Thnall1Z.exe and excessive start-up programs

I have Norton, and it keeps showing a file called "Thnall1Z.exe", which I block. I followed all of the instructions, running CCleaner, Windows Malicious Software Removal Tool, Ad-Aware, SpyBot, Windows Defender, Bitdefender, and Panda Active Scan. After this, I still had the problem.

Also, I have a large number of start-up programs that I don't want and that result in a long time to boot up. I changed to selective start-up and that slved the problem, but I'd like to get rid of them completely. Can the ones I've identified as being not needed be simply deleted?

I hope I've done this correctly - I'm a rookie.

Thanks

 

Welcome to MajorGeeks.com!

Please see the below threads on how to install and run Spy Sweeper and Ewido Anti-Malware. After you ran both programs, attach the logs to your next post along with a fresh HJT log from normal mode.

• Running Spy Sweeper...
  
  
• Running Ewido Security Suite ...

 

Here are my new logs.

 

Download Pocket KillBox

• Save it to your desktop or a place easy to find.
• Do not run it yet

Please look in Add/Remove Programs for the following and uninstall them if found:

Ewido

Spy Sweeper

WildTangent

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = gnclarkson@rogers.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: Bait Barb Junk - {5B1E5AA5-3E7C-6C7B-106D-6584880AC9E8} - C:\PROGRA~1\MANAGE~1\Save platform.dll (file missing)

O4 - HKLM\..\Run: [ievtxyk] C:\WINDOWS\system32\yguwub.exe r
O4 - HKLM\..\Run: [utsicj] C:\WINDOWS\system32\gjqpltp.exe r
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [System Tray] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\F7Z9JT3D\screen_temp.pif
O4 - HKLM\..\Run: [rvzfie] C:\WINDOWS\system32\klkqhfw.exe r
O4 - HKLM\..\Run: [LoudFork] C:\PROGRA~1\bias up view\FordBeep.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\Owner\HXIUL.EXE
O4 - Global Startup: BSXX.EXE
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe

Again, make sure ALL browser windows are closed when you click FIX.

Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

C:\Program Files\TBONAS ← Delete this whole folder if it exist!

C:\Program Files\WildTangent ← Delete this whole folder if it exist!

Next, run CCleaner to clean up cookies and temp files.


Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Next, you will be entering items into Pocket KillBox. Please select the “Delete on Reboot” Option. Copy&Paste each of the file names listed below into the box one by one, making sure Delete on Reboot is Checked for each entry. Click the Red X for each entry, but DO NOT Allow your machine to be rebooted until the last item has been entered:

** Note: For any of the .dll files, check the Unregister .dll Before Deleting box as well. If this option is not enabled, don't worry about it.

• If you get an error message about Pending Operations, just reboot your computer manually.

After you complete the above, reboot and procede with the below steps...

Please see the below thread on how to run WinPfind and attach the log. Also attach a fresh HJT log.

• Running WinPfind by OldTimer

 

I've attached the two logs.

 

Please download HOSTER and then follow the below steps.

• Unzip HOSTER to a convenient folder such as C:\Hoster

• Run Hoster.exe, click Restore Original Hosts and then click OK.

• Click the X to exit the program.

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fix.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fix.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

C:\HOSTS

C:\WINDOWS\hofurersuq.exe

C:\WINDOWS\system32\qmlmiup.exe

Next, run CCleaner to clean up cookies and temp files.

After you complete the above, reboot back to normal mode and let me know how things are running.

 

Seems to be working fine now. The startup is still a little longer than I would like (about 3.5 minutes to load Norton), but I can live with that.

No more Thnall so far.

Thanks - that's amazing!

 

Glad things are running better!

You should see this article on How to Protect yourself from malware!

Surf Safely!