Solved

Hijacked Home Page/Internet Explorer 7.0

Posted on 2006-11-26
9
253 Views
Last Modified: 2013-12-04
This HP PC running Win XP Home had the home page hijacked by a page trying to sell something (and no other address could be typed into the address field and browsed to).  I told the customer to run AdAware, Spybot, and Ewido both in normal and in safe mode.  He said Ewido cleaned a lot of stuff, but the home page still couldn't be changed.
He wasn't patient enough to wait one more day for me to look at it, so he spent 4 hours on the phone with HP and paid them $45 to upgrade to IE 7 (go figure...I would have done that for free in 15 minutes).  Anyway, the home page and browser works now.  Is it possible that upgrading the browser cured all of the problem?  I'm skeptical because I know that stuff often buries itself in the registry.

So...here's the question.  Below is his current Hijack This log.  See anything that looks like it's waiting to attack again?  Or other problems?  What about all of those Winlogon Notify entries and line 018?

Logfile of HijackThis v1.99.1
Scan saved at 10:51:10 PM, on 11/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\Cox\Applications\app\Prism.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis (2).zip\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp?ie=UTF-8&oe=UTF-8&hl=en&tab=wn&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\AUserInit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0F8C2B98-1D3D-4FD0-8CAE-FDB1BC42655f} - C:\WINDOWS\system32\xwprfahb.dll (file missing)
O2 - BHO: (no name) - {192c5b4a-3efd-40c7-9f99-c472deb8efc0} - C:\Program Files\Super Codec\isaddon.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - C:\Program Files\VideoKeyCodec\isaddon.dll (file missing)
O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O2 - BHO: (no name) - {DD1052A2-C2AA-4CAB-9D6A-618DD14F09Ec} - C:\WINDOWS\system32\xwprfahb.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Cox Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: officejet 6100.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109383066156
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153716902859
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: x-excid - {9D6CC632-1337-4A33-9214-2DA092E776F4} - c:\WINDOWS\Downloaded Program Files\mimectl.dll
O20 - Winlogon Notify: adbmwdhx - adbmwdhx.dll (file missing)
O20 - Winlogon Notify: ajayiyht - ajayiyht.dll (file missing)
O20 - Winlogon Notify: amvjnpto - C:\WINDOWS\SYSTEM32\amvjnpto.dll
O20 - Winlogon Notify: aoqoxxoc - aoqoxxoc.dll (file missing)
O20 - Winlogon Notify: bvcoevuo - bvcoevuo.dll (file missing)
O20 - Winlogon Notify: cfcsppjt - cfcsppjt.dll (file missing)
O20 - Winlogon Notify: cqvyymul - cqvyymul.dll (file missing)
O20 - Winlogon Notify: dejnpxhl - dejnpxhl.dll (file missing)
O20 - Winlogon Notify: dhqdgsid - dhqdgsid.dll (file missing)
O20 - Winlogon Notify: dosrilqn - C:\WINDOWS\SYSTEM32\dosrilqn.dll
O20 - Winlogon Notify: dqljymii - dqljymii.dll (file missing)
O20 - Winlogon Notify: dtfgsewc - dtfgsewc.dll (file missing)
O20 - Winlogon Notify: dxkfmcgs - C:\WINDOWS\SYSTEM32\dxkfmcgs.dll
O20 - Winlogon Notify: ekjmfslj - ekjmfslj.dll (file missing)
O20 - Winlogon Notify: eluwojqj - eluwojqj.dll (file missing)
O20 - Winlogon Notify: esoguvkl - esoguvkl.dll (file missing)
O20 - Winlogon Notify: etyqydbu - etyqydbu.dll (file missing)
O20 - Winlogon Notify: fckqftrg - fckqftrg.dll (file missing)
O20 - Winlogon Notify: fgxtlwav - fgxtlwav.dll (file missing)
O20 - Winlogon Notify: fyvgrcjd - fyvgrcjd.dll (file missing)
O20 - Winlogon Notify: gspyygll - gspyygll.dll (file missing)
O20 - Winlogon Notify: hjjajbeg - hjjajbeg.dll (file missing)
O20 - Winlogon Notify: hlupqjqi - hlupqjqi.dll (file missing)
O20 - Winlogon Notify: holdapi - holdapi.dll (file missing)
O20 - Winlogon Notify: hurifkpx - hurifkpx.dll (file missing)
O20 - Winlogon Notify: ifawbwfd - C:\WINDOWS\SYSTEM32\ifawbwfd.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: igohsshu - C:\WINDOWS\SYSTEM32\igohsshu.dll
O20 - Winlogon Notify: ilpduymh - C:\WINDOWS\SYSTEM32\ilpduymh.dll
O20 - Winlogon Notify: inlmsrww - inlmsrww.dll (file missing)
O20 - Winlogon Notify: iuqickvp - iuqickvp.dll (file missing)
O20 - Winlogon Notify: kcaxcqqc - kcaxcqqc.dll (file missing)
O20 - Winlogon Notify: lrxvnkrk - lrxvnkrk.dll (file missing)
O20 - Winlogon Notify: lxmdthbi - lxmdthbi.dll (file missing)
O20 - Winlogon Notify: mdsqhtig - mdsqhtig.dll (file missing)
O20 - Winlogon Notify: nabqahaj - C:\WINDOWS\SYSTEM32\nabqahaj.dll
O20 - Winlogon Notify: ndthxlqj - ndthxlqj.dll (file missing)
O20 - Winlogon Notify: ntvobhhf - ntvobhhf.dll (file missing)
O20 - Winlogon Notify: ojamixbh - ojamixbh.dll (file missing)
O20 - Winlogon Notify: oofxvmkk - C:\WINDOWS\SYSTEM32\oofxvmkk.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: pexqvlre - pexqvlre.dll (file missing)
O20 - Winlogon Notify: prsrodok - prsrodok.dll (file missing)
O20 - Winlogon Notify: prvikebw - prvikebw.dll (file missing)
O20 - Winlogon Notify: pupsgbvo - pupsgbvo.dll (file missing)
O20 - Winlogon Notify: pxagfodv - pxagfodv.dll (file missing)
O20 - Winlogon Notify: qdqwnhqn - qdqwnhqn.dll (file missing)
O20 - Winlogon Notify: qlteavwu - qlteavwu.dll (file missing)
O20 - Winlogon Notify: qqlecywk - qqlecywk.dll (file missing)
O20 - Winlogon Notify: qxkyqctr - qxkyqctr.dll (file missing)
O20 - Winlogon Notify: rjpmnuly - C:\WINDOWS\SYSTEM32\rjpmnuly.dll
O20 - Winlogon Notify: saivwfwt - saivwfwt.dll (file missing)
O20 - Winlogon Notify: sgdxpsrs - sgdxpsrs.dll (file missing)
O20 - Winlogon Notify: taavjddp - taavjddp.dll (file missing)
O20 - Winlogon Notify: tgyiojiq - tgyiojiq.dll (file missing)
O20 - Winlogon Notify: tuvrokar - tuvrokar.dll (file missing)
O20 - Winlogon Notify: uaebqpcu - uaebqpcu.dll (file missing)
O20 - Winlogon Notify: ugdfsjrw - ugdfsjrw.dll (file missing)
O20 - Winlogon Notify: ujueocal - ujueocal.dll (file missing)
O20 - Winlogon Notify: vujrvwyw - vujrvwyw.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: whvjwbpo - whvjwbpo.dll (file missing)
O20 - Winlogon Notify: wkjyvbpr - wkjyvbpr.dll (file missing)
O20 - Winlogon Notify: wyutxqiw - wyutxqiw.dll (file missing)
O20 - Winlogon Notify: xtghgcrb - xtghgcrb.dll (file missing)
O20 - Winlogon Notify: xtsktirc - xtsktirc.dll (file missing)
O20 - Winlogon Notify: xvlubhsv - xvlubhsv.dll (file missing)
O20 - Winlogon Notify: ycdisrub - ycdisrub.dll (file missing)
O20 - Winlogon Notify: ymnanwrc - ymnanwrc.dll (file missing)
O20 - Winlogon Notify: yuaauqnb - yuaauqnb.dll (file missing)
O20 - Winlogon Notify: yuudkaha - yuudkaha.dll (file missing)
O20 - Winlogon Notify: yxpsmafm - yxpsmafm.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: cussers - {ff170564-36c8-43f7-9100-559e166405cf} - (no file)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

0
Comment
Question by:wskesler
  • 4
  • 3
9 Comments
 
LVL 97

Assisted Solution

by:war1
war1 earned 125 total points
ID: 18015239
I ran an analysis of your HijackThis log at http://hijackthis.de  then saved the result and posted a link to the result here.  

http://hijackthis.de/logfiles/d304e17c7411c41d7fe1dc2bb252e725.html

Uninstall Super Codec from Add/Remove Programs. It may not be called by Super Codec. Search for any program that is not familar to owner.

Check the box next to the following items and have HijackThis "Fix Checked". The following list is not as bad it looks.  Most have file missing, which means the file was removed by another program (probably Ewido). You are just doing clean up here.

O2 - BHO: (no name) - {0F8C2B98-1D3D-4FD0-8CAE-FDB1BC42655f} - C:\WINDOWS\system32\xwprfahb.dll (file missing)
O2 - BHO: (no name) - {192c5b4a-3efd-40c7-9f99-c472deb8efc0} - C:\Program Files\Super Codec\isaddon.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - C:\Program Files\VideoKeyCodec\isaddon.dll (file missing)
O20 - Winlogon Notify: adbmwdhx - adbmwdhx.dll (file missing)            
O20 - Winlogon Notify: ajayiyht - ajayiyht.dll (file missing)          
O20 - Winlogon Notify: amvjnpto - C:\WINDOWS\SYSTEM32\amvjnpto.dll        
O20 - Winlogon Notify: aoqoxxoc - aoqoxxoc.dll (file missing)        
O20 - Winlogon Notify: bvcoevuo - bvcoevuo.dll (file missing)          
O20 - Winlogon Notify: cfcsppjt - cfcsppjt.dll (file missing)          
O20 - Winlogon Notify: cqvyymul - cqvyymul.dll (file missing)          
O20 - Winlogon Notify: dejnpxhl - dejnpxhl.dll (file missing)          
O20 - Winlogon Notify: dhqdgsid - dhqdgsid.dll (file missing)
O20 - Winlogon Notify: dosrilqn - C:\WINDOWS\SYSTEM32\dosrilqn.dll            
O20 - Winlogon Notify: dqljymii - dqljymii.dll (file missing)        
O20 - Winlogon Notify: dtfgsewc - dtfgsewc.dll (file missing)    
O20 - Winlogon Notify: dxkfmcgs - C:\WINDOWS\SYSTEM32\dxkfmcgs.dll    
O20 - Winlogon Notify: ekjmfslj - ekjmfslj.dll (file missing)    
O20 - Winlogon Notify: eluwojqj - eluwojqj.dll (file missing)        
O20 - Winlogon Notify: esoguvkl - esoguvkl.dll (file missing)        
O20 - Winlogon Notify: etyqydbu - etyqydbu.dll (file missing)      
O20 - Winlogon Notify: fckqftrg - fckqftrg.dll (file missing)          
O20 - Winlogon Notify: fgxtlwav - fgxtlwav.dll (file missing)      
O20 - Winlogon Notify: fyvgrcjd - fyvgrcjd.dll (file missing)      
O20 - Winlogon Notify: gspyygll - gspyygll.dll (file missing)          
O20 - Winlogon Notify: hjjajbeg - hjjajbeg.dll (file missing)          
O20 - Winlogon Notify: hlupqjqi - hlupqjqi.dll (file missing)        
O20 - Winlogon Notify: holdapi - holdapi.dll (file missing)      
O20 - Winlogon Notify: hurifkpx - hurifkpx.dll (file missing)    
O20 - Winlogon Notify: ifawbwfd - C:\WINDOWS\SYSTEM32\ifawbwfd.dll      
O20 - Winlogon Notify: igohsshu - C:\WINDOWS\SYSTEM32\igohsshu.dll          
O20 - Winlogon Notify: ilpduymh - C:\WINDOWS\SYSTEM32\ilpduymh.dll        
O20 - Winlogon Notify: inlmsrww - inlmsrww.dll (file missing)        
O20 - Winlogon Notify: iuqickvp - iuqickvp.dll (file missing)        
O20 - Winlogon Notify: kcaxcqqc - kcaxcqqc.dll (file missing)          
O20 - Winlogon Notify: lrxvnkrk - lrxvnkrk.dll (file missing)      
O20 - Winlogon Notify: mdsqhtig - mdsqhtig.dll (file missing)        
O20 - Winlogon Notify: nabqahaj - C:\WINDOWS\SYSTEM32\nabqahaj.dll          
O20 - Winlogon Notify: ndthxlqj - ndthxlqj.dll (file missing)    
O20 - Winlogon Notify: ntvobhhf - ntvobhhf.dll (file missing)        
O20 - Winlogon Notify: ojamixbh - ojamixbh.dll (file missing)
O20 - Winlogon Notify: oofxvmkk - C:\WINDOWS\SYSTEM32\oofxvmkk.dll  
O20 - Winlogon Notify: pexqvlre - pexqvlre.dll (file missing)      
O20 - Winlogon Notify: prsrodok - prsrodok.dll (file missing)        
O20 - Winlogon Notify: prvikebw - prvikebw.dll (file missing)        
O20 - Winlogon Notify: pupsgbvo - pupsgbvo.dll (file missing)      
O20 - Winlogon Notify: pxagfodv - pxagfodv.dll (file missing)        
O20 - Winlogon Notify: qdqwnhqn - qdqwnhqn.dll (file missing)        
O20 - Winlogon Notify: qlteavwu - qlteavwu.dll (file missing)        
O20 - Winlogon Notify: qqlecywk - qqlecywk.dll (file missing)          
O20 - Winlogon Notify: qxkyqctr - qxkyqctr.dll (file missing)        
O20 - Winlogon Notify: rjpmnuly - C:\WINDOWS\SYSTEM32\rjpmnuly.dll      
O20 - Winlogon Notify: saivwfwt - saivwfwt.dll (file missing)          
O20 - Winlogon Notify: sgdxpsrs - sgdxpsrs.dll (file missing)    
O20 - Winlogon Notify: taavjddp - taavjddp.dll (file missing)          
O20 - Winlogon Notify: tgyiojiq - tgyiojiq.dll (file missing)          
O20 - Winlogon Notify: tuvrokar - tuvrokar.dll (file missing)        
O20 - Winlogon Notify: uaebqpcu - uaebqpcu.dll (file missing)        
O20 - Winlogon Notify: ugdfsjrw - ugdfsjrw.dll (file missing)        
O20 - Winlogon Notify: ujueocal - ujueocal.dll (file missing)        
O20 - Winlogon Notify: whvjwbpo - whvjwbpo.dll (file missing)            
O20 - Winlogon Notify: wkjyvbpr - wkjyvbpr.dll (file missing)        
O20 - Winlogon Notify: wyutxqiw - wyutxqiw.dll (file missing)        
O20 - Winlogon Notify: xtghgcrb - xtghgcrb.dll (file missing)        
O20 - Winlogon Notify: xtsktirc - xtsktirc.dll (file missing)        
O20 - Winlogon Notify: xvlubhsv - xvlubhsv.dll (file missing)          
O20 - Winlogon Notify: ycdisrub - ycdisrub.dll (file missing)      
O20 - Winlogon Notify: ymnanwrc - ymnanwrc.dll (file missing)  
O20 - Winlogon Notify: yuaauqnb - yuaauqnb.dll (file missing)        
O20 - Winlogon Notify: yuudkaha - yuudkaha.dll (file missing)      
O20 - Winlogon Notify: yxpsmafm - yxpsmafm.dll (file missing)
O21 - SSODL: cussers - {ff170564-36c8-43f7-9100-559e166405cf} - (no file)

If you did not install the following items, have HJT remove them.

O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 125 total points
ID: 18015442

Super Codec as in the entry below is of smitfraud infection:
O2 - BHO: (no name) - {192c5b4a-3efd-40c7-9f99-c472deb8efc0} - C:\Program Files\Super Codec\isaddon.dll


I would suggest downloading and running smitfraudfix:
Before running option 2(the fix) it's a good idea to run and get the smitfraudfix option 1 log, Option one log will tell us if the scan found any rootkit drivers. Option 1 is run in normal mode.


Then run option 2 afterwards:(Option 2 is run in Safe Mode)
Please download SmitfraudFix:
http://siri.geekstogo.com/SmitfraudFix.php
Extract the content (a folder named SmitfraudFix) to your Desktop.
Next, please reboot your computer in Safe Mode by rebooting the computer,
and repeatedly tapping the F8 key as the pc starts. Choose "Safe Mode" from
the options listed.
 
Once in Safe Mode, open the SmitfraudFix folder again and double-click
smitfraudfix.cmd
 
Select option #2 - Clean by typing 2 and press "Enter" to delete infected
files.
 
You will be prompted : "Registry cleaning - Do you want to clean the
registry?" answer "Yes" by typing Y and press "Enter" in order to remove
the Desktop background and clean registry keys associated with the
infection.
 
The tool will now check if wininet.dll is infected. You may be prompted to
replace the infected file (if found); answer "Yes" by typing Y and press
"Enter".
 
The tool may need to restart your computer to finish the cleaning process;
if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt


Make sure to delete these files if still present:
C:\WINDOWS\SYSTEM32\amvjnpto.dll
C:\WINDOWS\SYSTEM32\dosrilqn.dll
C:\WINDOWS\SYSTEM32\dxkfmcgs.dll
C:\WINDOWS\SYSTEM32\ifawbwfd.dll
C:\WINDOWS\SYSTEM32\igohsshu.dll  
C:\WINDOWS\SYSTEM32\ilpduymh.dll
C:\WINDOWS\SYSTEM32\nabqahaj.dll
C:\WINDOWS\SYSTEM32\oofxvmkk.dll
C:\WINDOWS\SYSTEM32\rjpmnuly.dll
0
 
LVL 97

Expert Comment

by:war1
ID: 18046467
wskesler, any update?
0
 

Author Comment

by:wskesler
ID: 18050392
No update yet...I won't be able to see this PC again until this weekend or early next week.  I'll let you know then.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Author Comment

by:wskesler
ID: 18402120
Never heard back from the idiot...hope he's either in the dark or got ripped off by Geek Squad.  All advice here seemed logical, though.  I wanted to split the points between war1 and rpggamergirl but couldn't find out how to do it.  Where's the friggin' "split points" button?
0
 
LVL 97

Expert Comment

by:war1
ID: 18402146
Split points link is at the bottom of the page, before you accepted.  A Moderator or Page Editor will have to unaccept this question for you to split the points.
0
 

Author Comment

by:wskesler
ID: 18402202
I looked hard for the link before accepting, but couldn't find it.  In any event, Moderator or Page Editor...just split the points or whatever.  Also, please change the website so that it's easier (or possible) to split points.
0
 

Author Comment

by:wskesler
ID: 18408733
Done...THX to both of you.
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now