like 3 weeks ago my computer just started to show only my wallpaper when i logged in.
and i tried everything on the internet and nothing seemed to work.
i also scanned my computer with malwarebytes and deleted everything that was infected
so now i this the hijackthis and here is the thing xD

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 오후 7:39:16, on 2009-10-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CAGlobal.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Light\CAGlobalLight.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O1 - Hosts: 69.10.51.38 a1.review.zdnet.com
O1 - Hosts: 69.10.51.38 d1.reviews.cnet.com
O1 - Hosts: 69.10.51.38 reviews.riverstreams.co.uk
O1 - Hosts: 69.10.51.38 reviews.download.com
O1 - Hosts: 69.10.51.38 review.2009softwarereviews.com
O1 - Hosts: 69.10.51.38 reviews.pcmag.com
O1 - Hosts: 69.10.51.38 reviews.pcadvisor.co.uk
O1 - Hosts: 69.10.51.38 reviews.techradar.com
O1 - Hosts: 69.10.51.38 reviews.pcpro.co.uk
O1 - Hosts: 69.10.51.38 www.reevoo.com
O1 - Hosts: 69.10.51.38 toptenreviews.com
O2 - BHO: ALPassHelper Class - {00533B73-E574-46E9-B06A-FDF4592E67CB} - C:\Program Files\ESTsoft\ALPass\ApsHelper19.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: ALToolBar - {38FBE93D-4CA1-4414-AF6A-94920C5BD8DA} - C:\Program Files\ESTsoft\ALToolbar\ALToolBand_1300.dll
O3 - Toolbar: 네이버 툴바(&N) - {D09CFF09-A42A-4EDC-9804-E61224F59CA1} - C:\Program Files\naver\NaverToolbar\NaverTB_3_1_1_107.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 오디오 드라이버\stacmon.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [CAPPActiveProtection] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ALPass] C:\Program Files\ESTsoft\ALPass\ALPass.exe
O4 - HKCU\..\Run: [oovoo.exe] C:\Program Files\ooVoo\oovoo.exe /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Logitech . 제품 등록.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 네이버 검색 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_1_1_107.dll /SEARCH.HTML
O8 - Extra context menu item: 네이버 북마크하기 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_1_1_107.dll /BOOKMARK.HTML
O8 - Extra context menu item: 네이버 블로그 담기 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_1_1_107.dll /BLOG.HTML
O8 - Extra context menu item: 네이버 사전 검색 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_1_1_107.dll /DIC.HTML
O8 - Extra context menu item: 네이버 일한 번역 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_1_1_107.dll /JKTRANS.HTML
O8 - Extra context menu item: 알툴바 빠른검색(&Q) - res://C:\Program Files\ESTsoft\ALToolbar\ALToolBand_1300.dll/23/SEARCH.HTML
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: 알패스 - {572E3910-4764-4E88-8929-176B2B192FF7} - C:\Program Files\ESTsoft\ALPass\ALPass.exe
O9 - Extra 'Tools' menuitem: 알패스 - {572E3910-4764-4E88-8929-176B2B192FF7} - C:\Program Files\ESTsoft\ALPass\ALPass.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8579 bytes







please help me ! thank you !

Ok nothing wrong so far but next time you scan again, check fix these:
O1 - Hosts: 69.10.51.38 a1.review.zdnet.com
O1 - Hosts: 69.10.51.38 d1.reviews.cnet.com
O1 - Hosts: 69.10.51.38 reviews.riverstreams.co.uk
O1 - Hosts: 69.10.51.38 reviews.download.com
O1 - Hosts: 69.10.51.38 review.2009softwarereviews.com
O1 - Hosts: 69.10.51.38 reviews.pcmag.com
O1 - Hosts: 69.10.51.38 reviews.pcadvisor.co.uk
O1 - Hosts: 69.10.51.38 reviews.techradar.com
O1 - Hosts: 69.10.51.38 reviews.pcpro.co.uk
O1 - Hosts: 69.10.51.38 www.reevoo.com
O1 - Hosts: 69.10.51.38 toptenreviews.com

So let's start smoothly...
Have you tried to run explorer.exe as a new task? (Ctrl+alt+del and then file, new task...)
You type in explorer.exe and press enter. Nothing happens? If so, can you open a new task again but this time, browse in C:\Windows\ and find "explorer.exe"... Is it there?

okay so i checked the stuff and fixed them
and i browsed the thing and i only had explorer
but not explorer.exe.

Oh ok... Your extensions are hidden...
Can you open that explorer and see if it works?

okay so i have 2 explorers.
one is a picture of the computer and its named explorer and when i click it it opens my documents ant stuff
and the other one is a folder with a magnifying glass and when i click it it it just opens to some random files.

Ok can you do "CTRL+ALT+DEL" and go to Processes tab and click on "Image Name" to put the stuff in order and then find "explorer.exe"? It's supposed to be there... Once you have found it, can you click on it and then "End task" and then see what happens? And then in that same Task Manager, go to File, New Task (Run...), and type:
explorer.exe
and press Enter... Nothing happens still?
If so, I may have to make you try another explorer I would have to create for you.

The 2nd explorer you're mentioning is Windows Explorer... Different... Your first one was good though.

mm.. theres no "Image Name" in my processes tab.
i dont know where to find it . xD

Image Name | User Name | CPU | Memory blah blah blah

You don't see that? Hohoho ok skip that part and find explorer.exe like that and continue the rest from there and report the results...

mm.. when i type in explorer.exe my documents pop up.
and am i supposed to be doing all this on safe mode or the regular windows ?
cuz im doing this on safe mode. xD
if i do it like on the regular screen my task manager doesnt come up .

Oh...
Ok get this:
http://www.combofix.org/download.php

Open, let it scan through safe mode with BEEP sound and once it's done, it's gonna create a log... Gotta be patient through the whole process...
Send me the whole long log... Let's see more details.

Try right-clicking on your desktop (wallpaper),

Arrange icons by --> Show Desktop Icons

ComboFix 09-10-16.02 - DooHan Kim 2009-10-16 16:31.1.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.949.82.1033.18.511.225 [GMT -5:00]
Running from: c:\documents and settings\DooHan Kim\Desktop\ComboFix.exe
AV: CA Anti-Virus *On-access scanning enabled* (Outdated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\01d00098f732f640c6a5c8d431515b46.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\049497fd8947e722ae04b02eab871c18.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\067a9fd1541da872bb757c3da6a33d92.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\0783fa07a21528ab730a1df23334399c.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\0999dc9d92e75202025b885f39592438.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\0ba4ed06c78b5997716890d067fe2f51.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\0bb985ae9fc3a38262b3fd4c5cb03a3e.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\0ccc70e9bd23465e9e97d9445314fa13.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\0d5b5b246d05342352b6c776e1cf5212.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\11e75649feaf8ef009c4ed99aafe8310.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\1ba01a94a454af76ad1d723478b7127d.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\1ec397e7e85d3c521dc4c849c4e3ea0f.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\1f840d5d0d14655c624d157818b7003d.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\24c8b24d8a5c9889dac59d968fa1b8d8.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\251f27bb0e06e757f562bc1dc84a615f.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\25e9c02c9d769d249732f66e042c290e.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\28358b19588cf08bbb5de8b51850fe3a.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\288a0b7430370eb282f72b7e015c3c9a.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\28e51fb50e37beadbd134e4ae50e8f63.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\2a066ba87c16f28ec9819e3285252403.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\2c5a2cabd3b78548df720c3ee90efb41.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\2c86ccbe1c6e19b40bb8de244b0ba1e7.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\2d0afc3654f0a438f23598fb84be758c.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\2dfb42d5ca2c7ccc627743d095dfbac9.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\2eacacaddf4a71fe74de2b3f14074ac6.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\354c633ff9bf6fb3ecfad0ad65113c47.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\366a8f1bc352313a1074df76fdbce056.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\393e4d90773d8bbc9b905d903b618bdf.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\397bc65516fb1e815aa106a3d14d5305.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\3c1498e5ef362e757dc43d17482960f3.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\3ca41046bcb79924498d631f343d4371.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\461b3a8e7cfacb0c812e36aed9447c6d.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\46ceb001bfdc384ffe00657d8c567973.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\46eb2cd25804a00a1f22c69c4020c7e5.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\47d1dba34092ceb5412ac6f70c51e606.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\485d27cb769c9983f17e3d9eb5d03c5c.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\4b377d6eea3966e34c9a3ac2c647e5e5.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\4e216d83dc7da9779966ea4d31e236dd.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\4e6865e0bf7cf90244ce414917cc6556.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\51303604fcc7ede3ff317e6daac0c19a.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\52b483be9d71439ea530fb17638e5382.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\56613b7bd5cb1c3e01ecaa7a811022a9.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\59a83ef1238e50bddcc7caeb618d1824.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\59d3e0ea0c210c7674fea90f5382090c.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\5af1fa38e21413b7b2f5c6371f706543.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\5c5edcfe25ff895bc5c6a8d734710c5c.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\5f45a68915125fa8ad11a60ebffe29ee.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\6166b09fdf1ac1eaa1ae57a6eb20c03b.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\63eb5d17d60101356a7bbfdaae9afa57.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\654f8818ae39026c29f34808452fb02f.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\69482b1568b01b43c70d0ace76055f7e.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\6ab204a5ef9f916fe93d527a421ffdda.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\741983fb8768fa4d118c8ca59f82bb83.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\7cef98e862160d452cf773da8f4e2064.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\7f1d8b588793a67a9e8271b309c497c8.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\82724e37ddf746e5c798c9541a83d990.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\877d5ef68d1b6d7922fd09e955289803.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\8abcdf24b4bfa351f3b767c4232c6d02.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\91a1315c3d05215b1504e5899d32b936.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\9a40bf533c72981026081869543bbde2.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\9a846edeab464b62f0f2a74c54059f0b.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\9c5178781b9775c8036205fa67727330.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\9f9c2aa3ed1b1b0f922524c5a5260d1c.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\a26ba057241a8c2ae219a8db7335f51c.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\a67e0c2d6a842bf89983192c7e42d7c7.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\a9583053db1a9b326763e99e2321c517.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\ad63fa05a8e976a9e0939831eb5ba308.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\b2c8a6ebad81932fcbe8461599d71865.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\b527594c48bbaad67924ced89a416e20.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\b86745632d1223fab788478c41828d9a.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\b88e5980318f9688b4348228079f4f04.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\c25b7660062dfaf312f7142d2126cf2e.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\c2a9bad2a6f3c5b8aba800c2646abbf0.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\c36f2f770b74dd9e49947e924f85eeea.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\c636b5bf68f8ea6811c91dd569143b63.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\c73959eceda75ddf82609033ed2756e9.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\ccbebc209ee7342ed2a62b6d6e996645.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\d0d1583aaf54f587014b422167bddd89.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\d41d8cd98f00b204e9800998ecf8427e.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\d7c0d1ef6446382c3f7bb71308ba122f.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\d8c72d47eaed4bf47aa5d4f291a7c350.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\d909bf9e40d3de9bfa779059a90ff834.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\dc973701a6a9f218f60e389f479684db.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\dcc3ea4461b925db5858951892b5fa12.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\df0ea822d926c8fa5e9401e70f2cea67.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\e09d50f5972f50e03ca6be41cf66e0b5.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\e261f32b2da3462f5a3f10d0e3cb11c7.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\e52ee3c662672a47bf85d717ebb4ae8e.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\e5c061252396f14b1dca59f288bf9c20.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\ebc4635e6aeb6c62f3801a378bdfaa4d.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\ecb246b7273dc7466b406d7b8b10c09e.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\f63720489499e58792f33295e3dfbf29.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\f9531b586c797615c6b11c5d9e8b7302.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\fd44d831ab115f692f560f8ea07c9868.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\fe5046d3ac6595d8f385d8a45126456e.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\fe6d388665fbc8cdfabaa8dc587839f7.bmp
c:\documents and settings\DooHan Kim\Local Settings\Temporary Internet Files\hgstarter_verinfo.dat
c:\documents and settings\DooHan Kim\Start Menu\Programs\Startup\Logitech . 제품 등록.lnk
c:\program files\AWS\WEATHE~1\MINIBU~1.DLL
c:\program files\Common Files\Companion Wizard
c:\program files\Common Files\companion wizard\compwiz.exe
c:\program files\Common Files\Companion Wizard\WapCHK.dll
c:\program files\Common Files\Companion Wizard\WapCHK{57D5F504-A70E-475F-A40F-82E2E2DD1A63}.dll
c:\program files\Common Files\Companion Wizard\WapCHK{AE2A07FD-C21E-486B-A26E-FF85FE745A0B}.dll
c:\program files\internet optimizer
c:\recycler\S-1-5-21-484763869-1935655697-1343024091-1003
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\fCOe
c:\temp\fCOe\tOasF.log
c:\temp\fse
c:\temp\fse\tmpZTF.log
c:\windows\system32\H7
c:\windows\system32\oTt06e
c:\windows\system32\wnsxs~1
c:\windows\ymbols~1

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NWCWORKSTATION
-------\Service_NWCWorkstation


((((((((((((((((((((((((( Files Created from 2009-09-16 to 2009-10-16 )))))))))))))))))))))))))))))))
.

2009-10-16 21:45 . 2009-10-16 21:45 -------- d-----w- c:\windows\LastGood
2009-10-14 00:38 . 2009-10-14 00:38 -------- d-----w- c:\program files\Trend Micro
2009-10-13 01:58 . 2009-10-13 01:58 -------- d-----w- c:\documents and settings\DooHan Kim\Application Data\Malwarebytes
2009-10-13 01:58 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-13 01:58 . 2009-10-13 01:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-13 01:58 . 2009-10-13 01:58 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-10-13 01:58 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-13 01:42 . 2009-10-13 01:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-05 02:13 . 2009-10-05 02:13 -------- d-----w- C:\2009-10-04
2009-10-02 02:11 . 2009-10-02 02:11 -------- d-----w- c:\windows\system32\DRVSTORE
2009-10-02 02:10 . 2009-10-02 02:10 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Logishrd
2009-10-02 02:10 . 2009-10-02 02:10 -------- d-----w- c:\windows\CAVTemp
2009-10-02 02:10 . 2009-10-02 02:10 -------- d-----w- c:\program files\MSXML 4.0
2009-09-28 20:38 . 2008-07-26 15:26 465432 ----a-r- c:\windows\system32\LVUI2RC.dll
2009-09-28 20:38 . 2008-07-26 15:26 41752 ----a-r- c:\windows\system32\drivers\LVUSBSta.sys
2009-09-28 20:38 . 2008-07-26 15:26 490008 ----a-r- c:\windows\system32\LVUI2.dll
2009-09-28 20:38 . 2008-07-26 15:23 195096 ----a-r- c:\windows\system32\lvci11801048.dll
2009-09-28 20:38 . 2008-07-26 15:23 416280 ----a-r- c:\windows\system32\lvcodec2.dll
2009-09-28 20:37 . 2008-07-26 15:22 2570520 ----a-r- c:\windows\system32\drivers\LV302V32.SYS
2009-09-28 20:37 . 2004-08-04 05:56 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-09-28 20:37 . 2004-08-04 05:56 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-09-28 20:35 . 2009-09-28 20:35 -------- d-----w- c:\documents and settings\DooHan Kim\Application Data\Leadertech
2009-09-28 20:31 . 2009-10-02 02:08 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-09-28 20:31 . 2009-09-28 20:31 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Logitech
2009-09-28 20:31 . 2009-09-28 20:31 -------- d-----w- c:\program files\Logitech
2009-09-28 00:57 . 2009-09-28 00:58 -------- d-----w- c:\documents and settings\DooHan Kim\Application Data\ooVoo Details
2009-09-28 00:56 . 2009-10-02 02:09 -------- d-----w- c:\program files\ooVoo
2009-09-19 06:11 . 2009-10-16 21:37 -------- d-----w- c:\documents and settings\DooHan Kim\Application Data\CallingID
2009-09-19 05:52 . 2009-09-19 06:05 -------- d-----w- c:\program files\Common Files\Scanner
2009-09-19 05:50 . 2008-08-22 23:33 111856 ----a-w- c:\windows\system32\wbem\canvprov.dll
2009-09-19 05:50 . 2009-09-19 05:52 -------- d-----w- c:\program files\CA
2009-09-19 05:48 . 2009-09-19 06:04 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\CA
2009-09-19 05:41 . 2009-10-02 03:02 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\gwr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-02 02:10 . 2008-01-07 23:50 -------- d-----w- c:\program files\fwceqxbt
2009-10-02 02:10 . 2007-11-17 15:19 -------- d-----w- c:\program files\Nzwlnrip
2009-10-02 02:10 . 2007-11-17 15:18 -------- d-----w- c:\program files\raxurcvs
2009-10-02 02:10 . 2007-09-06 22:21 -------- d-----w- c:\program files\Common Files\wqim
2009-09-28 00:55 . 2004-12-30 14:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-05 09:11 . 2004-08-12 13:23 204800 ----a-w- c:\windows\system32\mswebdvd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
"ALPass"="c:\program files\ESTsoft\ALPass\ALPass.exe" [2008-11-12 2335416]
"oovoo.exe"="c:\program files\ooVoo\oovoo.exe" [2009-09-03 17385144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-12 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-12 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-12 455168]
"SigmaTel StacMon"="c:\program files\SigmaTel\SigmaTel AC97 오디오 드라이버\stacmon.exe" [2004-04-29 90169]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-05-28 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"cctray"="c:\program files\CA\CA Internet Security Suite\casc.exe" [2009-09-19 374000]
"cafw"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2009-09-19 1512688]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2009-09-19 636144]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2009-09-19 337136]
"CAPPActiveProtection"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe" [2009-09-19 333040]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-12 15360]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll" [2009-06-23 1422776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-01-12 12:55 110592 ----a-w- c:\windows\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-06-06 21:46 79368 ----a-w- c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\UmxSbxExw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ooVoo\\ooVoo.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:ooVoo TCP 포트 443
"443:UDP"= 443:UDP:ooVoo UDP 포트 443
"37674:TCP"= 37674:TCP:ooVoo TCP 포트 37674
"37674:UDP"= 37674:UDP:ooVoo UDP 포트 37674
"37675:UDP"= 37675:UDP:ooVoo UDP 포트 37675

S0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2009-06-25 오후 2:10 108024]
S1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2009-06-25 오후 2:10 73720]
S1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2009-06-25 오후 2:10 55288]
S1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2009-06-25 오후 2:10 115704]
S2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [2009-09-19 오전 12:50 128240]
S2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2009-06-25 오후 2:10 145912]
S2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-07-30 오후 1:38 58872]
S2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2009-06-25 오후 2:10 875000]
S2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2009-06-25 오후 2:10 760664]
S2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2009-06-25 오후 2:10 207352]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-12-18 오후 10:23 24652]
S3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.sys [2008-12-17 오전 11:59 34744]
S3 JRSUKD24;JRSUKD24;c:\windows\system32\JRSUKD24.sys [2008-12-17 오전 11:59 6784]
S3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2009-06-25 오후 2:10 205304]
S3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2009-09-19 오전 12:52 222448]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.naver.com/
mStart Page = hxxp://www.naver.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: 네이버 검색 - c:\program files\naver\NaverToolbar\NaverTB_3_1_1_107.dll /SEARCH.HTML
IE: 네이버 북마크하기 - c:\program files\naver\NaverToolbar\NaverTB_3_1_1_107.dll /BOOKMARK.HTML
IE: 네이버 블로그 담기 - c:\program files\naver\NaverToolbar\NaverTB_3_1_1_107.dll /BLOG.HTML
IE: 네이버 사전 검색 - c:\program files\naver\NaverToolbar\NaverTB_3_1_1_107.dll /DIC.HTML
IE: 네이버 일한 번역 - c:\program files\naver\NaverToolbar\NaverTB_3_1_1_107.dll /JKTRANS.HTML
IE: 알툴바 빠른검색(&Q) - c:\program files\ESTsoft\ALToolbar\ALToolBand_1300.dll/23/SEARCH.HTML
IE: {{572E3910-4764-4E88-8929-176B2B192FF7} - c:\program files\ESTsoft\ALPass\ALPass.exe
FF - ProfilePath - c:\documents and settings\DooHan Kim\Application Data\Mozilla\Firefox\Profiles\d6z58l8b.default\
FF - component: c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\components\CallingIDLinkAdvisorGecko.dll
FF - component: c:\program files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox\components\CIDDomFx3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPGomtvx_nie.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
Notify-AtiExtEvent - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-16 16:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(384)
c:\windows\system32\UmxWnp.Dll
c:\windows\system32\LgNotify.dll

- - - - - - - > 'explorer.exe'(1324)
c:\windows\system32\WININET.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ZCfgSvc.exe
.
**************************************************************************
.
Completion time: 2009-10-16 16:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-16 21:52

Pre-Run: 2,799,960,064 bytes free
Post-Run: 6,465,245,184 bytes free

292 --- E O F --- 2009-09-20 06:13

I don't think it's that simple since the person can't even open the task manager in regular windows mode haha... It takes a fully working taskbar already for that and the person doesn't have that functioning and it's related to explorer.exe... unless it says it needs permission to get to the task manager, then there's gotta be a modification in the registry...

= = = = = = Back to helping = = = = = =

Ok let's start the big steps:
Right-click on "My Computer", "Properties", "Advanced" tab, in "Startup and Recovery", press "Settings" button... Uncheck "Automatically restart" and in "Write debugging information", put the option to "None". Then "OK", "Apply", "OK".
Scan with hijackthis and see if this is there:
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
If yes, check it and then "Fix Checked"... Close your hijackthis and now...

I see a lot of dll linked to your explorer.exe, winlogon.exe, the whole shell commands and stuff... I dunno which one to accuse yet... So let's try a fresh copy of two of them (Explorer.exe and Winlogon.exe for Windows XP SP2).

First, let's unhide your extensions... it will make things easier for you (and safer against rookie/n00b virus named like example "photo.jpg" when in fact the real extension is a scary "photo.jpg.vbs")... So open your My Computer or My document or whatever like that hahaha... Then go to "Tools" and then "Folder Options" up there, "View" tab, uncheck "Hide extensions for known file types". "Apply" and "OK".

Download this and extract to your computer which has the problem...
http://www.fileupyours.com/view/262582/Desktop.zip
Go to safe mode and...
Create a backup folder on your desktop... Go to C:\Windows\ folder and find winlogon.exe... copy that one and paste it in your backup folder. Take the WINLOGON.EXE from the one I gave you and paste in that C:\Windows, overwriting it.
Then, put my EXPLORER2.EXE in C:\Windows as well.

After that, open regedit.exe in your C:\Windows... Browse through:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
See "Shell" on the right? Right-click it and then "modify". In Value Data, put:
EXPLORER2.EXE
and then OK.
Restart in normal mode now to see if things are still the same.
If it's still the same, it will be time to back up more things...

gahhh sorry. it didnt work.

Hmmm... I just got another thought... Maybe we should re-scan but not in safe mode since there will be things that are going to be "activated" in normal mode and then added in the logs.
But you said you can't use the Task Manager in normal mode... When you try to use it in normal mode, does it give you an error or simply nothing happens?

nothing happens. xD when i do ctrl alt and delete like the lock computer, log off, shut down , and task manager thing pops up but when i click task manager nothing pops up. xD
and when i go on safe mode now i dont get a desktop or anything. is that supposed to happen ?

Ok well put your original winlogon.exe back to C:\Windows\ overwriting the one I gave you and then go to regedit again where you changed the shell, now put the value back to explorer.exe
And then your desktop in safe mode should be back...
But then open malwarebytes and go to "log" tab and open the most latest log (the one at the most bottom) and copy all and send here... I'd like to know what were the infections that were taken away.

I had two so im gonna post both. xD

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 2 (Safe Mode)

2009-10-12 오후 9:55:10
mbam-log-2009-10-12 (21-55-10).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 196404
Time elapsed: 54 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 59
Files Infected: 116

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{051c9a06-fb08-486f-b09b-8b33b261637d} (Rogue.AntiVirus1) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{29256442-2c14-48ca-b756-3ee0f8bdc774} (Rogue.AntiVirus1) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{512e801e-2f02-4ade-acaa-58f08a22b2f8} (Rogue.AntiVirus1) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a5dbd8cb-df8a-4992-a655-b155216f6afb} (Rogue.AntiVirus1) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a5dbd8cb-df8a-4992-a655-b155216f6afb} (Rogue.AntiVirus1) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\37465982736455 (Rogue.GreenAV) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\03874569874596 (Rogue.GreenAV) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Rabio (Adware.Rabio) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Rabio\Search Enhancer (Adware.Rabio) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\WinAntiSpyware 2007 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\WinAntiVirus Pro 2006 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\WinAntiVirus Pro 2007 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\180searchassistant (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\E404 Helper (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\EasySpywareCleaner (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Program Files\EasySpywareCleaner\Quarantine (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Insider (Adware.DnsInsider) -> Quarantined and deleted successfully.
C:\Program Files\ISM (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\ISM2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\QdrPack (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\SecCenter (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Spy-Rid (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Program Files\Spy-Rid\Infected (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Ultimate Cleaner (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\WinAble (Trojan.Adloader) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2007 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\988d65d135e743b712b50088 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\988d65d135e743b712b50088\9b2bc46a64df4fdc5a5103ae (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\988d65d135e743b712b50088\9b2bc46a64df4fdc5a5103ae\1a613f3201e04ee23e028097 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\988d65d135e743b712b50088\9b2bc46a64df4fdc5a5103ae\73ca40d61dec42905f69efaf (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\988d65d135e743b712b50088\9b2bc46a64df4fdc5a5103ae\a7883af4c0b34498d7f11191 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\988d65d135e743b712b50088\9b2bc46a64df4fdc5a5103ae\e8b3b053a4f944e66973f584 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\988d65d135e743b712b50088\f976e3d052d540ac4e6d2cb9 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\988d65d135e743b712b50088\f976e3d052d540ac4e6d2cb9\393786bfd8b9486b12b622b1 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\988d65d135e743b712b50088\f976e3d052d540ac4e6d2cb9\c196775ec5be444ff8dac1b6 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\988d65d135e743b712b50088\f976e3d052d540ac4e6d2cb9\fb7e72a40b104e2a173d3cb8 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Words (Trojan.Rond) -> Quarantined and deleted successfully.
C:\UGA6P (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\UGA6P\Quar (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\capcom (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cfig322 (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drvr2 (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f02WtR (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\PerfInfo (Rogue.WinPerformance) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users.WINDOWS\Application Data\gwr\WStech.dll (Rogue.AntiVirus1) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\wqim\wqima.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\wqim\wqimp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{442FD088-4189-4FD9-968E-16CC4CB1E6D7}\RP468\A0095355.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{442FD088-4189-4FD9-968E-16CC4CB1E6D7}\RP470\A0096364.dll (Adware.WebBuying) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{442FD088-4189-4FD9-968E-16CC4CB1E6D7}\RP470\A0097494.exe (Adware.CommAd) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{442FD088-4189-4FD9-968E-16CC4CB1E6D7}\RP474\A0119279.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{442FD088-4189-4FD9-968E-16CC4CB1E6D7}\RP474\A0122288.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{442FD088-4189-4FD9-968E-16CC4CB1E6D7}\RP474\A0126344.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{442FD088-4189-4FD9-968E-16CC4CB1E6D7}\RP476\A0152633.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{442FD088-4189-4FD9-968E-16CC4CB1E6D7}\RP476\A0155635.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{442FD088-4189-4FD9-968E-16CC4CB1E6D7}\RP476\A0157633.exe (Adware.MaxiFiles) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{442FD088-4189-4FD9-968E-16CC4CB1E6D7}\RP476\A0159650.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{442FD088-4189-4FD9-968E-16CC4CB1E6D7}\RP476\A0159662.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{442FD088-4189-4FD9-968E-16CC4CB1E6D7}\RP476\A0159689.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{442FD088-4189-4FD9-968E-16CC4CB1E6D7}\RP476\A0160697.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{442FD088-4189-4FD9-968E-16CC4CB1E6D7}\RP476\A0161689.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{442FD088-4189-4FD9-968E-16CC4CB1E6D7}\RP476\A0162671.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{442FD088-4189-4FD9-968E-16CC4CB1E6D7}\RP476\A0163689.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{442FD088-4189-4FD9-968E-16CC4CB1E6D7}\RP477\A0168777.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{442FD088-4189-4FD9-968E-16CC4CB1E6D7}\RP478\A0172769.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{442FD088-4189-4FD9-968E-16CC4CB1E6D7}\RP480\A0176822.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{442FD088-4189-4FD9-968E-16CC4CB1E6D7}\RP480\A0176838.dll (Rogue.UltimateCleaner) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F2700AB8-F1CD-4674-844D-66C7BC6B3B06}\RP170\A0052041.exe (Adware.CommAd) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F2700AB8-F1CD-4674-844D-66C7BC6B3B06}\RP170\A0052052.exe (Adware.CommAd) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F2700AB8-F1CD-4674-844D-66C7BC6B3B06}\RP170\A0052060.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F2700AB8-F1CD-4674-844D-66C7BC6B3B06}\RP170\A0052061.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\Abbr (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ActivationCode (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ProductCode (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\WinAntiSpyware 2007\err.log (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\WinAntiVirus Pro 2006\WapCHK.dll (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\WinAntiVirus Pro 2007\err.log (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\180searchassistant\salmau.dat (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\180searchassistant\salm_kyf.dat (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\E404 Helper\e404.v5.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\EasySpywareCleaner\defs.pkg (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Program Files\EasySpywareCleaner\EasySpywareCleaner.exe (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Program Files\EasySpywareCleaner\EasySpywareCleaner.exe.local (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Program Files\EasySpywareCleaner\EasySpywareCleaner.exe.log (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Program Files\EasySpywareCleaner\Kernel.dll (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Program Files\EasySpywareCleaner\msvcp71.dll (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Program Files\EasySpywareCleaner\msvcr71.dll (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Program Files\EasySpywareCleaner\Resources.dll (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Program Files\EasySpywareCleaner\Uninstall.exe (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Program Files\EasySpywareCleaner\WndLayer.dll (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Program Files\Insider\Insider.exe (Adware.DnsInsider) -> Quarantined and deleted successfully.
C:\Program Files\Insider\UnInstall.exe (Adware.DnsInsider) -> Quarantined and deleted successfully.
C:\Program Files\ISM\BndDrive2.dll (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\ISM\BndDrive5.dll (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\ISM\dictionary.gz (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\ISM\ism.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\ISM\ISMModule4.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\ISM\targets.gz (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\ISM\Uninstall.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\ISM2\dictionary.gz (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\ISM2\ISMPack6.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\ISM2\ISMPack7.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\ISM2\ISMPack8.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\ISM2\targets.gz (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\MalwareAlarm.lic (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\MalwareAlarm0.ma (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\MalwareAlarm1.ma (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\Uninstall.exe (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_bfeats.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\QdrPack\dicts.gz (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\QdrPack\QdrPack10.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\QdrPack\QdrPack9.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\QdrPack\trgts.gz (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\QdrPack\zhydupd.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\988d65d135e743b712b50088\9b2bc46a64df4fdc5a5103ae\1a613f3201e04ee23e028097\#data (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\988d65d135e743b712b50088\9b2bc46a64df4fdc5a5103ae\1a613f3201e04ee23e028097\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\988d65d135e743b712b50088\9b2bc46a64df4fdc5a5103ae\1a613f3201e04ee23e028097\#name (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\988d65d135e743b712b50088\9b2bc46a64df4fdc5a5103ae\73ca40d61dec42905f69efaf\#data (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\988d65d135e743b712b50088\9b2bc46a64df4fdc5a5103ae\73ca40d61dec42905f69efaf\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\988d65d135e743b712b50088\9b2bc46a64df4fdc5a5103ae\73ca40d61dec42905f69efaf\#name (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\988d65d135e743b712b50088\9b2bc46a64df4fdc5a5103ae\a7883af4c0b34498d7f11191\#data (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\988d65d135e743b712b50088\9b2bc46a64df4fdc5a5103ae\a7883af4c0b34498d7f11191\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\988d65d135e743b712b50088\9b2bc46a64df4fdc5a5103ae\a7883af4c0b34498d7f11191\#name (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\988d65d135e743b712b50088\9b2bc46a64df4fdc5a5103ae\e8b3b053a4f944e66973f584\#data (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\988d65d135e743b712b50088\9b2bc46a64df4fdc5a5103ae\e8b3b053a4f944e66973f584\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\988d65d135e743b712b50088\9b2bc46a64df4fdc5a5103ae\e8b3b053a4f944e66973f584\#name (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\988d65d135e743b712b50088\f976e3d052d540ac4e6d2cb9\393786bfd8b9486b12b622b1\#data (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\988d65d135e743b712b50088\f976e3d052d540ac4e6d2cb9\393786bfd8b9486b12b622b1\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\988d65d135e743b712b50088\f976e3d052d540ac4e6d2cb9\393786bfd8b9486b12b622b1\#name (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\988d65d135e743b712b50088\f976e3d052d540ac4e6d2cb9\c196775ec5be444ff8dac1b6\#data (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\988d65d135e743b712b50088\f976e3d052d540ac4e6d2cb9\c196775ec5be444ff8dac1b6\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\988d65d135e743b712b50088\f976e3d052d540ac4e6d2cb9\c196775ec5be444ff8dac1b6\#name (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\988d65d135e743b712b50088\f976e3d052d540ac4e6d2cb9\fb7e72a40b104e2a173d3cb8\#data (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\988d65d135e743b712b50088\f976e3d052d540ac4e6d2cb9\fb7e72a40b104e2a173d3cb8\#internal (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\988d65d135e743b712b50088\f976e3d052d540ac4e6d2cb9\fb7e72a40b104e2a173d3cb8\#name (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Words\list.txt (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\Words\script.txt (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Program Files\Words\Words.exe (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\qxydensj.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Program Files\ucleaner_setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\.protected (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun6.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun10.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun9.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 2 (Safe Mode)

2009-10-12 오후 11:02:08
mbam-log-2009-10-12 (23-02-08).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 107379
Time elapsed: 56 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{F2700AB8-F1CD-4674-844D-66C7BC6B3B06}\RP179\A0060661.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F2700AB8-F1CD-4674-844D-66C7BC6B3B06}\RP179\A0060662.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 2 (Safe Mode)

2009-10-12 오후 11:02:08
mbam-log-2009-10-12 (23-02-08).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 107379
Time elapsed: 56 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{F2700AB8-F1CD-4674-844D-66C7BC6B3B06}\RP179\A0060661.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F2700AB8-F1CD-4674-844D-66C7BC6B3B06}\RP179\A0060662.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Holy cow that is a lot of infections... I'll have further look at them later... That log may come handy.

A lot of virus parts seem located in your system restore... better have it turned off to clean that up...
I don't know exactly yet where the conflict or damage is... I don't wanna take out some dll yet.

I don't know where to continue anymore... haha... It's really sad I can't get to see the HJT log from normal mode since your task manager doesn't work there...
But try refreshing things up with processes by going to (in safe mode):
My Computer, then Tools, then Folder Options, then View tab, then check "Launch folder windows in a separate process" and APPLY and OK. Then restart and boot in normal mode... Nothing happens still? Go back to safe mode and this time, uncheck the "Launch folder windows in a separate process" and Apply and OK... It should refresh some bugs when starting windows (if there's any)... And restart to normal mode... Still not working?

Can you try to create another windows account with administrator power and then log in there in normal mode to see if things still happen?
Sorry if I have tons of questions/hypothesis haha...

okayy so now it workss !! thank youuu !! ^^ but.. when i click firefox it wont open and same as internet explorer.
so now im on safe mode again and it works here but not on my normal one. how can i fix this ?
thank you so so so so muchh !

Hmm I'd like to know... only Firefox and Internet Explorer won't open? Hohoho!
I suppose the task manager still doesn't work? ... Hmmm...

Can you (in safe mode or normal) look in regedit again?
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon

Can you tell me if the following values are exactly the same as yours?

Shell: explorer.exe
Userinit: C:\Windows\system32\userinit.exe,
VmApplet: rundll32 shell32,Control_RunDLL "sysdm.cpl"

This is to make sure first if the root is really fine...

yeah its the same
on the normal the task manager works
just firefox and internet explorer wont open. xD

ooOOOOoh nice!
So then the problem is probably just firefox and explorer browsers having some conflict as you try to start them up... it might be because of some damaged components linked to them...
So let's see if this is the case... Let's look at Internet Explorer first... We're gonna open it without loading the extensions/plug-ins/toolbars/etc.
Can you copy the following:
iexplore.exe -extoff
and then press Win+R (or go to start and run in traditional way) and paste it there and press enter?
It should open Internet Explorer without the junks... Does it open?
If it does, we gotta say goodbye to your toolbars/BHO/maybe even add-ons... maybe... let's hope not... Haha.

i did it on safe mode. is that okay ? xD
internet explorer opened for me and said "internet explorer is currently running without add ons."

Noooo do it in normal mode! Hahaha! It's different!
Tell me if it works in normal mode...

oOoOo xD sorry !
well i tried it in normal mode and nothing popped up.

What if you open My Computer or My Document and then you type in like www.google.com and press Enter... Does it work as it changes into IE internet browser?
(Always in normal mode from now on haha)

mm.. well i click on a link from a aim profile and my firefox finally popped up. but when i tried to open my documents or my computer it wouldnt pop up. "/

Firefox finally works...? Wow...

As for Internet Explorer - Folders issue, let's do something... something that if it still doesn't work, it's still gonna be a good step to re-install another Internet Explorer haha... But gotta say good bye to your toolbars if that's the case... So let's hope not... Let's start!

Open hijackthis and scan and check:
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: ALPassHelper Class - {00533B73-E574-46E9-B06A-FDF4592E67CB} - C:\Program Files\ESTsoft\ALPass\ApsHelper19.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll

Fix checked!

and then open regedit (I hope you still remember how... hehe)
And browse to:
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
Take this one out with right click and delete... (I enlarge the size of what you should see):
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll"

Close and restart and try now if Internet Explorer opens... If not, time for clean up and re-install Internet Explorer... d'oh!

sorry for the late reply ! xD
but yeahh i tried and it still doesn't work.
and is it normal if (My Computer) doesnt pop up
if i click it ? like alot of things dont pop up when i click it "/

Hmmm... I'm getting busier/lazier nowadays but I still check around... Can you try to uninstall your Internet Explorer v7 and then re-install it? If you can't uninstall it, just re-install it over your current one (overwriting)... Get the Internet Explorer v7 here:
http://www.soft32.com/download_997.html
After you're done installing, restart your computer...
After you're done restarting, copy this:
sfc /scannow
And press Win+R (or go to start and then run)
Paste that line and press enter. Let it do its job (may take a while).
It should re-organize some few things after the re-installation of an Internet Explorer copy.
Restart again...

Let's see if the problem could be from that.
It is because My Computer, My Document, Windows Explorer and any folders are basically related with Internet Explorer.

I hope it works!

it still didnt work.. "/
i think something is blocking from popping up.
and i would uninstall some things but my control panel wont pop up.

You tried to install it from safe mode with networking? (That's what you're supposed to do).
You said IE would work in safe mode right? Then you should be able to get in control panel from there and uninstall and re-install IE again (make sure you have the IE setup on your desktop so that you don't have to browse around too far after the uninstall).
"Safe mode with networking" so that you could go on internet to download the IE unless you have an USB key to transfer.
If you have USB key to transfer the IE setup, do that in safe mode still (including the installation).

Yeah it's either a conflict from some .dll or something causing those things to not open in normal mode OR some stuff being corrupted. That method helps me to find out if it's really corrupted or just some conflicts.

Don't forget the sfc /scannow steps... (this one, can be done in normal mode)