HJT Log HELP im getting know where, PLEASE

It would be a lot more helpful if you posted a message indicating your problems rather than just posting a HijackThis and not telling us anything.

Also note that HijackThis logs must only be posted when requested and then they must be attachments to your message. Do not post them inline. Read the sticky threads.

Also you gave us no indication of what you have already tried to do to fix your problems. Did you run all of the READ ME FIRST sticky. It seems like you ran some of it. Not sure if you paid attention to step 2 of Getting Prepared. You have an HSA hijacker and need to stop and disable the service mentioned in that step. Currently yours is named: Remote Procedure Call (RPC) Helper which is indicated by the below line:

O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\atlwn.exe

Please download the following tool: Pocket KillBox
Extract Pocket Killbox to its own folder but do not run it yet. We will need it later.

Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
On the page that opens, scroll down to Remote Procedure Call (RPC) Helper (or if not found loook for 11Fßä#·ºÄÖ`I) ... right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

Next, go back to HJT and select 'Delete an NT Service" ... copy/paste the following into the box that opens, and press "OK":

Remote Procedure Call (RPC) Helper

If that does not work try entering the short name: 11Fßä#·ºÄÖ`I
NOTE: There is a space in front of the 11F so make sure you start with a space.
You will need to cut and paste the short name since the characters are not easily typed.

Now exit HJT but do not reboot if it tells you one is needed.

If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Now restart HijackThis HijackThis and click on the "Open the Misc Tools Section" button on the open page. Then select "Open process manager" on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click "Kill process". Then click yes.
C:\WINDOWS\system32\ntrt32.exe


After killing all the above processes, click "Back".
Then please click "Scan" and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:R3 - Default URLSearchHook is missing
O2 - BHO: Class - {6A990596-36D6-C95A-0093-CB6EE8037406} - C:\WINDOWS\winnk32.dll
O2 - BHO: Class - {94FD5399-31A3-8A09-5871-0DA2D6C8E837} - C:\WINDOWS\sdkyc.dll (file missing)
O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/07e2c10...ip/RdxIE601.cab
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\atlwn.exe

After clicking Fix, exit HJT.

Now we need to Reset Web Settings:
1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now run Pocket Killbox. (note: if pocket killbox does not find any of the below files, just keep on going to the next steps).



Now, Copy and Paste C:\WINDOWS\winnk32.dll into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click NO.

Now, Copy and Paste C:\WINDOWS\sdkyc.dll into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click NO.

Now, Copy and Paste C:\WINDOWS\atlwn.exe into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click NO.

Now, Copy and Paste C:\WINDOWS\system32\ntrt32.exe into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES and allow your PC to reboot.

If you get an error message about Pending Operations, just reboot your PC yourself.

Now get a new HJT log and post it here. And tell us how these steps went and how things are working.

PLEASE DO NOT REBOOT after posting your log. If you are still infected, it could mutate making the next steps I would post ineffective.