My HIJACK THIS log as instructed...

I'm pleased to show you the following HJT log as completed today. Please help!! Thank you for all who have helped so far.

 

Here Is The Log As An Attachment....sorry For The Mistake

 

Hi Rajeev,

Before you do Anything else, you MUST extract HijackThis from the ZIP File to its own, SAFE folder - C:\Program Files\HijackThis!!


Before starting this fix, you must turn off SpybotSD Tea Timer as it may interfere with the fix.
Also, if you have since rebooted, the problem DLL will be different. If this is the case, look at the 020 HJT entry for the new bad DLL entry and substitute it below.


Please download this tool: Pocket KillBox

Please print out these instructions so that you can operate with All Browser Windows CLOSED.

Please make sure System Restore is OFF and the Viewing of Hidden Files is Enabled as per the tutorial.

FIRST:
Run Pocket Killbox and select the Delete on Reboot option. Then, Copy and Paste the following into the Box: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogin.exe

Then, Click Delete (red X) and then Yes or OK until your machine reboots.


THEN, navigate to C:\WINDOWS\System32\xprvzczyunsdv3l.dll and verify that this is the correct path for the DLL.
If it is not there, try looking for it here: C:\WINDOWS\xprvzczyunsdv3l.dll

After you find the correct path, run Pocket Killbox and again choose the Delete on Reboot option. Navigate to xprvzczyunsdv3l.dll and press the Delete button (red X) and then Yes or OK until your machine reboots.

After your machine reboots, navigate to where the file should be and make sure it is gone.

Once it is gone, scan with HijackThis and Check the Boxes for the following:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://win-eto.com/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://win-eto.com/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://win-eto.com/hp.htm?id=9
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://win-eto.com/hp.htm?id=543
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://win-eto.com/sp.htm?id=9
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com

O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\E5D4B2~1.DLL

O4 - HKLM\..\Run: [Control handler] C:\WINDOWS\System32\ldl0ocbjymthd.exe
O4 - Global Startup: winlogin.exe

O15 - Trusted Zone: *.greg-search.com

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://tdserver.bitstream.com/tdserver.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/27e1eebe89abc755d705/netzip/RdxIE601.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

O20 - AppInit_DLLs: xprvzczyunsdv3l.dll.dll.dll.dll.dll.dll.dll.dll

O23 - Service: GroovePnP - Unknown - C:\WINDOWS\twain_32\SiPix\Groove\Srvany.exe (file missing)
Again, make sure ALL Browser Windows are CLOSEDwhen you Click FIX.

Now boot into Safe Mode and DELETE the following if they should somehow remain:

C:\WINDOWS\System32\ldl0ocbjymthd.exe
C:\WINDOWS\System32\E5D4B2~1.DLL --> There may be additional random characters in this one’s name

NOW:
Run CWShredder

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.

Then, as an added precaution, Go to Start > Run and type: cleanmgr. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

Reboot to Normal Windows and Attach a fresh HJT log. How are things running? Let me know of any problems that you may have encountered with the above instructions. Really busy these days, but will check back as time permits.

Best luck
PP