and disinfected
Restored copy from - c:\i386\srsvc.dll

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\i386\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6to4
-------\Legacy_msncache
-------\Legacy_pcmstub
-------\Legacy_sfx
-------\Legacy_sfxdrv
-------\Legacy_sopidkc
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_6to4


((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-29 )))))))))))))))))))))))))))))))
.

2010-01-29 18:53 . 2004-08-04 10:00 50176 ----a-w- c:\windows\system32\proquota.exe
2010-01-29 18:53 . 2004-08-04 10:00 170496 ----a-w- c:\windows\system32\srsvc.dll
2010-01-29 01:05 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-29 01:05 . 2010-01-29 01:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-29 01:05 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-28 20:35 . 2010-01-28 20:35 18944 ----a-w- c:\windows\system32\helper32.dll
2010-01-28 20:35 . 2010-01-28 20:35 20480 ----a-w- c:\windows\system32\winlogon32.exe
2010-01-28 20:35 . 2010-01-28 20:35 20480 ----a-w- c:\windows\system32\smss32.exe
2010-01-26 17:32 . 2010-01-18 17:07 1260800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-01-26 17:32 . 2010-01-18 17:07 3777280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-01-19 21:27 . 2010-01-29 00:22 26457 ----a-w- c:\windows\Sysvxd.exe
2010-01-19 19:46 . 2010-01-19 19:46 54956 ----a-w- c:\windows\system32\drivers\svchost.exe
2010-01-19 17:08 . 2010-01-19 17:08 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-01-08 18:46 . 2010-01-08 18:46 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-08 18:46 . 2010-01-08 18:46 50180 ----a-w- c:\windows\system32\logon.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-29 18:08 . 2009-10-16 20:35 0 ----a-w- c:\documents and settings\kristin\Local Settings\Application Data\prvlcl.dat
2010-01-29 17:14 . 2009-10-10 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-23 00:58 . 2007-07-16 22:19 20424 ----a-w- c:\documents and settings\kristin\Application Data\wklnhst.dat
2010-01-04 16:42 . 2009-12-22 17:43 3966744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-12-21 23:15 . 2009-12-21 23:01 1924744 ----a-w- c:\documents and settings\kristin\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2008-11-14 22:10 . 2007-07-05 22:29 168 --sh--r- c:\windows\system32\3D95FB3368.sys
1601-01-01 00:03 . 1601-01-01 00:03 54784 --sha-w- c:\windows\system32\doyifari.dll
2008-11-14 22:10 . 2007-07-05 22:29 7514 --sha-w- c:\windows\system32\KGyGaAvL.sys
.


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e26f8b1-1c3f-4ccd-82f6-ba04b7615a2d}]
1601-01-01 00:03 54784 --sha-w- c:\windows\system32\doyifari.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Network Drive Mapping Utility"="c:\program files\Linksys\Network Storage\Network Drive Mapping Utility.exe" [2007-06-08 278144]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [N/A]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-13 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [N/A]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [N/A]
"Persistence"="c:\windows\system32\igfxpers.exe" [N/A]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [N/A]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [N/A]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [N/A]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Network Drive Mapping Utility"="c:\program files\Linksys\Network Storage\Network Drive Mapping Utility.exe" [2007-06-08 278144]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-25 63048]
"NoPhishing"="c:\program files\SoftRun\NoPhishing\NPUpdate.exe" [2008-11-11 131072]
"ALYac"="c:\program files\ESTsoft\ALYac\AYUpdate.exe" [2008-10-23 79304]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-04 2033432]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 221184]
"jahajujud"="c:\windows\system32\pebapehe.dll" [N/A]
"niwizesane"="bivemufi.dll" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-10 17:36 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-09-25 20:28 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Linksys\\Network Storage\\Network Drive Mapping Utility.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Viewpoint\\Common\\ViewpointService.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\ESTsoft\\ALYac\\AYAgent.aye"=
"c:\\Program Files\\Microsoft SQL Server\\80\\Tools\\Binn\\sqlmangr.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 AMonTDnt;AMonTDnt;c:\windows\system32\drivers\AmonTDNt.sys [12/19/2008 2:17 PM 93016]
R1 avgldx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/13/2009 9:30 AM 333192]
R1 avgtdix;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/13/2009 9:30 AM 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [10/10/2009 9:35 AM 285392]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 5:46 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [9/29/2008 11:22 PM 47640]
R2 MSSQL$MSPOSINSTANCE;SQL Server (MSPOSINSTANCE);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 9:31 PM 29263712]
R2 Possum;Microsoft Dynamics - Point of Sale Service;c:\program files\Microsoft Dynamics - Point of Sale\Possum.exe [10/26/2006 10:09 PM 19808]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/23/2007 11:35 AM 24652]
S2 kgnvhb;kgnvhb;\??\c:\windows\system32\drivers\sufygaifwk.sys --> c:\windows\system32\drivers\sufygaifwk.sys [?]
S2 yqjvvecx;Monitor Helper;c:\windows\system32\svchost.exe -k netsvcs [8/10/2004 9:51 AM 14336]
S3 AYDrvSP_ALYAC;AYDrvSP_ALYAC;c:\program files\ESTsoft\ALYac\AYDrvSP.sys [12/18/2008 7:57 PM 24312]
S3 CdmDrvNt;CdmDrvNt;c:\windows\system32\drivers\CdmDrvNt.sys [12/19/2008 2:17 PM 19632]
S3 MfFWEnt;MfFWEnt;c:\program files\AhnLab\ASP\MyFirewall 4.0\mffwent.sys [12/19/2008 2:17 PM 101296]
S3 MfIPSEnt;MfIPSEnt;c:\program files\AhnLab\ASP\MyFirewall 4.0\mfipsent.sys [12/19/2008 2:17 PM 121464]
S3 NPFWFLT;NPFWFLT;c:\windows\system32\npfwflt.sys [10/29/2008 8:34 AM 31488]
S3 SBBroker;SBBroker;c:\program files\Microsoft Dynamics - Point of Sale\SbBroker.exe [10/26/2006 10:10 PM 88928]
S3 scskusbf;USB SCSK Filter Driver Service;c:\windows\system32\drivers\scskusbf.sys [10/8/2008 1:01 PM 18184]
S3 scskusbs;USB SCSK Driver Service;c:\windows\system32\drivers\scskusbs.sys [10/8/2008 1:01 PM 175872]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
LSP: c:\windows\system32\helper32.dll
Trusted Zone: hometax.go.kr
Trusted Zone: shinhan.com
Handler: s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - c:\program files\INITECH\SHTTP\InitechSHTTPInterface.10111.dll
Name-Space Handler: http\s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - c:\program files\INITECH\SHTTP\InitechSHTTPInterface.10111.dll
DPF: {044123B5-35DF-4C4E-BAED-26B8ED964342} - hxxp://fx.hauri.net/HProduct/livesuite/shinhan/CLIENT/LiveSuite/web/HLiveRobotWeb.cab
DPF: {1A29905C-C082-11D4-9376-00AA00BFFB71} - hxxp://download.hts.nefficient.co.kr/hts/wcom/cab/checkVer.cab
DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} - hxxp://banking.nonghyup.com/plugin/client/INIS.cab
DPF: {53EED863-B547-40F8-B24A-2D6DE807CFE8} - hxxp://img.shinhan.com/rib//ko/print/Printmade.cab
DPF: {66413DC2-F891-40BC-822D-B7EEC8ADC281} - hxxp://img.shinhan.com/rib/common/ProWorksGrid_78.cab
DPF: {6FE760D3-7851-4879-8838-62D9881D7177} - hxxp://ibs.kt.co.kr/imas/IniMasPlugin.cab
DPF: {861EAB1D-F1FD-45FA-BA28-52595ED4B628} - hxxp://download.hts.nefficient.co.kr/hts/wefile/ers_oil/bde/WEIK2592.cab
DPF: {8FA8D5F7-7CBA-46D4-9568-68D70C5280E8} - hxxp://www.nophishing.co.kr/softrun/SH02/SRNPSH.cab
DPF: {95A57FEB-0909-4FEA-B819-63DA7C4D9E1E} - hxxp://img.shinhan.com/rib/ko/print/PrintmadeActiveX.cab
DPF: {99C709C7-4F58-46C1-855B-90213C760395} - hxxps://v3d.kcp.co.kr/file/kcp_ansimclick.cab
DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} - hxxp://ahnlabdownload.nefficient.co.kr/asp/cab/mkdplus.cab
DPF: {B0A75875-3622-48BA-B5FF-45AD77AC2D0E} - hxxp://download.auction.co.kr/activexpay/20080430/BankPayEFT.cab
DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_0_4/DaumActiveX.cab?ver=2,0,0,4
DPF: {CF392830-663F-11D5-89EE-000086551DF6} - hxxp://download.hts.nefficient.co.kr/hts/wcom/cab/efile_crypto.cab
DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} - hxxp://update.nprotect.net/nprotect/module/npx.cab
DPF: {DC4207CE-C03E-4449-ACB1-032CA4137053} - hxxp://n-protect.kbstar.com/nprotect/netizenv4/npz.cab
DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
DPF: {EA0995BF-45DD-4DB0-ADD5-A39C37397841} - hxxp://img.shinhan.com/rib/common/TrustSite/vista/ShbAutoTrustSiteX.cab
FF - ProfilePath - c:\documents and settings\kristin\Application Data\Mozilla\Firefox\Profiles\tjj68z8h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.unitedmerchant.com/agent/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\kristin\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SharedTaskScheduler-{de9d3477-7d40-426d-8f3f-dc79f527348e} - c:\windows\system32\pebapehe.dll
SSODL-nufajewun-{de9d3477-7d40-426d-8f3f-dc79f527348e} - c:\windows\system32\pebapehe.dll
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
AddRemove-HijackThis - c:\documents and settings\kristin\Desktop\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-29 10:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...


c:\windows\TEMP\OLDA.tmp 51224 bytes executable
c:\windows\system32\wuapi.dll.wusetup.209703.bak 561688 bytes executable
c:\windows\system32\wuauclt.exe.wusetup.211906.bak 51224 bytes executable
c:\windows\system32\wuaueng.dll.wusetup.213468.bak 1809944 bytes executable

scan completed successfully
hȋdden files: 4

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALYac_PZSrv]
"ImagePath"="c:\program files\ESTsoft\ALYac\AYServiceNt.aye"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7c,fd,93,c6,a4,41,43,45,8f,bb,b7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7c,fd,93,c6,a4,41,43,45,8f,bb,b7,\

[HKEY_USERS\S-1-5-21-503786190-2344988469-3294133235-1006\Software\Microsoft\MessengerService\GroupStateCacheU\*촴?
"Name"=hex:00,ac,71,c8,00,00
"Collapsed"=hex:00,00,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\LMIinit.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(2344)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\helper32.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Common Files\EPSON\EBAPI\eEBAgent.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\windows\system32\npkcmsvc.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\conime.exe
c:\windows\stsystra.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\ESTsoft\ALYac\AYAgent.aye
c:\program files\SoftRun\NoPhishing\NoPhishing.exe
c:\windows\system32\ctfmonnpe.exe
.
**************************************************************************
.
Completion time: 2010-01-29 11:11:41 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-29 19:11

Pre-Run: 41,141,366,784 bytes free
Post-Run: 41,879,793,664 bytes free

- - End Of File - - CB040474F49A731B43F561016003ED0C

Hello.

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   
   File::
   c:\windows\Sysvxd.exe
   c:\windows\system32\drivers\svchost.exe
   c:\windows\system32\doyifari.dll
   c:\program files\AVG\AVG8\avgtray .exe
   c:\program files\Dell\Media Experience\dmxlauncher .exe
   c:\windows\system32\DLA\dlactrlw .exe
   
   Driver::
   fkwkeh
   
   Registry::
   [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e26f8b1-1c3f-4ccd-82f6-ba04b7615a2d}]
   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   "jahajujud"=-
   "niwizesane"=-
   
   Driver::
   kgnvhb
   yqjvvecx
   

   
   
4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.