Posts by kylethedarkn

Please begin by doing the following:

Download the (free) HijackThis utility:

Once downloaded, follow these instructions to install and run the program:

Create a folder for HJT outside of any Temp/Temporary folders and move the HijackThis.exe file to that folder now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...".
Save the log in the folder you created for HijackThis; the saved file will be named "hijackthis.log". Open the log file with Windows Notepad, and cut-n-paste the entire contents of the Notepad file here.

So does this file exist or not.
C:\Documents and settings\owner\core\ppinfo.dat

If it does reboot to safe mode by tapping F8 during start up and delete it.
That should solve the problem.

Ok for some reason Ewido Ignored deleting the folowing file. Plz delete in safe mode.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll

Also explorer.exe is what the task bar at the bottom of the screen runs ons. The desktop also runs off it so i recommend openning HJT then ending explorer.exe. Then start explorer.exe back up using task manager and then posting the contents of the log here.

Ping.exe is a valid process but jvaw~1.exe is not so lets get started.

First run HJT and check the following.
O4 - HKCU\..\Run: [Dzqn] C:\Documents and Settings\Family\My Documents\??stem\?ttrib.exe
O20 - AppInit_DLLs: arpa.dll mmc.dll rundll.dll C:\WINDOWS\system32\arpa.dll
Close all other windows and click fix checked.

Reboot to safe mode by tapping the F8 key during startup.
Delete the following files and folders.
C:\Documents and Settings\Family\My Documents\??stem\?ttrib.exe
C:\Documents and Settings\Family\My Documents\??stem
C:\WINDOWS\system32\arpa.dll
C:\WINDOWS\SYSTEM32\JVAW~1.EXE
Reboot Normally and reply with any problems that still exist. Also post a new HJT log.

Plz Rescan while in regular mode. Then the HJT log will list the malicious processes.

Also try the Ewido Scanner which you can download here.
Run Ewido in safe mode then switch to regular mode and run HJT.

• Install ewido security suite
• When installing, under "Additional Options" uncheck..
  • Install background guard
  • Install scan via context menu
• Launch ewido, there should be an icon on your desktop, double-click it.
• The program will now open to the main screen.
• When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
• You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click Update.
  • Then click on Start Update.
• The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display "Update successful"
• Click on Scanner
• Click on Complete System Scan and the scan will begin.
• You will be prompted to clean the first infection.
• Select "Perform action on all infections", then proceed.
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report.
• Save the report .txt file to your desktop or a location where you can find it easily.

Post the Ewido log with the new HJT log.

Plz download HJT from here.

After you download the zip extract the contents to a permanent folder such as C:\HJT or something similar.

Run the program and scan your computer. It will come up with alot of entries.(don't fix anything yet) There should be a save log option. It will save a log of the scan.

Post the HJT log in your next reply.

Just use norton to block the following site.
http://www.google.com/imghp?hl=en&tab=wi&q=
Its Google Images which is were i assume you can get the jpegs.
It wont block google just the image part.

First run HJT and check the following.
O2 - BHO: DPCUpdater Object - {61C07AF3-01A3-4B85-ADB2-4EFD04E1286C} - C:\WINDOWS\system32\pmkhi.dll
O8 - Extra context menu item: Download All by FlashGet - C:\Archivos de programa\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Archivos de programa\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\flashget.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1122221044701
O20 - Winlogon Notify: pmkhi - C:\WINDOWS\system32\pmkhi.dll
Close all other windows and click fix checked.

Now reboot to safe mode by holding F8 during start up.
Delete the following files and folders if present.
C:\WINDOWS\system32\pmkhi.dll
C:\Archivos de programa\FlashGet
After doing this post a new HJT log and tell what problems you still have.

Plz download HiJackThis from here.

After you download the zip extract the contents to a permanent folder such as C:\HJT or something similar.

Post the HJT log in your next reply.

I seemed to have picked up an annoying bit of malware.
There are only two problems. One is that random sound clips(i think from my temp folder) will play and i get pop ups that ask me if i want to go to 1click2go.com. Heres my HJT log. I would check it myself but it is late and i have a busy day tommorow. Any help would be appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 11:30:54 PM, on 6/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\aim\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - …

Nevermind then with that HJT log.

I'm pretty sure that just means that the file had something attached to it thats extra but the computer can't support it. But just in case download HJT and run it. Post the log back here. (don't fix anything yet)

If that doesn't work try this.
Click here to download Look2Me-Destroyer.exe and save it to your desktop.

• Close all windows before continuing.
• Double-click Look2Me-Destroyer.exe to run it.
• Put a check next to Run this program as a task.
• You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
• When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
• Once it's done scanning, click the Remove L2M button.
• You will receive a Done Scanning message, click OK.
• When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
• Your computer will then shutdown.
• Turn your computer back on.
• Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.

If Look2Me-Destroyer does not reopen automatically, reboot and try again.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX and place it in your C:\Windows\System32 Directory.

Plz download HJT from here.
Extract the content to a permanent folder such as C:\HJT or something similar. Run the program. Choose the option to scan your computer. When it finishes there should be an option that says save log. This will save the log and open up a notepad file. Copy and paste the contents in your next post.

Well to start things out download Ewido's Security Suite from here.

1. Install ewido anti-malware
2. When installing, under "Additional Options" uncheck..
   • Install background guard
   • Install scan via context menu
3. Launch ewido, there should be an icon on your desktop, double-click it.
4. The program will now open to the main screen.
5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
6. You will need to update ewido to the latest definition files.
   • On the left hand side of the main screen click update.
   • Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed.
   (the status bar at the bottom will display ("Update successful" )

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:

• Open up Ewido
• Click on scanner
• Click on Complete System Scan and the scan will begin.
• You will be prompted to clean the first infection.
• Select "Perform action on all infections", then proceed.
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report.
• Save the report .txt file to your desktop or a location where you can find it easily.
• Close ewido anti-malware.

Reboot.

After reboot …

Wow you have a lot of trojans.
First of all open HJT and check the following lines.
O4 - HKLM\..\Run: [msconfig38] mssvcc.exe
O4 - HKLM\..\Run: [secures23] lup.exe
O4 - HKLM\..\Run: [Windows ASN4 Services] xyjv.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrd.exe
O4 - HKLM\..\Run: [defender] C:\\dfndra.exe
O4 - HKLM\..\Run: [newname] C:\\nwnm.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\pwinsqez.exe GID003
O4 - HKLM\..\RunServices: [msconfig38] mssvcc.exe
O4 - HKLM\..\RunServices: [secures23] lup.exe
O4 - HKLM\..\RunServices: [Windows ASN4 Services] xyjv.exe
O4 - HKCU\..\Run: [winconf4] C:\WINDOWS\system32\ls4ss.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\pwinsqez.exe
O18 - Filter: text/html - {DA28E0DB-229C-4003-827E-96AE15AD90FB} - C:\WINDOWS\System32\x3cqp0.dll
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\enr8l19u1.dll

After you have checked them close all other windows and click fix checked.

Now we need to delete some files. Delete the following using My Computer.
C:\dfndra.exe
C:\\nwnm.exe
C:\\kybrd.exe
C:\WINDOWS\system32\ls4ss.exe
C:\WINDOWS\system32\pwinsqez.exe
C:\WINDOWS\System32\x3cqp0.dll
C:\WINDOWS\system32\enr8l19u1.dll
C:\WINDOWS\System32\xyjv.exe

Go to My Computer and use the search option to search for the following files.
mssvcc.exe
lup.exe
They are most likely in the C:\Windows folder. When you find them delete them.

Go to Jotti's and upload and scan this file.
C:\WINDOWS\system32\rundll32.exe
If Jotti's Detect anything bad in this program delete it.

After doing this post a new HJT log and tell me if you had any problems with the steps above. Also tell me if any of the symptoms are still there.

…

Lets scan for hidden processes called RootKits.
Use BlackLight to scan for these.
Download it to your desktop.
Run the program, accept statement > click next then scan
When its finished scanning exit the program and post back the log if it detects hidden files, The log is called 'fsbl-<date/time>.log' which will save to the same location as the blbeta.exe file.

Thats clean.
Hmm.. Im stumped
Maybe it's a computer issue
Try scanning for issues with Ccleaner.

You can mark this thread as solved if you want. Its at the top of the page.

Ok Lets try smitfraudfix.

download SmitfraudFix (by S!Ri) to your Desktop.
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Post that log.

No just use My Computer and navagate to the file.

It's still confusing to read so before you paste the log in your next reply hit enter before you paste it so...Not Here

Here

Thx for you patience it's just that if you don't paste it like that everything is jumbled up.

Ok.
Open HJT.
Go to Config
Click Misc Tools
Open HOSTS file manager
List the info from that(should say open in notepad. Then just copy and paste.)

This log appears to be clean. Are you still expiriencing any problems?

Ok a few things to do first open HJT and check the following.

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp

Close all other windows and click fix checked.

Now we have to delete the following file.
C:\WINDOWS\system32\hp100.tmp

After doing both steps reboot and post back with any problems you still have.

Don't know who was helping this person so I'll just get out of your way.

I'm stupid I forgot i was helping you in my busyness ill get back to you right away

It's ok helping people destroy malware is reward enough.

To do anything we need your HiJackThis log if you don't have this downloaded you can download it from here.

After you download the zip extract the contents to a permanent folder such as C:\HJT or something similar.

Post the HJT log in your next reply.

Are You sure you didn't accidentally give anyone your password.

Also try this scanner.

1. Install ewido anti-malware
2. When installing, under "Additional Options" uncheck..
   • Install background guard
   • Install scan via context menu
3. Launch ewido, there should be an icon on your desktop, double-click it.
4. The program will now open to the main screen.
5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
6. You will need to update ewido to the latest definition files.
   • On the left hand side of the main screen click update.
   • Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed.
   (the status bar at the bottom will display ("Update successful" )

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:

• Open up Ewido
• Click on scanner
• Click on Complete System Scan and the scan will begin.
• You will be prompted to clean the first infection.
• Select "Perform action on all infections", then proceed.
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report.
• Save the report .txt file to your desktop or a location where you can find it easily.
• Close ewido anti-malware.

…

Before Doing anything w/ HJT i would like you to download Ewido Security Suite from here.

1. Install ewido anti-malware
2. When installing, under "Additional Options" uncheck..
   • Install background guard
   • Install scan via context menu
3. Launch ewido, there should be an icon on your desktop, double-click it.
4. The program will now open to the main screen.
5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
6. You will need to update ewido to the latest definition files.
   • On the left hand side of the main screen click update.
   • Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed.
   (the status bar at the bottom will display ("Update successful" )

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:

• Open up Ewido
• Click on scanner
• Click on Complete System Scan and the scan will begin.
• You will be prompted to clean the first infection.
• Select "Perform action on all infections", then proceed.
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report.
• Save the report .txt file to your desktop or a location where you can find it easily.
• Close ewido anti-malware.

Plz post your log again but this time when the notepad file opens up go to edit--control all. Then go to Edit--copy. After that reply to this and go to the edit menu in your internet browser and click edit--paste.

If you can still use keyboard shortcuts then it will also work if you click on the text in the notepad log and the press ctrl+a then press ctrl+c. Then reply and click in this area you type in and press ctrl+v.

Is there such a thing as a device that converts a phone jack into an ethernet jack?

Try this scanner and see if it picks it up.

Plz Download Ewido from here

1. Install ewido anti-malware
2. When installing, under "Additional Options" uncheck..
   • Install background guard
   • Install scan via context menu
3. Launch ewido, there should be an icon on your desktop, double-click it.
4. The program will now open to the main screen.
5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
6. You will need to update ewido to the latest definition files.
   • On the left hand side of the main screen click update.
   • Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed.
   (the status bar at the bottom will display ("Update successful" )

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:

• Open up Ewido
• Click on scanner
• Click on Complete System Scan and the scan will begin.
• You will be prompted to clean the first infection.
• Select "Perform action on all infections", then proceed.
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report.
• Save the report .txt file to your desktop or a location where you can find it easily.
• Close ewido anti-malware.

Ok.

First I would like you to download ewido security suite from here.

1. Install ewido anti-malware
2. When installing, under "Additional Options" uncheck..
   • Install background guard
   • Install scan via context menu
3. Launch ewido, there should be an icon on your desktop, double-click it.
4. The program will now open to the main screen.
5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
6. You will need to update ewido to the latest definition files.
   • On the left hand side of the main screen click update.
   • Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed.
   (the status bar at the bottom will display ("Update successful" )

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:

• Open up Ewido
• Click on scanner
• Click on Complete System Scan and the scan will begin.
• You will be prompted to clean the first infection.
• Select "Perform action on all infections", then proceed.
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report.
• Save the report .txt file to your desktop or a location where you can find it easily.
• Close ewido anti-malware.

Reboot.

In the future just reply to the previous posts don't Start a new thread. Don't know who was helping this person so I'll just get out of your way.

Hello Skhuggs and welcome to the Viruses, spyware and other nasties forum. It does look like you computer has a bit of trouble, but first things first.

Go here and download HiJack This. Extract the contents to a permanent folder such as C:\HJT or something similar.

Post the HJT log in your next reply.

First of all having HJT in the actual Program Files folder Try putting it in a folder such as C:\Program Files\HJT. Or something similar.

Now I want you to download Ewido's Security Suite from here.

1. Install Ewido Anti-Malware
2. When installing, under "Additional Options" uncheck..
   • Install background guard
   • Install scan via context menu
3. Launch Ewido, there should be an icon on your desktop, double-click it.
4. The program will now open to the main screen.
5. You will need to update ewido to the latest definition files.
   • On the left hand side of the main screen click update.
   • Then click on Start Update.
6. The update will start and a progress bar will show the updates being installed.
   (the status bar at the bottom will display ("Update successful")

• Click on scanner
• Click on Complete System Scan and the scan will begin.
• You will be prompted to clean the first infection.
• Select "Perform action on all infections", then proceed.
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report.
• Save the report .txt file to your desktop or a location where you can find it easily.

Post that log and a new HJT log.

sorry my bad

Are the following things found infected or not because i want to know whether or not the use smitfraudfix to clean them.

SmitFraudFix v2.63

Scan done at 17:55:24.81, Tue 06/20/2006
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\Windows NT\\howyry.html"
"SubscribedURL"=""
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

I cant see anything wrong with this log except the following

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

Plz check this and click on fix checked.

I've look over my log but i cant seem to find any obvious sign of infestation. All my running processes appear to be clean and most everything else looks normal, but im still getting pop ups and random programs are download from IE(which sucks) and messing up the computer even more. Here's my HJT log see if you can tell wats wrong.

Logfile of HijackThis v1.99.1
Scan saved at 12:07:13 PM, on 6/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\aim\aim.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
…

Check the system32 folder and make sure the processes that I told you to delete are gone.

Go to here and download the removal tool for the W32 MyTob trojan.
After running that Reboot and post another log.

ill need a new log to see whether or not the steps worked

Are you sure you extracted the program before you ran
Also what problems do you have on your computer since you deleted those processes

is it possible to select this folder w/ pocket killbox
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5

Have you already run ewido since you posted this log. If you haven't run it and post a log.
Also if global.acer.com isnt the home page you want check these two things in HJT
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/

Now go to Jotti's Iwant you to scan the following files.
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Documents and Settings\All Users\Application Data\drv frag comp new\BoldCake.exe
C:\DOCUME~1\Bheki\APPLIC~1\ATOMDE~1\32third.exe

When you finish all that post the results of the scans and the ewido log

Your right. Kernel32.dll is clean
My mistake I confused it with Kernel32.exe which is a key process to the Floodnet Virus.
BTW--are you still having any problems

True

Post back as soon as you can w/ those logs

I want you to try one more scanner first
Plz Download Ewido from here

1. Install ewido anti-malware
2. When installing, under "Additional Options" uncheck..
   • Install background guard
   • Install scan via context menu
3. Launch ewido, there should be an icon on your desktop, double-click it.
4. The program will now open to the main screen.
5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
6. You will need to update ewido to the latest definition files.
   • On the left hand side of the main screen click update.
   • Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed.
   (the status bar at the bottom will display ("Update successful" )

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:

• Open up Ewido
• Click on scanner
• Click on Complete System Scan and the scan will begin.
• You will be prompted to clean the first infection.
• Select "Perform action on all infections", then proceed.
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report.
• Save the report .txt file to your desktop or a location where you can find it easily.
• Close ewido anti-malware.

…