Posts by dlh6213

The reason the files were backed up like they were is that this is a new hard drive...am beginning to wonder if I should have just reformatted instead of spending a solid week on this clean. Dunno how you folks do this day after day, it's so frustrating.

Formatting definitely would have been a reasonable option in this situation ;) I dunno how (or why) we do it either -- it does get quite frustrating at times.

Open NotePad (or WordPad), copy the contents of the "Code" below and paste it into NotePad:

cd System32
attrib -s -r -h lfrt.dll
del lfrt.dll

Go to File, Save As and type the filename as Remove.bat, save it to your Desktop, and then close NotePad.

Go to Add/Remove Programs in your Control Panel and remove ruoc, if present.

Download and run the PurityScan uninstaller -- http://www.purityscan.com/uninstall.html

Reboot into Safe Mode.

Scan with Hijackthis and have it fix the following entries:

O4 - HKLM\..\Run: [p7Fj3qT] iescap.exe
O4 - HKCU\..\Run: [Rtda] C:\Program Files\ruoc\eooh.exe
O4 - HKCU\..\Run: [Hfdcv] C:\WINDOWS\system32\l?ass.exe
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\lfrt.dll

Close any open windows and hit Fix checked.

Double-click on the file Remove.bat, and a DOS-type window should open and close quickly, this is normal. (If the window does not close by itslef, you can close it after few seconds.)

Go to the following locations and delete the highlighted files and folder …

I'll let DMR finish this up; I just have a couple of things to throw in here...

There's some info on protecting your computer in this thread:
http://www.daniweb.com/techtalkforums/thread27519.html

And see if this will help with that file you're trying to get rid of:

Download, install, and update CWShredder 2.15 --http://www.intermute.com/products/cwshredder.html. Run it, and press Fix (not scan). Close any open windows, other then CWS, before hitting the Fix button.

First you should have the file scanned here:

http://virusscan.jotti.org/

If it comes up clean, you can try to get some info on it by going to the file and right-clicking on it. Then go to Properties and get whatever info you can (Company, Version, etc.). After that, right-click on it again, and chose Open With...; you may get a warning message, if you do, click on the Open With... button. Choose Notepad (or Wordpad) to open it with. Most likely you will just see a bunch of gibberish characters, but keep looking through it -- sometimes some tell-tale information is provided.

Let us know what you find out :)

Hi Jessykah, welcome to DaniWeb :D

Yes, it's okay to 'bump' but please wait a bit longer before doing so. I realize you'r anxious to get your computer fixed, but there are only a few of us here trying to resolve dozens of users problems, and we can't be here all the time. I'd say that if you don't get a response within 24 hrs to go ahead and give it a bump to make sure it isn't being overlooked.

Please follow the recommendations in these threads to help protect and start the cleanup process of your system:

http://www.daniweb.com/techtalkforums/thread27519.html

http://www.daniweb.com/techtalkforums/thread27570.html

Then close any open broswer windows, scan with hijackthis, and post a new log and wait for instructions on removing the Aurora infection and anything else remaining.

According to your last log you still have several nasties. You should post a new log to make sure your system is clean :)

Hi Stephan, welcome to DaniWeb :D

Please follow the recommendations in these threads to help protect and start the cleanup process of your system:

http://www.daniweb.com/techtalkforums/thread27519.html

http://www.daniweb.com/techtalkforums/thread27570.html

Then close any open broswer windows, scan with hijackthis, and post a new log as there will be more to do.

Ewido does take awhile to scan (3 hrs on my system; luckily it hasn't found anything on mine yet). It looks like a lot of what it found on your system was infected backups.

That text in your temp folder is some programming language, but since I'm not a programmer, I don't know what it is, why it's in your temp folder, or why you can't delete it, but you can try using the Killbox on it. The indexes are okay, they're supposed to be there.

Download, install, update, and run about:Buster -- http://www.majorgeeks.com/download4289.html

Download, install, and update CWShredder 2.15 --http://www.intermute.com/products/cwshredder.html. Run it, and press Fix (not scan). Close any open windows, other then CWS, before hitting the Fix button.

Then see if C:\WINDOWS\system32\lfrt.dll, still exists. If it does, right-click on it, go to Properties, and give us whatever info you can on it. Then have it scanned here:

http://virusscan.jotti.org/

A SilentRunners log may help also --

Download and run Silent Runners.vbs -- http://www.silentrunners.org/.

Post the information from the log it generates in your next reply along with a fresh HJT log and the results of the file scan.

We need to have you move HijackThis into its own permanent folder, and then copy and paste the log (instead of attaching it) :)

...I found not only winadm, but nail and the other two odd named keys associated with nail as well as a neighboring set of keys with the svcproc file...

Nail and svcproc indicate you have, or have had, the Aurora infection. The process of ridding your system of that may take care of the other problems as well so you should start with that.

Get the Pocket Killbox from here:
http://bleepingcomputer.com/files/spyware/KillBox.zip

Unzip the file to your desktop, but don't open it yet.

Download Ewido Security Suite from here:
http://fileforum.betanews.com/detail/ewido_security_suite/1098736486/1

Install and update it, and then close the program (don't scan yet).

Download Nailfix from here:
http://www.noidea.us/easyfile/file.php?download=20050515010747824
Unzip it to your desktop, but do not run it yet.

Disconnect from the net and reboot into Safe Mode.

Double-click on the Nailfix.cmd that is on your desktop. Your desktop and icons will disappear and reappear, and a window should open and close very quickly -- this is normal.

Then run a full system scan with Ewido (note: you will be posting the log from this scan when back in normal mode).

Still in Safe Mode, scan with hijackthis and have it fix the following entries (if present):

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O20 - Winlogon Notify: H323TSP - C:\WINDOWS\system32\lfrt.dll
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe

Go to the following locations and delete the highlighted files (if …

Hi quick, welcome to DaniWeb :D

Sorry for the delay in responding to this, been kinda hectic here lately.

Follow the suggestions in these threads:

http://www.daniweb.com/techtalkforums/thread27519.html

http://www.daniweb.com/techtalkforums/thread27570.html

Then, right-click in an open area of your desktop and select New, Folder; give the new folder a name (something like HJT or HijackThis), and then drag the hijackthis.exe icon that is on your desktop into the new folder.

And finally, close any open browser windows, scan with HJT, and post a new log please.

Scan with hijackthis and have it fix the following entries:

O4 - HKLM\..\Run: [ordtmgy] C:\WINDOWS\System32\ordtmgy.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe

Be sure to close any open windows, other then hijackthis, before hitting Fix checked.

Reboot into Safe Mode.

Go to the following locations and delete the highlighted file and folder:

C:\WINDOWS\System32\ordtmgy.exe
C:\Program Files\SurfSideKick

If ordtmgy.exe cannot be deleted, run the Killbox again and paste the full file path (C:\WINDOWS\System32\ordtmgy.exe) into the Path of file to delete box.

Empty your Recycle Bin and reboot normally.

Close any open browser windows, scan with hijackthis, and post a new log please.

Post a new log please :)

You can now find more complete information here:
http://www.daniweb.com/techtalkforums/thread27519.html

Hi SuziQ, welcome to DaniWeb :D

Looks like you've done quite a bit already :) Hopefully we can help you get the rest.

Scan with HJT and have it fix the following entry:

O20 - Winlogon Notify: H323TSP - C:\WINDOWS\system32\lfrt.dll

Close any open windows, other then hijackthis, before hitting Fix checked.

Go to C:\WINDOWS\system32 and delete lfrt.dll.

Do a search for winadm.exe and delete any instances found.

Go to C:\WINDOWS\system32 and locate rakaam.exe, right-click on the file and then click on Properties; give us whatever info you can on it in your next post (company, version, etc.)

Follow the instructions in this thread (run at least two of the free online scans):
http://www.daniweb.com/techtalkforums/thread27570.html

Go to each of these highlighted files and right-click on it; go to properties and give us whatever info you can on them (Company, version, etc.) in your next post:

C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDll32.exe

Go to Start, Run, type regedit in the box, and hit Enter.

At the top of the Registry Editor window, click on File, and then Export. In the Export range panel (at the bottom), click All, give the file a name, and then Save your registry as a backup to a location where you will be able to locate it easily if necessary.

Then click on Edit, Find; in the box, type or paste SideFind, and then click on Find Next

Right-click on any entries found and click on Delete.

Continue using the Find Next option until you get the Finished searching through registry message.

Close the Registry Editor.

There is a file I cannot delete. The file doesn't even have a name. I've tried changing the program of which it opens in (it now opens in Notepad), and a lot of other things, but I can't delete it through DOS because it doesn't have a name.

If you can copy and paste the file, try this:

Get the Pocket Killbox from here:
http://bleepingcomputer.com/files/spyware/KillBox.zip

Unzip the file to your desktop.

Reboot into Safe Mode.

Run Pocket Killbox and paste the full file path in the box and click on Delete on Reboot. Click on the button with the red circle and an X in the middle; you will get a message saying File will be deleted on next reboot, Process and Reboot now?, Click Yes to reboot (reboot into normal mode). (Note: the 'file path' will be something like C:\WINDOWS\System32\-%*#+.exe).

If that doesn't work, can you post a screen shot of the file or try to give a detailed description?

A SilentRunners log may help as well --

Download and run Silent Runners.vbs -- http://www.silentrunners.org/.

Post the information from the log it generates in your next reply along with a fresh HJT log.

Speaking of which- I know that definitely meant that I was up too late, but does it also mean that you got up at some unholy early hour just to sneak in a few posts here before work? :cheesy:

No, I did it during my lunch break while at work, that's why they were so short -- I saw how far behind we were and wanted get as many answered as I could.

It's still showing in your log -- O4 - HKLM\..\Run: [esuyoxs] c:\winnt\system32\ivefxg.exe r

You can have HJT fix this entry:

O3 - Toolbar: (no name) - {76886F39-D4D8-4f00-A354-3CC1C364F363} - (no file)

That's about all I see. Have you followed the suggestions in the links in my previous post yet?

Please follow the suggestions in these threads:

http://www.daniweb.com/techtalkforums/thread27519.html

http://www.daniweb.com/techtalkforums/thread27570.html

Go to Add/Remove Programs in your Control Panel and remove:

Viewpoint (or Viewpoint Manager, ViewMgr, or something similar)

Go to C:\Program Files and delete the Viewpoint folder.

If you're still having problems afterwards, please post a new HJT log.

Follow the instructions here to get rid of 'neededware':
http://securityresponse.symantec.com/avcenter/venc/data/adware.neededware.html

Download and run Silent Runners.vbs -- http://www.silentrunners.org/. Post the information from the log it generates in your next reply along with a fresh HJT log.

Before posting a new log, please follow the suggestions in these threads:

http://www.daniweb.com/techtalkforums/thread27519.html

http://www.daniweb.com/techtalkforums/thread27570.html

You were pretty well infested there :(. It's looking better, but there are still some things to do.

Scan with hijackthis and have it fix the following entries:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/cus...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cus...://my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
O4 - HKLM\..\Run: [plfanyb] c:\winnt\system32\hvonyug.exe r
O4 - HKLM\..\Run: [malnhf] c:\winnt\system32\iyqjbmp.exe r
O4 - HKLM\..\Run: [ijrbbpd] C:\WINNT\ptcore.exe
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/ndw3.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...nt.cab31267.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tec...sa/LSSupCtl.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
O16 - DPF: {76886F39-D4D8-4F00-A354-3CC1C364F363} (Fidelity Toolbar) - http://personal.fidelity.com/produc...lityToolbar.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...nt.cab31267.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yah.../ymmapi_416.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binar...ro.cab32846.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tec...sa/SymAData.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab

Remember to close any open windows before hitting Fix checked.

Go to the following locations and delete the highlighted files and folder:

C:\WINNT\ptcore.exe
C:\winnt\system32\hvonyug.exe
C:\winnt\system32\iyqjbmp.exe

C:\WINNT\wt

Do a search for …

Hi peetrod, welcome to DaniWeb :D

Please follow the suggestions in these threads:

http://www.daniweb.com/techtalkforums/thread27519.html

http://www.daniweb.com/techtalkforums/thread27570.html

Get the self-extracting version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html

Then close any open browser windows, 'Scan and Save Log' with hijackthis, copy the log, and paste it in this thread.

Sounds like you're all cleaned up :)

To help prevent being reinfected, please follow the recommendations here:

http://www.daniweb.com/techtalkforums/thread27519.html

Check here first to see if it offers any assistance:
http://forum.grisoft.cz/freeforum/read.php?4,23563,23585

Then follow the recommendations here to help prevent future infections:
http://www.daniweb.com/techtalkforums/thread27519.html

After that, follow the instructions here (this will clean up some of your problems, but not all):
http://www.daniweb.com/techtalkforums/thread27570.html

Close any open browser windows, scan with HJT, and post a new log please.

I can't help with this, just giving it a 'bump' so DMR doesn't overlook it :)

(I know how much he needs more to do)

Please follow the suggestions in these threads:

http://www.daniweb.com/techtalkforums/thread27519.html

http://www.daniweb.com/techtalkforums/thread27570.html

Then close any open browser windows, scan with hijackthis, and post a new log please.

Glad your system is working better for you, but you should still try to get rid of that mad.dll.

Get the Pocket Killbox from here:
http://bleepingcomputer.com/files/spyware/KillBox.zip

Unzip the file to your desktop.

Reboot into Safe Mode.

Do a search for mad.dll and (attempt) to delete any instances found.

If mad.dll could not be deleted, run Pocket Killbox and paste the full file path in the box and click on Delete on Reboot. Click on the button with the red circle and an X in the middle; you will get a message saying File will be deleted on next reboot, Process and Reboot now?, Click Yes to reboot (reboot into normal mode). (Note: the 'file path' will be something like C:\WINDOWS\System32\mad.dll)

Let us know if you were successful.

Dave, I deleted my post because yours had more info included, mine was just links to similar info. :)

I saw your name reviewing this thread just as I hit the Post button.

Please follow the suggestions in these threads:

http://www.daniweb.com/techtalkforums/thread27519.html

http://www.daniweb.com/techtalkforums/thread27570.html

Then close any open browser windows, scan with hijackthis, and post a new log please.

Follow the suggestions in these threads:

http://www.daniweb.com/techtalkforums/thread27519.html

http://www.daniweb.com/techtalkforums/thread27570.html

Get the self-extracting version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html

Then close any open browser windows, 'Scan and Save Log' with hijackthis, copy the log, and paste it in this thread.

There's no 'best' in that list because many of them do different things.

I haven't tried everything you have listed there, but some that I like are:

Ad-Aware
CounterSpy
PestPatrol
Spybot
SpywareBlaster

And I would recommend having all of those, not just one.

I've split your post into it's own thread per forum rules (http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq#faq_rules)

Follow the suggestions in these threads:

http://www.daniweb.com/techtalkforums/thread27519.html

http://www.daniweb.com/techtalkforums/thread27570.html

Then close any open browser windows, scan with HJT, and post a new log please.

Follow the suggestions in these threads:

http://www.daniweb.com/techtalkforums/thread27519.html

http://www.daniweb.com/techtalkforums/thread27570.html

Then close any open browser windows, scan with HJT, and post a new log please.

Follow the suggestions in these threads:

http://www.daniweb.com/techtalkforums/thread27519.html

http://www.daniweb.com/techtalkforums/thread27570.html

Then, right-click in an open area of your desktop, select New, Folder; give the new folder a name (something like HJT or HijackThis), and drag the hijackthis.exe icon that is on your desktop into the new folder.

Close any open browser windows, scan with HJT, and post a new log please.

norton does create some of the weirdest problems i've ever seen.

That's one of the reasons I suggested replacing it :)

Glad you got it figured out!

Glad you were able to get your system working properly again.

Sorry we couldn't be more help; I've been busy and one of our most active moderators hasn't been able to post for some reason.

Dani is still around, she's been pretty busy herself lately with school and all, but yes, she's still here.

Check here first to see if it offers any assistance:
http://forum.grisoft.cz/freeforum/read.php?4,23563,23585

Then follow the recommendations here to help prevent future infections:
http://www.daniweb.com/techtalkforums/thread27519.html

After that, follow the instructions here (this will clean up some of your problems, but not all):
http://www.daniweb.com/techtalkforums/thread27570.html

Close any open browser windows, scan with HJT, and post a new log please.

I would suggest trying System Restore (if you have that capability, you didn't mention your OS) to a point prior to when you started having problems.

Then follow the suggestions in these threads:

http://www.daniweb.com/techtalkforums/thread27519.html

http://www.daniweb.com/techtalkforums/thread27570.html

If you continue to have problems, please get the self-extracting version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html

Then close any open browser windows, 'Scan and Save Log' with hijackthis, copy the log, and paste it in this thread. Hopefully that will show us what the problem is.

It sounds to me like a format and reinstall is your best option at this point, it will probably be quicker and easier then trying to fix whatever you have.

Before you begin, have a look at these threads:

http://www.daniweb.com/techtalkforums/thread16365-crackers+christmas.html

http://www.daniweb.com/techtalkforums/thread27519.html

Also before you begin, write down the settings for your wireless router; hopefully that will help setting it up again. To get these settings, go to Start, Run, and type in cmd, click OK; at the command prompt, type in ipconfig /all and hit Enter. That should be most of what you will need.

You should first follow the recommendations in this thread on the problem computer to help prevent further occurrences:
http://www.daniweb.com/techtalkforums/thread27519.html

Try uninstalling Norton, and then reinstalling it (or consider replacing it :) )

Note: Hijackthis should be in it's own folder, like G:\programs\Hijackthis\HijackThis.exe (instead of G:\programs\HijackThis.exe)

Hi greycat, welcome to DaniWeb :D

Before we get started on your HijackThis log, you should follow the recommendations in this thread:
http://www.daniweb.com/techtalkforums/thread27519.html

After that, use the cleanup procedures explained here:
http://www.daniweb.com/techtalkforums/thread27570.html

If you are still having problems after that, please scan with HijackThis again and post a new log.

Links to related helpful advice...

http://www.daniweb.com/techtalkforums/thread5690.html

http://castlecops.com/postlite7736-.html

http://castlecops.com/postitle116539-0-0-.html

If anyone has any suggestions for anything to be added to this thread, please contact one of the moderators for evaluation.

The first step in ridding your system of unwanted intruders is to protect it from them in the first place. If you haven’t already done so, please review this thread and follow all of the recommended procedures before continuing here:
http://www.daniweb.com/techtalkforums/thread27519.html

Reminder – If your system is simply too infested to effectively clean, or has too many problems related to past infestations or other problems, it may be better to back up all your data, format and install Windows again, so you can have a fresh, clean start.

If you are still having problems with your computer after following the suggestions in this thread, please go to this one to continue the cleanup process:
http://www.daniweb.com/techtalkforums/thread28196.html

In order to view some of the files and folders mentioned here, you will need to set your system up accordingly. Open Windows Explorer, go to Tools, and in Folder Options, select Show hidden files and folders, and uncheck Hide protected operating system files.

You may also need to boot into Safe Mode, the most common way to do this is to reboot your computer, and then repeatedly hit F8 while it's booting up. A menu will be displayed which will give you several options. Select Safe Mode, and press Enter.

A combination of the utilities listed may be required to successfully clean a heavily infested system; if the ones you are using don’t seem to be doing the job, try some of the …

Links to related helpful advice...

http://www.daniweb.com/techtalkforums/thread5690.html

http://castlecops.com/postlite7736-.html

http://castlecops.com/postitle116539-0-0-.html

http://www.daniweb.com/techtalkforums/thread28750.html

http://bshagnasty.home.att.net/browsersettings.htm

If anyone has any suggestions for anything to be added to this thread, please contact one of the moderators for consideration.

The procedures and utilities described here are for the users of Windows operating systems.

In today's world, where internet intruders are so prevalent and cause so many problems, you really MUST follow these suggested procedures on any internet connected PC. You can choose not to, of course, but if you don't you are really wasting your time seeking assistance here or anywhere else. On an unprotected machine, problems are sure to continue.

If your system is simply too infested to effectively clean, or has too many problems related to past infestations or other problems, then now is as good a time as any to back up all your data, format and install Windows again, and have a fresh, clean start!

Links to any recommended hardware and software can be found at the bottom of this page.

1.) Antivirus

Antivirus protection is a must-have and most new computers will come with at least a trial version of an antivirus program. Make sure you replace the trial version, or pay for the full version, before the trial period runs out.

Nod32 is the leader among AV programs and is reasonably priced. There are also free AV programs available that do an acceptable job such as AVG and Avast.

You should have only one antivirus program running on your computer, as more then one can cause problems.

2.) Firewall

A firewall is critical these days, particularly if you have a high-speed connection (such as …

Spybot Search & Destroy version 1.4 is now available; if you have any previous versions, you should replace it with this one.

http://www.download.com/3120-20_4-0.html?qt=spybot&tg=dl-20&search.x=17&search.y=6

Sorry for the delay in responding to this, I've had some other projects to attend to.

You've almost got Hijackthis in a good place. Right-click in an open area of your desktop and select New, Folder; give the new folder a name (something like HJT or HijackThis), and then drag the hijackthis.exe icon that is on your desktop into this new folder.

You will need to be disconnecting from the internet, so you may wish to print these instructions.

Download Ewido Security Suite from here:
http://fileforum.betanews.com/detail/ewido_security_suite/1098736486/1

Install and update it, and then close the program (don't scan yet).

Download Nailfix from here:
http://www.noidea.us/easyfile/file.php?download=20050515010747824
Unzip it to your desktop, but do not run it yet.

Disconnect from the net and reboot into Safe Mode.

Go to Add/Remove Programs in your Control Panel and remove (if present) SurfSideKick

Double-click on the Nailfix.cmd that is on your desktop. Your desktop and icons will disappear and reappear, and a window should open and close very quickly -- this is normal.

Then run a full system scan with Ewido (note: you will be posting the log from this scan when back in normal mode).

Still in Safe Mode, scan with hijackthis and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yc.../search/ie.html
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no …

Greetings saagar, welcome to DaniWeb :D

Greetings Yoadber, welcome to DaniWeb :D