BleepingComputer.com: Google Redirect -- Am I Clean?

So, I'm trying to stick to the textbook here. Attached you will find ark.txt and Attach.txt. Below, I have reproduced the contents of DDS.txt.

I am running Windows 7 32-bit.

Symptoms BEFORE I did some clean up work of my own:

- Google search results would sporadically redirect me to site with "meta.7search.com" as the domain.
- Firefox 4.0 would crash
- Shutdown would "hang" until I "Forced Shutdown"

I am pleased to report that these symptoms are not apparent anymore, but I want to be 100% sure that this bug is gone for good. Thank you, in advance, for your help.

---------DDS----------
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Ravi at 12:13:18.22 on Sat 05/14/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.2105 [GMT -4:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Windows\System32\StikyNot.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Ravi\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
StartupFolder: c:\users\ravi\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\users\ravi\appdata\roaming\microsoft\windows\start menu\programs\startup\scanxdiskbb36.dll
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ravi\appdata\roaming\mozilla\firefox\profiles\pxihld0u.default\
FF - prefs.js: browser.startup.homepage - wsj.com
FF - component: c:\users\ravi\appdata\roaming\mozilla\firefox\profiles\pxihld0u.default\extensions\afom@idevfh\components\npAFOM.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2010-11-3 13480]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-3-19 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-3-19 93312]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2010-11-3 93032]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2010-9-21 63928]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2010-9-21 45496]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-27 1343400]
.
=============== Created Last 30 ================
.
2011-05-14 05:41:50 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-05-14 05:41:16 -------- d-----w- c:\progra~2\Hitman Pro
2011-05-14 05:08:16 -------- d-----w- c:\users\ravi\appdata\roaming\Malwarebytes
2011-05-14 05:08:11 -------- d-----w- c:\progra~2\Malwarebytes
2011-05-13 18:52:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-13 18:52:03 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-05-11 21:50:56 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-11 21:50:55 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-10 01:33:02 14744 ----a-w- c:\users\ravi\appdata\roaming\microsoft\identitycrl\production\ppcrlconfig.dll
2011-05-10 01:22:24 -------- d-----w- c:\program files\MSECache
2011-05-06 05:09:33 -------- d-----w- c:\users\ravi\appdata\roaming\Registry Mechanic
2011-05-06 05:07:07 -------- d-----w- c:\program files\CCleaner
2011-05-06 05:00:47 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-05-06 05:00:46 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-05-06 05:00:46 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-05-06 05:00:46 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-05-06 05:00:46 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-05-06 05:00:46 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-05-06 05:00:46 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-05-06 05:00:45 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-05-03 02:39:04 0 ----a-w- c:\users\ravi\appdata\local\Glayad.bin
2011-05-03 02:39:03 -------- d-----w- c:\users\ravi\appdata\local\{425BDE38-B349-4844-8B00-AD08CEE3ECDF}
.
==================== Find3M ====================
.
2011-03-11 05:40:24 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:40:24 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-08 05:38:13 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 05:29:23 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:27:30 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 03:31:32 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-02-19 05:32:08 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-19 03:37:02 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-02-18 05:36:26 428032 ----a-w- c:\windows\system32\vbscript.dll
.
============= FINISH: 12:14:39.79 ===============

UPDATE:

The redirect problem is back! Will check to see if Firefox crashes and if my computer stalls out on shutdown.

---

Firefox hasn't crashed yet, and no stalling when restarting or shutting down. A good sign, I presume!

EDIT: Posts merged ~Budapest

This post has been edited by Budapest: 15 May 2011 - 04:15 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

• Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.
  
  
  
• Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  
  
  
• Please reply to this post so I know you are there.

The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks

m0le -

Thanks for helping out. Looking forward to hearing back from you.

Best,

- R

Please run Combofix

Please download ComboFix from one of these locations:

• Bleepingcomputer
  
• ForoSpyware

* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe

• Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  
• Double click on Comfix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

m0le -

Please find my ComboFix log reproduced below:

ComboFix 11-05-26.05 - Ravi 05/27/2011 15:44:57.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.2075 [GMT -4:00]
Running from: c:\users\Ravi\Desktop\ComFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-04-27 to 2011-05-27 )))))))))))))))))))))))))))))))
.
.
2011-05-27 19:50 . 2011-05-27 19:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-27 19:42 . 2011-05-27 19:43 -------- d-----w- C:\ComFix
2011-05-24 15:56 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-15 04:33 . 2011-05-15 04:33 -------- d-----w- c:\program files\Common Files\Java
2011-05-15 04:32 . 2011-05-15 04:32 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-05-15 04:32 . 2011-05-15 04:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-15 04:32 . 2011-05-15 04:32 -------- d-----w- c:\program files\Java
2011-05-15 04:20 . 2010-01-10 23:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2011-05-15 04:19 . 2011-05-19 06:45 -------- d-----w- c:\program files\SpywareBlaster
2011-05-14 21:23 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{445C7D25-B9C0-42D1-A2C3-A75E4D4C46C8}\mpengine.dll
2011-05-14 21:17 . 2011-05-27 19:50 -------- d-----w- c:\users\Ravi\AppData\Local\temp
2011-05-14 05:41 . 2011-05-15 02:31 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-05-14 05:41 . 2011-05-14 15:14 -------- d-----w- c:\programdata\Hitman Pro
2011-05-14 05:08 . 2011-05-14 05:08 -------- d-----w- c:\users\Ravi\AppData\Roaming\Malwarebytes
2011-05-14 05:08 . 2011-05-14 05:08 -------- d-----w- c:\programdata\Malwarebytes
2011-05-13 18:52 . 2011-05-14 15:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-05-11 21:50 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-11 21:50 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-10 01:22 . 2011-05-10 01:22 -------- d-----w- c:\program files\MSECache
2011-05-06 05:09 . 2011-05-06 05:09 -------- d-----w- c:\users\Ravi\AppData\Roaming\Registry Mechanic
2011-05-06 05:07 . 2011-05-06 05:07 -------- d-----w- c:\program files\CCleaner
2011-05-06 05:00 . 2011-05-06 05:00 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-06 05:00 . 2011-05-06 05:00 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-06 05:00 . 2011-05-06 05:00 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-06 05:00 . 2011-05-06 05:00 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-06 05:00 . 2011-05-06 05:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-06 05:00 . 2011-05-06 05:00 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-06 05:00 . 2011-05-06 05:00 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-06 05:00 . 2011-05-06 05:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-03 02:39 . 2011-05-05 04:19 0 ----a-w- c:\users\Ravi\AppData\Local\Glayad.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-11 05:40 . 2011-04-14 19:19 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:40 . 2011-04-14 19:19 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-08 05:38 . 2011-04-14 19:19 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 05:29 . 2011-04-14 19:19 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:27 . 2011-04-14 19:19 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 03:31 . 2011-04-14 19:19 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-05-06 05:00 . 2011-05-06 05:00 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-02-27 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2010-07-27 69560]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-03-19 2029640]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-23 1725736]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"nwiz"="nwiz.exe" [2009-08-27 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-05 13797992]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
c:\users\Ravi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
scanxdiskbb36.dll [2009-12-8 593920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-04-07 45496]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-27 1343400]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-26 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-03-19 107256]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-03-19 731840]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-03-19 93312]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-04-07 63928]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z059&partner_id=308&product_id=435&affiliate_id=&channel=rjddr&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110515&user_guid=EAA11F8CE4A241D6B58F0DF7EC3B851D&machine_id=4db49f3a6dff7f2d70673ec565c1b11d&browser=IE&os=win&os_version=6.1-x86-SP0
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 68.87.68.166 68.87.74.166
FF - ProfilePath - c:\users\Ravi\AppData\Roaming\Mozilla\Firefox\Profiles\pxihld0u.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - www.wsj.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&q=
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-27 15:52:09
ComboFix-quarantined-files.txt 2011-05-27 19:52
ComboFix2.txt 2011-05-14 21:17
.
Pre-Run: 37,656,039,424 bytes free
Post-Run: 37,662,650,368 bytes free
.
- - End Of File - - 3D9FD4AFA98729BAAB800CD4597A514B


Thanks, again. I will say I've noticed a definite difference in browser performance.

- R

This post has been edited by R2I4D: 27 May 2011 - 03:31 PM

Please rerun Combofix

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

Quote

Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)




Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Please next visit ESET

I'd like us to scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
  
• Click the button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
    
  • Double click on the icon on your desktop.
  
  
• Check
  
• Click the button.
  
• Accept any security warnings from your browser.
  
• Under scan settings, check and check Remove found threats
  
• Click Advanced settings and select the following:
  • Scan potentially unwanted applications
    
  • Scan for potentially unsafe applications
    
  • Enable Anti-Stealth technology
  
  
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  
• When the scan completes, push
  
• Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  
• Push the button.
  
• Push

If no log is generated that means nothing was found. Please let me know if this happens.

m0le -

Here is the ComboFix log:

ComboFix 11-05-27.01 - Ravi 05/27/2011 22:53:36.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.1919 [GMT -4:00]
Running from: c:\users\Ravi\Desktop\ComFix.exe
Command switches used :: c:\users\Ravi\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll --> c:\windows\System32\user32.dll
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-28 )))))))))))))))))))))))))))))))
.
.
2011-05-28 02:58 . 2011-05-28 02:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-27 19:42 . 2011-05-27 19:43 -------- d-----w- C:\ComFix
2011-05-24 15:56 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-15 04:33 . 2011-05-15 04:33 -------- d-----w- c:\program files\Common Files\Java
2011-05-15 04:32 . 2011-05-15 04:32 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-05-15 04:32 . 2011-05-15 04:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-15 04:32 . 2011-05-15 04:32 -------- d-----w- c:\program files\Java
2011-05-15 04:20 . 2010-01-10 23:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2011-05-15 04:19 . 2011-05-27 19:58 -------- d-----w- c:\program files\SpywareBlaster
2011-05-14 21:23 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{445C7D25-B9C0-42D1-A2C3-A75E4D4C46C8}\mpengine.dll
2011-05-14 21:17 . 2011-05-28 02:58 -------- d-----w- c:\users\Ravi\AppData\Local\temp
2011-05-14 05:41 . 2011-05-15 02:31 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-05-14 05:41 . 2011-05-14 15:14 -------- d-----w- c:\programdata\Hitman Pro
2011-05-14 05:08 . 2011-05-14 05:08 -------- d-----w- c:\users\Ravi\AppData\Roaming\Malwarebytes
2011-05-14 05:08 . 2011-05-14 05:08 -------- d-----w- c:\programdata\Malwarebytes
2011-05-13 18:52 . 2011-05-14 15:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-05-11 21:50 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-11 21:50 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-10 01:22 . 2011-05-10 01:22 -------- d-----w- c:\program files\MSECache
2011-05-06 05:09 . 2011-05-06 05:09 -------- d-----w- c:\users\Ravi\AppData\Roaming\Registry Mechanic
2011-05-06 05:07 . 2011-05-06 05:07 -------- d-----w- c:\program files\CCleaner
2011-05-06 05:00 . 2011-05-06 05:00 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-06 05:00 . 2011-05-06 05:00 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-06 05:00 . 2011-05-06 05:00 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-06 05:00 . 2011-05-06 05:00 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-06 05:00 . 2011-05-06 05:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-06 05:00 . 2011-05-06 05:00 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-06 05:00 . 2011-05-06 05:00 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-06 05:00 . 2011-05-06 05:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-03 02:39 . 2011-05-05 04:19 0 ----a-w- c:\users\Ravi\AppData\Local\Glayad.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-11 05:40 . 2011-04-14 19:19 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:40 . 2011-04-14 19:19 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-08 05:38 . 2011-04-14 19:19 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 05:29 . 2011-04-14 19:19 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:27 . 2011-04-14 19:19 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 03:31 . 2011-04-14 19:19 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-05-06 05:00 . 2011-05-06 05:00 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2010-07-27 69560]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-03-19 2029640]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-23 1725736]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"nwiz"="nwiz.exe" [2009-08-27 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-05 13797992]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
c:\users\Ravi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
scanxdiskbb36.dll [2009-12-8 593920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-04-07 45496]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-27 1343400]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-26 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-03-19 107256]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-03-19 731840]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-03-19 93312]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-04-07 63928]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z059&partner_id=308&product_id=435&affiliate_id=&channel=rjddr&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110515&user_guid=EAA11F8CE4A241D6B58F0DF7EC3B851D&machine_id=4db49f3a6dff7f2d70673ec565c1b11d&browser=IE&os=win&os_version=6.1-x86-SP0
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 68.87.68.166 68.87.74.166
FF - ProfilePath - c:\users\Ravi\AppData\Roaming\Mozilla\Firefox\Profiles\pxihld0u.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - www.wsj.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&q=
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-27 23:00:30
ComboFix-quarantined-files.txt 2011-05-28 03:00
ComboFix2.txt 2011-05-27 19:52
ComboFix3.txt 2011-05-14 21:17
.
Pre-Run: 35,733,647,360 bytes free
Post-Run: 35,659,149,312 bytes free
.
- - End Of File - - 53881418A7D898369C6B161C129D599D


And here is the ESET Online Scanner log:

C:\Program Files\PDF Password Remover v3.0\winDecrypt.exe probably a variant of Win32/PSWTool.PdfCracker.A application cleaned by deleting - quarantined
C:\Users\Ravi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\6db1f096-1793bec4 probably a variant of Java/TrojanDownloader.OpenStream.NCC trojan cleaned by deleting - quarantined
C:\Users\Ravi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\1b985859-729ac84c probably a variant of Java/TrojanDownloader.OpenStream.NCC trojan cleaned by deleting - quarantined
C:\Users\Ravi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanxdiskbb36.dll a variant of Win32/Kryptik.NWO trojan cleaned by deleting - quarantined

I think we're close. No symptoms, much improved browser speed, and no hang-ups when shutting down or booting up! Thanks, thus far.

- R

We're more than close, we're there...

You're clean. Good stuff!

Let's do some clearing up

Uninstall ComboFix

Remove Combofix now that we're done with it.

• Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  (For Vista/Windows 7 please click Start -> All Programs -> Accessories -> Run)
  
• Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between "Combofix" and "/")
  
• Please follow the prompts to uninstall Combofix.
  
• You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

This will uninstall Combofix and anything associated with it.


We Need to Clean Up our Mess
Download and Run OTC

We will now remove the tools we used during this fix using OTC.

• Download OTC by OldTimer and save it to your desktop.
  
• Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  
• Then Click the big button.
  
• You will get a prompt saying "Being Cleanup Process". Please select Yes.
  
• Restart your computer when prompted.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Use and update your AntiVirus Software

You must have a good antivirus. There are plenty to choose from but I personally recommend the free options of Avast and Avira Antivir. If you want to purchase a security program then I recommend any of the following: AVG, Norton, McAfee, Kaspersky and ESET Nod32.

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

Use this next program to check for updates for programs already on your system. Download Security Check by screen317 from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically, make sure that updates on any that are flagged are carried out as soon as possible

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it R214D, happy surfing!

Cheers.

m0le

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.