Posts by kylethedarkn

Well you should no that Norton products are among the worst out there and have been known to cause problems such as slowing down the computer and blocking random websites. If I were you I would Download the Norton removal tool from here and then get a better Anti-Virus program such as Macafee or AVG.(Links to them in sticky) As for the combination of the programs, since your AV program already has a firewall turn off Ewido's Resident shield. I would shedule Ewido and Spysweeper to switch off scanning. So it would be Ewido one day then Spysweeper the next day. Set them to run at like 5:00 in the morning so that they run when nothing is going on. That should make your computer run a whole lot faster.

The Ewido You have is the latest version and has not had all the bugs worked out of it. The resident sheild problem and the registry cleaner problem are probably caused by something in the programing with ewido. Just make sure to keep updating Ewido and everything should work itself out soon.

That log's clean so lets look at some other possibilities. You said it happened when you downloaded and update. Try uninstalling the scanner and then trying to navagate the web. Is it faster? If that doesn't work what is your memory and have you installed many new programs that would cause this to happen?

For some reason both logs are about 7 lines long and go -----> instead of
down. You could just copy and paste the logs into this box where you type replies.

That log looks clean if your not having any problems you can mark this thread as solved.(Link at top of page)

To tell the truth your HJT log has more bad entries then good ones. Lets start by running HJT and checking the following.
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://out.true-counter.com/b/?101 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://start-search.com/sp.htm
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://out.true-counter.com/b/?101 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://out.true-counter.com/a/?101 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://out.true-counter.com/b/?101 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchenhancement.com/searchbar/iev1.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.searchenhancement.com/...=sesm&sstring=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search32.hitfarm.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.searchenhancement.com/...=sesm&sstring=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchenhancement.com/searchbar/iev1.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.searchenhancement.com/...=sesm&sstring=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.searchenhancement.com/...=sesm&sstring=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://out.true-counter.com/b/?101 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.searchenhancement.com/...=sesm&sstring=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://out.true-counter.com/b/?101 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.searchenhancement.com/...=sesm&sstring=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://start-search.com/sp.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.searchenhancement.com/...=sesm&sstring=
R3 - URLSearchHook: WebSearch Class - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - C:\PROGRAM FILES\SCBAR\V2\SCBAR.DLL
R3 - URLSearchHook: IncrediFindBHO Class - {0026AD90-C86F-4269-97F3-DAB4897C6D06} -
O2 - BHO: CHungryBHO Object - {BCF96FB4-5F1B-497B-AECC-910304A55011} - C:\WINDOWS\HH.DLL
O2 - BHO: WebBho Class - {00041A26-7033-432C-94C7-6371DE343822} - C:\PROGRAM …

Extract HJT from its zipped folder to a location like C:\HJT\
Nothing major but run HJT and check the following.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
Close all other windows and click fix checked.

I see you have Ewido but it is the old version. Here are the instructions for the new version.

Please download and install ewido anti-spyware tool

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• This in very important to get updates
• When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

• Next, please reboot your computer in Safe Mode by doing the following:
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear use arrow up to highlight
• Select the first option, to run Windows in Safe Mode hit enter.
• For additional help in booting into Safe Mode, see the following site: …

Nope still clean. Are you sure that the certain programs were not being erased by someone with access to the computer? It may also be a computer joke so check the program files folder on your compuer. I have never heard of a virus or malware that uninstalls random programs ecspecially ones like Microsoft Word which is why i think someone else may be doing it.

As you can see there are many unanswered posts and that is because we only have a few people trying to fix hundreds of peoples problems. Your HJT log is out of date now anyways so I'll need a new one.

C:\DOCUME~1\Lisa\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
You are running HJT out of a temporary folder. Move it to a permanent folder on your desktop or something like C:\HJT\

Now Please download and install ewido anti-spyware tool

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• This in very important to get updates
• When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

• Next, please reboot your computer in Safe Mode by doing the following:
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear use arrow up to highlight
• Select the first option, to run Windows in Safe Mode hit enter.
• For additional help in booting into Safe Mode, see the following site: HERE

  You MUST manage to get into Safe Mode for the fix to work.

Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan!

• Open Ewido
• Click on scanner top of Ewido sceen
• Click on Settings
• Under How …

Your Internet Browsing has been hi-jacked by newdotnet. To fix this run HJT and check the following.
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O10 - Hijacked Internet access by New.Net
Close all other windows and click fix checked.

Now open control panel and go to add/remove programs and look for the following and remove them.
NewDotNet, or New.Net, or something very similar.

Reboot to safe mode by tapping F8 during start up and selecting safe mode.

Using My Computer delete the following files and folders if they exist.
C:\PROGRAM FILES\NEWDOT~1\
~1 could be anything but is probably NET

Reboot back to normal mode and run HJT again save the new log and post it back here.
Still having problems?

Sorry I couldn't find your problem, but luckily you foun the zonealarm thing.

No problem, it was fun to solve your computer troubles and answer your questions.

Ewido does have an automatic update feature and most Firewalls and AV programs have them too. There is also windows updates, so I doubt that it is anything. We can check whats going on though. Run HJT and save a log when the computer is NOT humming. Then when the computer starts humming run HJT and save another log with a different name.(So that it doesn't overwirte the other one) Now look at the running processes in both logs. Find the one thats in one log and not in the other and post the name of it here.

Hopefully but it might be one of those things that just rebuilds itself, but hopefully it fixed it for good. If you restart your computer and your still not having problems I would say its fixed. If not then we have to find the file thats rebuilding the trojans.

Im pretty sure that the resident sheild is conflicting with your firewall so I would just leave the resident sheild off and use your regular firewall.

It may be a conflict with your firewall so I suggest just turning ewido's live protection off and using your original firewall.

I'm assuming that your not having anymore problems with your computer. If that is the case then you can mark this thread as solved.

Sorry I wasn't very clear I meant you should run ewido. Then after you ran ewido go to My computer and use the search button to look for the above files. Also unhide system files and folders like the above post says.

Actually I'm running out of ideas. I can't seem to find a reason that you cant access certain sites from one router but you can from another. The only reason I can think of is that the Modem/router is set to block those sites or something like that.

I'll talk to some of our mods and see if they have any ideas.

Unfortunetly Ewido is neither an AV program nor a firewall. It has similar features such as live scanning which scan proccesses that start up and if they are bad alerts you. When you scan with it it might find some viruses but that is not its main purpose.

Also I see a harmfull folder on your computer.

First go to Control Panel>>Add or Remove Programs then look for one of the following entries and remove it.
Mywebsearch, Myway, Myway Websearch bar, or something similar.

If its not there use My Computer delete the following folder.
C:\Program Files\MyWebSearch\

The log was clean and now mywebsearch is gone so your computer looks fine.

Maybe its some sort of capacity setting in firefox that IE doesn't have, because i've noticed that whenever i look at thread where a victim post a log HJT with a long Ewido log and another log such as smitfraudfix the page gets currupted.

I'm gonna look through "about:config" for any settings like that.

Edit>No nothing obvious in there but you never know<Edit

Trying to think of the differences between firefox and IE that would make that happen.

Edit-just checked javascript in firefox and it errors on the css.
Might be the problem

Could you post an up to date HJT log please.

Maybe its something to do with the HTML or PHP of the pages.

It's Baaaaaack!!!!
This post and several below it are pulled from a thread in the malware forum that blew up on kylethedarkn and DMR; we were both using Firefox.
- Dave

Unfortunetly this page is all white from a certain point down. I only found this link by checking the links of the buttons my mouse crossed over.

Check and fix the 017 entries that DMR mentioned and post if you are still having problems.

DMR do you know how to fix this whiteness.

Sorry for the delay but there are just so many people posting.
First open control panel and go to add\remove programs.
Look for any of the following and remove them.
My Way, My WebSearchbar, My Bar, or anything similar.
Now Run HJT and check the following.
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [Forchicsoapace] C:\Documents and Settings\All Users\Application Data\platformopenforchic\Spam regs.exe
O4 - HKCU\..\Run: [comp eggs] C:\DOCUME~1\Jessica\APPLIC~1\BALLAB~1\type mp3.exe
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.com/ImageUploader3.cab
Close all other windows and click fix checked.

I see you have Ewido but I'm not Sure that it is the most current version and configured right, so I'm giving you the instructions for the most up to date Ewido.

Please download and install ewido anti-spyware tool

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• This in very important to get updates
• When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into …

Run HJT and check the following.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.manutd.com/home/default.sps
Close all other windows and click fix checked.

You should be able to change you homepage after this

Thats ok are you still having problems.

Also do you know what the following are?

Level 3 Communications, Inc.

RIPE Network Coordination Centre

If you dont go to HJT and check all of the entries that have 017
behind them.
Close all other windows and click fix checked.

Run Ewido again and look for the following files.

• 1 :%CACHE%\CONTENT.IE5\????????\BGATES[1].EXE
• 2 :%WINDIR%\TEMP\WIN4D3~1.EXE
• 3 :%WINDIR%\TEMP\WIN4D3C.TMP.EXE
• 4 :%WINDIR%\TEMP\WIN4D3D.TMP.EXE
• 5 :%WINDIR%\TEMP\WIN4D4~1.EXE
• 6 :%WINDIR%\TEMP\WIN4D41.TMP.EXE
• 7 :%WINDIR%\TEMP\WIN4D42.TMP.EXE

%CACHE% is probably C:\Documents and Settings\Renata Blower\Local Settings\Temporary Internet Files\

%WINDIR% is C:\Windows\

If you find any of these delete them.

Post a new HJT log along with the ewido log.

Run HJT again and check the following.
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
Close all other windows and click fix checked.

Are the buttons still greyed out.

Well lets find out if IE is in some way not compatable with the Modem/Router at your house.

Download the Mozilla Firefox Internet Browser From here.

Overall it is a better browser with tabs and more security than IE.

Try acessing the site on Firefox and see if they load up.

Hmm that leads me to beleive the log on process is infected or damaged.

Please go to Jotti's online scanner and upload and scan the following file.
C:\Windows\System32|winlogon.exe

That log is clean.
Can you change your homepage. If you can't change it tell me what happens when you try and change it. If you can change you homepage then mark this thread as solved.(Link at top of page)

Ok delete the items in quarintine.
Also I'm gonna have you clean out your temp folders using crap cleaner.

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\Local Settings\History
C:\Documents and Settings\<Every user listed>\Cookies
C:\Windows\Prefetch

…

I am assuming that all problems are fixed. That HJT log is clean so if your not expiriencing any problems you can marks this thread as solved.(theres a link at the top of this page)

Could you plz post a new log from normal mode. This one from safe mode doesn't help because the Malware wouldn't be running.

After doing some research, I found that Yahoo has idioticly tried to censor everything that invovles them. They went so far as to star out Dick Cheney's First name. I beleive that the email you weren't receiving has something to do with that. Also some Yahoo groups have even been deleted without reason given to the members.

As for the CD issue, The program looks harmless enough and I can't find any evidence to the contrary, so if the file writing process still finishes then I would say not to worry about it.

Also I suggest you run ewido soon, so I can see whats going on with your computer and don't forget to post a new HJT log after you run the Ewido Program.

PS:Yes my name is Kyle.

Dont see any evidence of that but lets try the following.
Run HJT and check the following.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - <default> - (no file)
O16 - DPF: {5554A026-7282-4C11-A8F1-652D0599CD02} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1d...OPE_SILENT.cab
Close all other windows and click fix checked.

Now Please download and install ewido anti-spyware tool

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• This in very important to get updates
• When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

• Next, please reboot your computer in Safe Mode by doing the following:
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear use arrow up to highlight
• Select the first option, to run Windows in Safe Mode hit enter.
• For additional help in booting into Safe Mode, see the following site: HERE

  You MUST manage to get into Safe Mode for the fix to work.

Make …

I highly doubt that a company like Yahoo would even dare to try and hack into peoples computer because of the legal issues that would arrise.
However I am curious to what this icon looks like and when it pops up.
If you could get a screen shot of it that would be great. To get a screen shot press crtl + Prt Scrn at the same time then go to a image editing program like paint and go to Edit>paste. Then save up load it and post the link to the uploaded picture here.

Also there is a very common icon that does that when you open My computer. It is a flashlight that points one way then turns and points the other ways and is a normal icon.

Is this the icon possibly?

Run HJT and check the 017 entrie. Close all other windows and click fix checked.

Run HJT and check the following.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.porn-info.info/?%20to%20ve...%20years%20old
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R3 - URLSearchHook: (no name) - {04515EA6-0E9F-0F55-2361-67CEB0AD9BAC} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZNxmk572DIUS
Close all other windows and click fix checked.

I see you have Ewido but im not sure if it is up to date so im giving you the instructions for the most current Ewido scanner.

Please download and install ewido anti-spyware tool

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• This in very important to get updates
• When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

• Next, please reboot your computer in Safe Mode by doing the following:
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear use arrow up to highlight
• Select the first option, to run Windows …

Ok could you get me a HJT log from the computer the Router and modem are connected to. This might give us a clue as to why you cant access these website at home.

Everything looks clean so i would recommend switch to the Mozilla Firefox browser and see if things are going any faster.

PS: I know a friend with windows 98 and a Dsl modem and his internet still takes almost as long as yours does. So Im thinking its just the Windows 98 computer with the current day internet. But try Mozilla and see if it gets better.

You said you deleted the files sucessfully so run HJT and check the following.
O2 - BHO: (no name) - {3804d9e6-a539-49f4-9fd2-77808ba25d56} - C:\WINDOWS\system32\dhcnet.dll (file missing)
O2 - BHO: WTLHelper Object - {75DC57F8-D831-4AB8-86B7-4F826F4A0873} - C:\WINDOWS\system32\vtsqr.dll (file missing)
Close all other windows and click fix checked.

Just making sure that they were just leftovers and that the files are actually deleted.

2 things do you live in the asias pacific region.

And Please download and install ewido anti-spyware tool

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• This in very important to get updates
• When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

• Next, please reboot your computer in Safe Mode by doing the following:
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear use arrow up to highlight
• Select the first option, to run Windows in Safe Mode hit enter.
• For additional help in booting into Safe Mode, see the following site: HERE

  You MUST manage to get into Safe Mode for the fix to work.

Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan!

• Open Ewido
• Click on scanner top of Ewido sceen
• Click on Settings
• Under How to Act click on Recommended Action choose Quarantine
• Under How to scan all boxes should be selected
• Under Possibly unwanted …

Do you have any kind of security on the one at home that might be interfering?

Also Run HJT and go to config>misc tools>host manager and copy and paste the contents to here.

First move HJT to a permanent folder such as C:\HJT or something similar.
Run HJT and check the following lines.
O2 - BHO: (no name) - {3804d9e6-a539-49f4-9fd2-77808ba25d56} - C:\WINDOWS\system32\dhcnet.dll
O2 - BHO: WTLHelper Object - {75DC57F8-D831-4AB8-86B7-4F826F4A0873} - C:\WINDOWS\system32\vtsqr.dll
O20 - Winlogon Notify: dhcnet - C:\WINDOWS\SYSTEM32\dhcnet.dll
O20 - Winlogon Notify: vtsqr - C:\WINDOWS\system32\vtsqr.dll
Close all other windows and click fix checked.

Now download vundofix from here and run it.

Plz Download Pocket Killbox from here. We might have to use it later.

Please download and install ewido anti-spyware tool

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• This in very important to get updates
• When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

• Next, please reboot your computer in Safe Mode by doing the following:
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear use arrow up to highlight
• Select the first option, to run Windows in Safe Mode hit …

Download HiJackThis from here.

Make a new folder called HJT in the C: directory(C:\HJT) Extract the zip contents to that folder. Run HJT and select the scan option. After it finishes scanning there should be a save log button. Once clicked it should open up a notepad file with the log. Copy and Paste the contents of the note pad file in your next reply.

Move HJT this to its own folder in my documents.
Run HJT and check the following.
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
The following is optional but is a resource hog and is not need to load at startup.
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
Close all other windows and click fix checked.

Your current homepage is Manchester United. Is that the one you chose?

Also do you know what this is.
Asia Pacific Network Information Centre

United States of America in the Centrel time zone.