Porn emails sent from my computer

Discussion in 'Malware Help (A Specialist Will Reply)' started by wedge24, Mar 14, 2005.

  1. wedge24

    wedge24 Private E-2

    :mad:Norton Symantec email Proxy messages will randomly pop up on my screen and will state that the recepient of my message cannot accept my email. Now I am not sending any emails and I have no idea what program is sending these emails but ocassionally my computer will send what seems to be hundreds. My firewall is on, i have scanned for viruses with Norton and received nothing back ...An idea what may be doing this? I am afraid I may get in trouble for sending spam porn from my house...
     
    wedge24, Mar 14, 2005
    #1
  2. Anon-b946935a51

    Anon-b946935a51 Anonymized

    This happened to us because someone hijacked my husbands password and aol cut us off till we could change the password. At 4:00 am someone sent thousands of porn e-mails.
    Maybe you could just change your password.
     
    Anon-b946935a51, Mar 14, 2005
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    To help us to best help you, please follow the steps below closely and in the order given and do not skip anything. If you have any difficulty, please post back letting us know what steps you have completed, what you found while doing the scans if anything along with details about any problems you may have encountered in completing the steps. The more details you can provide the better. Don't be afraid to ask for additional help if you don't understand something!

    - Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus RemovalMake sure you check version numbers and get all updates.

    - Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


    After doing ALL of the above you still have a problem:

    - Download HijackThis 1.99.1

    - Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    - Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

    - Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    - Run HijackThis and save your log file.

    - Post your log as an ATTACHMENTto your next message. (Do NOT copy/paste the log into your post).
     
    chaslang, Mar 14, 2005
    #3
  4. wedge24

    wedge24 Private E-2

    I use hotmail now, I have no IM (AOL or MSN) and when i look at my outbox in my Hotmail account it shows nothing has been sent...I have left it open before to see if I souc see the mail being sent but I saw nothing....what really has me confused Is i have no idea where these emails are being sent from.....
     
    wedge24, Mar 14, 2005
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You need to follow the steps I gave to you below.
     
    chaslang, Mar 14, 2005
    #5
  6. wedge24

    wedge24 Private E-2

    Sorry I am running all this stuff now I was responding to the other person not knowing you had already responded....I will let you know how all this goes
     
    wedge24, Mar 14, 2005
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Make sure you let me know what type of problems (if any) are found, fixed, and not fixed during the process.
     
    chaslang, Mar 14, 2005
    #7
  8. wedge24

    wedge24 Private E-2

    I ran all through this entire process and did not run into anything. I have attached my log, let me know if you see anything...
     
    wedge24, Mar 14, 2005
    #8
  9. wedge24

    wedge24 Private E-2

    how do i send the txt log as an attachment?
     
    wedge24, Mar 14, 2005
    #9
  10. seaside

    seaside Corporal

    just run hijack this click scan with log and send the log do not change the name ie log 1 ok
     
    seaside, Mar 14, 2005
    #10
  11. wedge24

    wedge24 Private E-2

    I cannot manage attachements when in click on this nothing happens...is this how i am supposed to send the attachment?
     
    wedge24, Mar 14, 2005
    #11
  12. seaside

    seaside Corporal

    you will find the hijack on notepad ok press browse
     
    seaside, Mar 14, 2005
    #12
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes that is how you are supposed to do it. If it is not working for you, post your complete log inline (use copy and paste) and I will change it into an attachment for you. That way we can get started on this.
     
    chaslang, Mar 14, 2005
    #13
  14. wedge24

    wedge24 Private E-2

    Ok here you go...thanks for the help appreciated

    Edit by chaslang: Inline log attached
     

    Attached Files:

    Last edited by a moderator: Mar 14, 2005
    wedge24, Mar 14, 2005
    #14
  15. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Excuse me, but Holy Crap! Are you able to do anything on this PC at all!
    This will take a little while! Hang on and I'll get a fix to you soon!
     
    chaslang, Mar 14, 2005
    #15
  16. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You need to install HijackThis properly before we continue. You are running from the ZIP file which we requested that you not do. The below shows this:

    C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

    Also you did not exit browsers before running HJT. This is a must if you want to be able to fix problems. You had two browsers runnning:

    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    Can you tell me what the below program is:
    C:\PROGRA~1\SLIMSH~1\SlimShield.exe
     
    chaslang, Mar 14, 2005
    #16
  17. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You are going to have possibly a hundred or more trojan files to clean up in your C:\windows and C:\windows\system32 folders. Here are two of them that show in you log with many others:
    C:\WINDOWS\Jjb.exe
    C:\WINDOWS\system32\Idq.exe

    I will be posting a full cleanup procedure in the next message. In my experience with these little 3 character trojans, there are always a bunch more than the ones that actually show up in the HJT log.

    When you boot into safe mode below. You should have Windows Explorer sort the folders to show files by date and look for all the 3 character file names created on the same dates as the two above files and delete them,

    Please download: http://www.atribune.org/downloads/HSFix.zip
    Extract the tool from the ZIP File to a folder you can easily find (preferably in its own folder - like c:\HSFix).


    Then boot to Safe Mode open the HSFix Tool folder and DoubleClick hsfix.bat and let it run. It will produce a log here - C:\hslog.txt

    Reboot in normal mode and post the hslog.txt file here.
     
    Last edited: Mar 14, 2005
    chaslang, Mar 14, 2005
    #17
  18. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
    For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

    Please run HijackThis and click on the "Open the Misc Tools Section" button on the open page. Then select "Open process manager" on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click "Kill process". Then click yes.
    C:\WINDOWS\system32\open32.exe
    C:\WINDOWS\Jjb.exe
    C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe

    After killing all the above processes, click "Back".

    Then please click "Scan" and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINDOWS\System32\DSMANA~1.DLL
    O2 - BHO: (no name) - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\system32\snim.dll (file missing)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
    O4 - HKLM\..\Run: [Systems Restart] Rundll32.exe snim.dll, DllRegisterServer

    BE VERY CAREFUL NOW WITH SELECTING THE BELOW. THERE ARE SO MANY OF THESE YOU MUST MAKE SURE YOU ONLY SELECT WHAT I GIVE YOU. SOME GOOD STUFF IS INTERMIXED IN THE LOG YOU WILL BE VIEWING AND YOU DO NOT WANT TO REMOVE THE GOOD STUFF.

    O4 - HKLM\..\Run: [Shell] open32.exe
    O4 - HKLM\..\Run: [Tnc] C:\WINDOWS\Jjb.exe
    O4 - HKLM\..\Run: [Rem] C:\WINDOWS\system32\Idq.exe
    O4 - HKLM\..\Run: [Uhe] C:\WINDOWS\system32\Hqr.exe
    O4 - HKLM\..\Run: [Kkp] C:\WINDOWS\Tpt.exe
    O4 - HKLM\..\Run: [Aot] C:\WINDOWS\system32\Uun.exe
    O4 - HKLM\..\Run: [Unl] C:\WINDOWS\system32\Iab.exe
    O4 - HKLM\..\Run: [Crb] C:\WINDOWS\Hjd.exe
    O4 - HKLM\..\Run: [Shk] C:\WINDOWS\Kkt.exe
    O4 - HKLM\..\Run: [Knb] C:\WINDOWS\system32\Anf.exe
    O4 - HKLM\..\Run: [Lal] C:\WINDOWS\system32\Dol.exe
    O4 - HKLM\..\Run: [Rdn] C:\WINDOWS\system32\Nnd.exe
    O4 - HKLM\..\Run: [Lpi] C:\WINDOWS\Poa.exe
    O4 - HKLM\..\Run: [Jgc] C:\WINDOWS\system32\Qum.exe
    O4 - HKLM\..\Run: [Eiq] C:\WINDOWS\system32\Cht.exe
    O4 - HKLM\..\Run: [Jjn] C:\WINDOWS\Ibn.exe
    O4 - HKLM\..\Run: [Nhf] C:\WINDOWS\system32\Hlu.exe
    O4 - HKLM\..\Run: [Ekn] C:\WINDOWS\Aeg.exe
    O4 - HKLM\..\Run: [Mmt] C:\WINDOWS\Mnp.exe
    O4 - HKLM\..\Run: [Jet] C:\WINDOWS\Lfb.exe
    O4 - HKLM\..\Run: [Bgs] C:\WINDOWS\system32\Vei.exe
    O4 - HKLM\..\Run: [Bhh] C:\WINDOWS\system32\Fqf.exe
    O4 - HKLM\..\Run: [Beg] C:\WINDOWS\system32\Pfg.exe
    O4 - HKLM\..\Run: [Pev] C:\WINDOWS\system32\Fnj.exe
    O4 - HKLM\..\Run: [Hma] C:\WINDOWS\Dbc.exe
    O4 - HKLM\..\Run: [Sjf] C:\WINDOWS\Tae.exe
    O4 - HKLM\..\Run: [Cft] C:\WINDOWS\system32\Nro.exe
    O4 - HKLM\..\Run: [Htf] C:\WINDOWS\system32\Jis.exe
    O4 - HKLM\..\Run: [Ktr] C:\WINDOWS\Ulr.exe
    O4 - HKLM\..\Run: [Rqo] C:\WINDOWS\system32\Vid.exe
    O4 - HKLM\..\Run: [Dgc] C:\WINDOWS\system32\Vtt.exe
    O4 - HKLM\..\Run: [Fca] C:\WINDOWS\Vqe.exe
    O4 - HKLM\..\Run: [Mvt] C:\WINDOWS\system32\Fik.exe
    O4 - HKLM\..\Run: [Iki] C:\WINDOWS\system32\Bpp.exe
    O4 - HKLM\..\Run: [Mmm] C:\WINDOWS\Hra.exe
    O4 - HKLM\..\Run: [Fgi] C:\WINDOWS\Iiq.exe
    O4 - HKLM\..\Run: [Iuj] C:\WINDOWS\system32\Aaj.exe
    O4 - HKLM\..\Run: [Ohu] C:\WINDOWS\system32\Lut.exe
    O4 - HKLM\..\Run: [Peo] C:\WINDOWS\system32\Ocn.exe
    O4 - HKLM\..\Run: [Ami] C:\WINDOWS\Mrb.exe
    O4 - HKLM\..\Run: [Brn] C:\WINDOWS\Ods.exe
    O4 - HKLM\..\Run: [Ftd] C:\WINDOWS\system32\Jms.exe
    O4 - HKLM\..\Run: [Imm] C:\WINDOWS\system32\Mim.exe
    O4 - HKLM\..\Run: [Ukh] C:\WINDOWS\Unn.exe
    O4 - HKLM\..\Run: [Mdl] C:\WINDOWS\Gcn.exe
    O4 - HKLM\..\Run: [Vhq] C:\WINDOWS\Cdr.exe
    O4 - HKLM\..\Run: [Avl] C:\WINDOWS\system32\Pad.exe
    O4 - HKLM\..\Run: [Dul] C:\WINDOWS\Cue.exe
    O4 - HKLM\..\Run: [Ast] C:\WINDOWS\Vpo.exe
    O4 - HKLM\..\Run: [Rut] C:\WINDOWS\system32\Pja.exe
    O4 - HKLM\..\Run: [Lou] C:\WINDOWS\system32\Bmv.exe
    O4 - HKLM\..\Run: [Gjf] C:\WINDOWS\system32\Obn.exe
    O4 - HKLM\..\Run: [Skk] C:\WINDOWS\system32\Ngi.exe
    O4 - HKLM\..\Run: [Jde] C:\WINDOWS\Ink.exe
    O4 - HKLM\..\Run: [Dum] C:\WINDOWS\Fub.exe
    O4 - HKLM\..\Run: [Fhd] C:\WINDOWS\system32\Mrn.exe
    O4 - HKLM\..\Run: [Aae] C:\WINDOWS\system32\Kam.exe
    O4 - HKLM\..\Run: [Vef] C:\WINDOWS\system32\Orl.exe
    O4 - HKLM\..\Run: [Uuu] C:\WINDOWS\Fkb.exe
    O4 - HKLM\..\Run: [Ict] C:\WINDOWS\system32\Oga.exe
    O4 - HKLM\..\Run: [Qbk] C:\WINDOWS\Ckg.exe
    O4 - HKLM\..\Run: [Orh] C:\WINDOWS\Hgf.exe
    O4 - HKLM\..\Run: [Ail] C:\WINDOWS\system32\Akm.exe
    O4 - HKLM\..\Run: [Rle] C:\WINDOWS\Onf.exe
    O4 - HKLM\..\Run: [Fhb] C:\WINDOWS\Upk.exe
    O4 - HKLM\..\Run: [Bkm] C:\WINDOWS\system32\Lrp.exe
    O4 - HKLM\..\Run: [Mam] C:\WINDOWS\system32\Ncj.exe
    O4 - HKLM\..\Run: [Ulb] C:\WINDOWS\Fcq.exe
    O4 - HKLM\..\Run: [Era] C:\WINDOWS\Teg.exe
    O4 - HKLM\..\Run: [Qbv] C:\WINDOWS\system32\Ljs.exe
    O4 - HKLM\..\Run: [Huj] C:\WINDOWS\system32\Nll.exe
    O4 - HKLM\..\Run: [Bnm] C:\WINDOWS\system32\Frg.exe
    O4 - HKLM\..\Run: [Qeo] C:\WINDOWS\system32\Rgq.exe
    O4 - HKLM\..\Run: [Aag] C:\WINDOWS\Qgb.exe
    O4 - HKLM\..\Run: [Lnj] C:\WINDOWS\Uee.exe
    O4 - HKLM\..\Run: [Npm] C:\WINDOWS\system32\Giv.exe
    O4 - HKLM\..\Run: [Afg] C:\WINDOWS\system32\Jan.exe
    O4 - HKLM\..\Run: [Etq] C:\WINDOWS\Sgh.exe
    O4 - HKLM\..\Run: [Mka] C:\WINDOWS\system32\Cpm.exe
    O4 - HKLM\..\Run: [Qsi] C:\WINDOWS\system32\Gca.exe
    O4 - HKLM\..\Run: [Srl] C:\WINDOWS\system32\Ofa.exe
    O4 - HKLM\..\Run: [Pvb] C:\WINDOWS\Aqb.exe
    O4 - HKLM\..\Run: [Fbq] C:\WINDOWS\Aaq.exe
    O4 - HKLM\..\Run: [Vio] C:\WINDOWS\system32\Cgd.exe
    O4 - HKLM\..\Run: [Jlj] C:\WINDOWS\system32\Fbo.exe
    O4 - HKLM\..\Run: [Pmo] C:\WINDOWS\system32\Moq.exe
    O4 - HKLM\..\Run: [Oas] C:\WINDOWS\system32\Jfr.exe
    O4 - HKLM\..\Run: [Umv] C:\WINDOWS\system32\Coi.exe
    O4 - HKLM\..\Run: [Qtl] C:\WINDOWS\system32\Fco.exe
    O4 - HKLM\..\Run: [Apj] C:\WINDOWS\Sgf.exe
    O4 - HKLM\..\Run: [Ukb] C:\WINDOWS\system32\Qtd.exe
    O4 - HKLM\..\Run: [Khq] C:\WINDOWS\Dfv.exe
    O4 - HKLM\..\Run: [Gnk] C:\WINDOWS\system32\Oqq.exe
    O4 - HKLM\..\Run: [Uut] C:\WINDOWS\system32\Asb.exe
    O4 - HKLM\..\Run: [Lua] C:\WINDOWS\Iip.exe
    O4 - HKLM\..\Run: [Dvt] C:\WINDOWS\system32\Tjo.exe
    O4 - HKLM\..\Run: [Ifl] C:\WINDOWS\Evg.exe
    O4 - HKLM\..\Run: [Odt] C:\WINDOWS\system32\Kvt.exe
    O4 - HKLM\..\Run: [Uoh] C:\WINDOWS\system32\Eku.exe
    O4 - HKLM\..\Run: [Sia] C:\WINDOWS\system32\Slv.exe
    O4 - HKLM\..\Run: [Lhv] C:\WINDOWS\system32\Fsb.exe
    O4 - HKLM\..\Run: [Oom] C:\WINDOWS\Ehi.exe
    O4 - HKLM\..\Run: [Qpg] C:\WINDOWS\Olh.exe
    O4 - HKLM\..\Run: [Cke] C:\WINDOWS\system32\Rks.exe
    O4 - HKLM\..\Run: [Pem] C:\WINDOWS\system32\Kms.exe
    O4 - HKLM\..\Run: [Mod] C:\WINDOWS\system32\Jae.exe
    O4 - HKLM\..\Run: [Rgu] C:\WINDOWS\Lqh.exe
    O4 - HKLM\..\Run: [Lsf] C:\WINDOWS\system32\Rbb.exe
    O4 - HKLM\..\Run: [Igq] C:\WINDOWS\Qmf.exe
    O4 - HKLM\..\Run: [Guu] C:\WINDOWS\Ifd.exe
    O4 - HKLM\..\Run: [Apu] C:\WINDOWS\system32\Kqn.exe
    O4 - HKLM\..\Run: [Qij] C:\WINDOWS\Bcn.exe
    O4 - HKLM\..\Run: [Hfv] C:\WINDOWS\system32\Gsh.exe
    O4 - HKLM\..\Run: [Mav] C:\WINDOWS\Qim.exe
    O4 - HKLM\..\Run: [Igs] C:\WINDOWS\system32\Bmo.exe
    O4 - HKLM\..\Run: [Mir] C:\WINDOWS\system32\Hva.exe
    O4 - HKLM\..\Run: [Vkd] C:\WINDOWS\Bdv.exe
    O4 - HKLM\..\Run: [Ooe] C:\WINDOWS\system32\Mkm.exe
    O4 - HKLM\..\Run: [Acl] C:\WINDOWS\Hrj.exe
    O4 - HKLM\..\Run: [Dvg] C:\WINDOWS\system32\Jbf.exe
    O4 - HKLM\..\Run: [Oeg] C:\WINDOWS\system32\Npn.exe
    O4 - HKLM\..\Run: [Int] C:\WINDOWS\Loc.exe
    O4 - HKLM\..\Run: [Jgm] C:\WINDOWS\Aji.exe
    O4 - HKLM\..\Run: [Rls] C:\WINDOWS\system32\Mln.exe
    O4 - HKLM\..\Run: [Drr] C:\WINDOWS\system32\Cjq.exe
    O4 - HKLM\..\Run: [Ihp] C:\WINDOWS\system32\Rsu.exe
    O4 - HKLM\..\Run: [Ang] C:\WINDOWS\system32\Fsg.exe
    O4 - HKLM\..\Run: [Tmf] C:\WINDOWS\system32\Rtg.exe
    O4 - HKLM\..\Run: [Vrl] C:\WINDOWS\system32\Ddp.exe
    O4 - HKLM\..\Run: [Fje] C:\WINDOWS\Rdh.exe
    O4 - HKLM\..\Run: [Net] C:\WINDOWS\system32\Khs.exe
    O4 - HKLM\..\Run: [Cuk] C:\WINDOWS\Jek.exe
    O4 - HKLM\..\Run: [Ris] C:\WINDOWS\Qld.exe
    O4 - HKLM\..\Run: [Jbn] C:\WINDOWS\system32\Rgf.exe
    O4 - HKLM\..\Run: [Vti] C:\WINDOWS\Kjq.exe
    O4 - HKLM\..\Run: [Udo] C:\WINDOWS\system32\Tiv.exe
    O4 - HKLM\..\Run: [The] C:\WINDOWS\Ioa.exe
    O4 - HKLM\..\Run: [Lra] C:\WINDOWS\Srr.exe
    O4 - HKLM\..\Run: [Bbh] C:\WINDOWS\Slr.exe
    O4 - HKLM\..\Run: [Log] C:\WINDOWS\Aiu.exe
    O4 - HKLM\..\Run: [Mpq] C:\WINDOWS\Pei.exe
    O4 - HKLM\..\Run: [Igt] C:\WINDOWS\Jvd.exe
    O4 - HKLM\..\Run: [Dns] C:\WINDOWS\system32\Btq.exe
    O4 - HKLM\..\Run: [Uqp] C:\WINDOWS\system32\Pmf.exe
    O4 - HKLM\..\Run: [Jus] C:\WINDOWS\system32\Usi.exe
    O4 - HKLM\..\Run: [Qgd] C:\WINDOWS\Rjl.exe
    O4 - HKLM\..\Run: [Euh] C:\WINDOWS\system32\Lpu.exe
    O4 - HKLM\..\Run: [Dqc] C:\WINDOWS\system32\Hqg.exe
    O4 - HKLM\..\Run: [Haf] C:\WINDOWS\Bkd.exe
    O4 - HKLM\..\Run: [Fhp] C:\WINDOWS\system32\Cqu.exe
    O4 - HKLM\..\Run: [Bqh] C:\WINDOWS\Klf.exe
    O4 - HKLM\..\Run: [Ues] C:\WINDOWS\system32\Cqq.exe
    O4 - HKLM\..\Run: [Hpk] C:\WINDOWS\Hmj.exe
    O4 - HKLM\..\Run: [Cvg] C:\WINDOWS\Bog.exe
    O4 - HKLM\..\Run: [Bem] C:\WINDOWS\system32\Mni.exe
    O4 - HKLM\..\Run: [Lvs] C:\WINDOWS\Vof.exe
    O4 - HKLM\..\Run: [Tpk] C:\WINDOWS\system32\Bot.exe
    O4 - HKLM\..\Run: [Eoi] C:\WINDOWS\system32\Drf.exe
    O4 - HKLM\..\Run: [Tcb] C:\WINDOWS\system32\Gjm.exe
    O4 - HKLM\..\Run: [Idr] C:\WINDOWS\system32\Ncf.exe
    O4 - HKLM\..\Run: [Onn] C:\WINDOWS\Aar.exe
    O4 - HKLM\..\Run: [Jkc] C:\WINDOWS\system32\Sqt.exe
    O4 - HKLM\..\Run: [Ino] C:\WINDOWS\system32\Kkk.exe
    O4 - HKLM\..\Run: [Qmr] C:\WINDOWS\system32\Hjh.exe
    O4 - HKLM\..\Run: [Qgs] C:\WINDOWS\system32\Pgk.exe
    O4 - HKLM\..\Run: [Ovo] C:\WINDOWS\Doh.exe
    O4 - HKLM\..\Run: [Ugd] C:\WINDOWS\system32\Tcs.exe
    O4 - HKLM\..\Run: [Ann] C:\WINDOWS\Cvd.exe
    O4 - HKLM\..\Run: [Sub] C:\WINDOWS\Gkb.exe
    O4 - HKLM\..\Run: [Gpe] C:\WINDOWS\system32\Pta.exe
    O4 - HKLM\..\Run: [Kdj] C:\WINDOWS\Njk.exe
    O4 - HKLM\..\Run: [Snb] C:\WINDOWS\system32\Ipp.exe
    O4 - HKLM\..\Run: [Ncn] C:\WINDOWS\system32\Dog.exe
    O4 - HKLM\..\Run: [Jie] C:\WINDOWS\system32\Lsu.exe
    O4 - HKLM\..\Run: [Dhq] C:\WINDOWS\Mhq.exe
    O4 - HKLM\..\Run: [Otj] C:\WINDOWS\system32\Gnj.exe
    O4 - HKLM\..\Run: [Onr] C:\WINDOWS\system32\Lmc.exe
    O4 - HKLM\..\Run: [Cfr] C:\WINDOWS\Hjh.exe
    O4 - HKLM\..\Run: [Aft] C:\WINDOWS\system32\Ohe.exe
    O4 - HKLM\..\Run: [Bcq] C:\WINDOWS\system32\Tpd.exe
    O4 - HKLM\..\Run: [Vsm] C:\WINDOWS\system32\Dfi.exe
    O4 - HKLM\..\Run: [Ukt] C:\WINDOWS\Hde.exe
    O4 - HKLM\..\Run: [Rlb] C:\WINDOWS\Hra.exe
    O4 - HKLM\..\Run: [Cat] C:\WINDOWS\system32\Nsj.exe
    O4 - HKLM\..\Run: [Jqn] C:\WINDOWS\Ppf.exe
    O4 - HKLM\..\Run: [Ihe] C:\WINDOWS\Hfa.exe
    O4 - HKLM\..\Run: [Joh] C:\WINDOWS\Ito.exe
    O4 - HKLM\..\Run: [Umm] C:\WINDOWS\system32\Beo.exe
    O4 - HKLM\..\Run: [Dko] C:\WINDOWS\system32\Pni.exe
    O4 - HKLM\..\Run: [Mmp] C:\WINDOWS\system32\Bds.exe
    O4 - HKLM\..\Run: [Fps] C:\WINDOWS\system32\Ilb.exe
    O4 - HKLM\..\Run: [Tst] C:\WINDOWS\Nkv.exe
    O4 - HKLM\..\Run: [Jvi] C:\WINDOWS\system32\Sch.exe
    O4 - HKLM\..\Run: [Pth] C:\WINDOWS\system32\Lit.exe
    O4 - HKLM\..\Run: [Aqb] C:\WINDOWS\system32\Heu.exe
    O4 - HKCU\..\Run: [Tnc] C:\WINDOWS\Jjb.exe
    O4 - HKCU\..\Run: [Rem] C:\WINDOWS\system32\Idq.exe
    O4 - HKCU\..\Run: [Uhe] C:\WINDOWS\system32\Hqr.exe
    O4 - HKCU\..\Run: [Kkp] C:\WINDOWS\Tpt.exe
    O4 - HKCU\..\Run: [Aot] C:\WINDOWS\system32\Uun.exe
    O4 - HKCU\..\Run: [Unl] C:\WINDOWS\system32\Iab.exe
    O4 - HKCU\..\Run: [Crb] C:\WINDOWS\Hjd.exe
    O4 - HKCU\..\Run: [Shk] C:\WINDOWS\Kkt.exe
    O4 - HKCU\..\Run: [Knb] C:\WINDOWS\system32\Anf.exe
    O4 - HKCU\..\Run: [Lal] C:\WINDOWS\system32\Dol.exe
    O4 - HKCU\..\Run: [Rdn] C:\WINDOWS\system32\Nnd.exe
    O4 - HKCU\..\Run: [Lpi] C:\WINDOWS\Poa.exe
    O4 - HKCU\..\Run: [Jgc] C:\WINDOWS\system32\Qum.exe
    O4 - HKCU\..\Run: [Eiq] C:\WINDOWS\system32\Cht.exe
    O4 - HKCU\..\Run: [Jjn] C:\WINDOWS\Ibn.exe
    O4 - HKCU\..\Run: [Nhf] C:\WINDOWS\system32\Hlu.exe
    O4 - HKCU\..\Run: [Ekn] C:\WINDOWS\Aeg.exe
    O4 - HKCU\..\Run: [Mmt] C:\WINDOWS\Mnp.exe
    O4 - HKCU\..\Run: [Jet] C:\WINDOWS\Lfb.exe
    O4 - HKCU\..\Run: [Bgs] C:\WINDOWS\system32\Vei.exe
    O4 - HKCU\..\Run: [Bhh] C:\WINDOWS\system32\Fqf.exe
    O4 - HKCU\..\Run: [Beg] C:\WINDOWS\system32\Pfg.exe
    O4 - HKCU\..\Run: [Pev] C:\WINDOWS\system32\Fnj.exe
    O4 - HKCU\..\Run: [Hma] C:\WINDOWS\Dbc.exe
    O4 - HKCU\..\Run: [Sjf] C:\WINDOWS\Tae.exe
    O4 - HKCU\..\Run: [Cft] C:\WINDOWS\system32\Nro.exe
    O4 - HKCU\..\Run: [Htf] C:\WINDOWS\system32\Jis.exe
    O4 - HKCU\..\Run: [Ktr] C:\WINDOWS\Ulr.exe
    O4 - HKCU\..\Run: [Rqo] C:\WINDOWS\system32\Vid.exe
    O4 - HKCU\..\Run: [Dgc] C:\WINDOWS\system32\Vtt.exe
    O4 - HKCU\..\Run: [Fca] C:\WINDOWS\Vqe.exe
    O4 - HKCU\..\Run: [Mvt] C:\WINDOWS\system32\Fik.exe
    O4 - HKCU\..\Run: [Iki] C:\WINDOWS\system32\Bpp.exe
    O4 - HKCU\..\Run: [Mmm] C:\WINDOWS\Hra.exe
    O4 - HKCU\..\Run: [Fgi] C:\WINDOWS\Iiq.exe
    O4 - HKCU\..\Run: [Iuj] C:\WINDOWS\system32\Aaj.exe
    O4 - HKCU\..\Run: [Ohu] C:\WINDOWS\system32\Lut.exe
    O4 - HKCU\..\Run: [Peo] C:\WINDOWS\system32\Ocn.exe
    O4 - HKCU\..\Run: [Ami] C:\WINDOWS\Mrb.exe
    O4 - HKCU\..\Run: [Brn] C:\WINDOWS\Ods.exe
    O4 - HKCU\..\Run: [Ftd] C:\WINDOWS\system32\Jms.exe
    O4 - HKCU\..\Run: [Imm] C:\WINDOWS\system32\Mim.exe
    O4 - HKCU\..\Run: [Ukh] C:\WINDOWS\Unn.exe
    O4 - HKCU\..\Run: [Mdl] C:\WINDOWS\Gcn.exe
    O4 - HKCU\..\Run: [Vhq] C:\WINDOWS\Cdr.exe
    O4 - HKCU\..\Run: [Avl] C:\WINDOWS\system32\Pad.exe
    O4 - HKCU\..\Run: [Dul] C:\WINDOWS\Cue.exe
    O4 - HKCU\..\Run: [Ast] C:\WINDOWS\Vpo.exe
    O4 - HKCU\..\Run: [Rut] C:\WINDOWS\system32\Pja.exe
    O4 - HKCU\..\Run: [Lou] C:\WINDOWS\system32\Bmv.exe
    O4 - HKCU\..\Run: [Gjf] C:\WINDOWS\system32\Obn.exe
    O4 - HKCU\..\Run: [Skk] C:\WINDOWS\system32\Ngi.exe
    O4 - HKCU\..\Run: [Jde] C:\WINDOWS\Ink.exe
    O4 - HKCU\..\Run: [Dum] C:\WINDOWS\Fub.exe
    O4 - HKCU\..\Run: [Fhd] C:\WINDOWS\system32\Mrn.exe
    O4 - HKCU\..\Run: [Aae] C:\WINDOWS\system32\Kam.exe
    O4 - HKCU\..\Run: [Vef] C:\WINDOWS\system32\Orl.exe
    O4 - HKCU\..\Run: [Uuu] C:\WINDOWS\Fkb.exe
    O4 - HKCU\..\Run: [Ict] C:\WINDOWS\system32\Oga.exe
    O4 - HKCU\..\Run: [Qbk] C:\WINDOWS\Ckg.exe
    O4 - HKCU\..\Run: [Orh] C:\WINDOWS\Hgf.exe
    O4 - HKCU\..\Run: [Ail] C:\WINDOWS\system32\Akm.exe
    O4 - HKCU\..\Run: [Rle] C:\WINDOWS\Onf.exe
    O4 - HKCU\..\Run: [Fhb] C:\WINDOWS\Upk.exe
    O4 - HKCU\..\Run: [Bkm] C:\WINDOWS\system32\Lrp.exe
    O4 - HKCU\..\Run: [Mam] C:\WINDOWS\system32\Ncj.exe
    O4 - HKCU\..\Run: [Ulb] C:\WINDOWS\Fcq.exe
    O4 - HKCU\..\Run: [Era] C:\WINDOWS\Teg.exe
    O4 - HKCU\..\Run: [Qbv] C:\WINDOWS\system32\Ljs.exe
    O4 - HKCU\..\Run: [Huj] C:\WINDOWS\system32\Nll.exe
    O4 - HKCU\..\Run: [Bnm] C:\WINDOWS\system32\Frg.exe
    O4 - HKCU\..\Run: [Qeo] C:\WINDOWS\system32\Rgq.exe
    O4 - HKCU\..\Run: [Aag] C:\WINDOWS\Qgb.exe
    O4 - HKCU\..\Run: [Lnj] C:\WINDOWS\Uee.exe
    O4 - HKCU\..\Run: [Npm] C:\WINDOWS\system32\Giv.exe
    O4 - HKCU\..\Run: [Afg] C:\WINDOWS\system32\Jan.exe
    O4 - HKCU\..\Run: [Etq] C:\WINDOWS\Sgh.exe
    O4 - HKCU\..\Run: [Mka] C:\WINDOWS\system32\Cpm.exe
    O4 - HKCU\..\Run: [Qsi] C:\WINDOWS\system32\Gca.exe
    O4 - HKCU\..\Run: [Srl] C:\WINDOWS\system32\Ofa.exe
    O4 - HKCU\..\Run: [Pvb] C:\WINDOWS\Aqb.exe
    O4 - HKCU\..\Run: [Fbq] C:\WINDOWS\Aaq.exe
    O4 - HKCU\..\Run: [Vio] C:\WINDOWS\system32\Cgd.exe
    O4 - HKCU\..\Run: [Jlj] C:\WINDOWS\system32\Fbo.exe
    O4 - HKCU\..\Run: [Pmo] C:\WINDOWS\system32\Moq.exe
    O4 - HKCU\..\Run: [Oas] C:\WINDOWS\system32\Jfr.exe
    O4 - HKCU\..\Run: [Umv] C:\WINDOWS\system32\Coi.exe
    O4 - HKCU\..\Run: [Qtl] C:\WINDOWS\system32\Fco.exe
    O4 - HKCU\..\Run: [Apj] C:\WINDOWS\Sgf.exe
    O4 - HKCU\..\Run: [Ukb] C:\WINDOWS\system32\Qtd.exe
    O4 - HKCU\..\Run: [Khq] C:\WINDOWS\Dfv.exe
    O4 - HKCU\..\Run: [Gnk] C:\WINDOWS\system32\Oqq.exe
    O4 - HKCU\..\Run: [Uut] C:\WINDOWS\system32\Asb.exe
    O4 - HKCU\..\Run: [Lua] C:\WINDOWS\Iip.exe
    O4 - HKCU\..\Run: [Dvt] C:\WINDOWS\system32\Tjo.exe
    O4 - HKCU\..\Run: [Ifl] C:\WINDOWS\Evg.exe
    O4 - HKCU\..\Run: [Odt] C:\WINDOWS\system32\Kvt.exe
    O4 - HKCU\..\Run: [Uoh] C:\WINDOWS\system32\Eku.exe
    O4 - HKCU\..\Run: [Sia] C:\WINDOWS\system32\Slv.exe
    O4 - HKCU\..\Run: [Lhv] C:\WINDOWS\system32\Fsb.exe
    O4 - HKCU\..\Run: [Oom] C:\WINDOWS\Ehi.exe
    O4 - HKCU\..\Run: [Qpg] C:\WINDOWS\Olh.exe
    O4 - HKCU\..\Run: [Cke] C:\WINDOWS\system32\Rks.exe
    O4 - HKCU\..\Run: [Pem] C:\WINDOWS\system32\Kms.exe
    O4 - HKCU\..\Run: [Mod] C:\WINDOWS\system32\Jae.exe
    O4 - HKCU\..\Run: [Rgu] C:\WINDOWS\Lqh.exe
    O4 - HKCU\..\Run: [Lsf] C:\WINDOWS\system32\Rbb.exe
    O4 - HKCU\..\Run: [Igq] C:\WINDOWS\Qmf.exe
    O4 - HKCU\..\Run: [Guu] C:\WINDOWS\Ifd.exe
    O4 - HKCU\..\Run: [Apu] C:\WINDOWS\system32\Kqn.exe
    O4 - HKCU\..\Run: [Qij] C:\WINDOWS\Bcn.exe
    O4 - HKCU\..\Run: [Hfv] C:\WINDOWS\system32\Gsh.exe
    O4 - HKCU\..\Run: [Mav] C:\WINDOWS\Qim.exe
    O4 - HKCU\..\Run: [Igs] C:\WINDOWS\system32\Bmo.exe
    O4 - HKCU\..\Run: [Mir] C:\WINDOWS\system32\Hva.exe
    O4 - HKCU\..\Run: [Vkd] C:\WINDOWS\Bdv.exe
    O4 - HKCU\..\Run: [Ooe] C:\WINDOWS\system32\Mkm.exe
    O4 - HKCU\..\Run: [Acl] C:\WINDOWS\Hrj.exe
    O4 - HKCU\..\Run: [Dvg] C:\WINDOWS\system32\Jbf.exe
    O4 - HKCU\..\Run: [Oeg] C:\WINDOWS\system32\Npn.exe
    O4 - HKCU\..\Run: [Int] C:\WINDOWS\Loc.exe
    O4 - HKCU\..\Run: [Jgm] C:\WINDOWS\Aji.exe
    O4 - HKCU\..\Run: [Rls] C:\WINDOWS\system32\Mln.exe
    O4 - HKCU\..\Run: [Drr] C:\WINDOWS\system32\Cjq.exe
    O4 - HKCU\..\Run: [Ihp] C:\WINDOWS\system32\Rsu.exe
    O4 - HKCU\..\Run: [Ang] C:\WINDOWS\system32\Fsg.exe
    O4 - HKCU\..\Run: [Tmf] C:\WINDOWS\system32\Rtg.exe
    O4 - HKCU\..\Run: [Vrl] C:\WINDOWS\system32\Ddp.exe
    O4 - HKCU\..\Run: [Fje] C:\WINDOWS\Rdh.exe
    O4 - HKCU\..\Run: [Net] C:\WINDOWS\system32\Khs.exe
    O4 - HKCU\..\Run: [Cuk] C:\WINDOWS\Jek.exe
    O4 - HKCU\..\Run: [Ris] C:\WINDOWS\Qld.exe
    O4 - HKCU\..\Run: [Jbn] C:\WINDOWS\system32\Rgf.exe
    O4 - HKCU\..\Run: [Vti] C:\WINDOWS\Kjq.exe
    O4 - HKCU\..\Run: [Udo] C:\WINDOWS\system32\Tiv.exe
    O4 - HKCU\..\Run: [The] C:\WINDOWS\Ioa.exe
    O4 - HKCU\..\Run: [Lra] C:\WINDOWS\Srr.exe
    O4 - HKCU\..\Run: [Bbh] C:\WINDOWS\Slr.exe
    O4 - HKCU\..\Run: [Log] C:\WINDOWS\Aiu.exe
    O4 - HKCU\..\Run: [Mpq] C:\WINDOWS\Pei.exe
    O4 - HKCU\..\Run: [Igt] C:\WINDOWS\Jvd.exe
    O4 - HKCU\..\Run: [Dns] C:\WINDOWS\system32\Btq.exe
    O4 - HKCU\..\Run: [Uqp] C:\WINDOWS\system32\Pmf.exe
    O4 - HKCU\..\Run: [Jus] C:\WINDOWS\system32\Usi.exe
    O4 - HKCU\..\Run: [Qgd] C:\WINDOWS\Rjl.exe
    O4 - HKCU\..\Run: [Euh] C:\WINDOWS\system32\Lpu.exe
    O4 - HKCU\..\Run: [Dqc] C:\WINDOWS\system32\Hqg.exe
    O4 - HKCU\..\Run: [Haf] C:\WINDOWS\Bkd.exe
    O4 - HKCU\..\Run: [Fhp] C:\WINDOWS\system32\Cqu.exe
    O4 - HKCU\..\Run: [Bqh] C:\WINDOWS\Klf.exe
    O4 - HKCU\..\Run: [Ues] C:\WINDOWS\system32\Cqq.exe
    O4 - HKCU\..\Run: [Hpk] C:\WINDOWS\Hmj.exe
    O4 - HKCU\..\Run: [Cvg] C:\WINDOWS\Bog.exe
    O4 - HKCU\..\Run: [Bem] C:\WINDOWS\system32\Mni.exe
    O4 - HKCU\..\Run: [Lvs] C:\WINDOWS\Vof.exe
    O4 - HKCU\..\Run: [Tpk] C:\WINDOWS\system32\Bot.exe
    O4 - HKCU\..\Run: [Eoi] C:\WINDOWS\system32\Drf.exe
    O4 - HKCU\..\Run: [Tcb] C:\WINDOWS\system32\Gjm.exe
    O4 - HKCU\..\Run: [Idr] C:\WINDOWS\system32\Ncf.exe
    O4 - HKCU\..\Run: [Onn] C:\WINDOWS\Aar.exe
    O4 - HKCU\..\Run: [Jkc] C:\WINDOWS\system32\Sqt.exe
    O4 - HKCU\..\Run: [Ino] C:\WINDOWS\system32\Kkk.exe
    O4 - HKCU\..\Run: [Qmr] C:\WINDOWS\system32\Hjh.exe
    O4 - HKCU\..\Run: [Qgs] C:\WINDOWS\system32\Pgk.exe
    O4 - HKCU\..\Run: [Ovo] C:\WINDOWS\Doh.exe
    O4 - HKCU\..\Run: [Ugd] C:\WINDOWS\system32\Tcs.exe
    O4 - HKCU\..\Run: [Ann] C:\WINDOWS\Cvd.exe
    O4 - HKCU\..\Run: [Sub] C:\WINDOWS\Gkb.exe
    O4 - HKCU\..\Run: [Gpe] C:\WINDOWS\system32\Pta.exe
    O4 - HKCU\..\Run: [Kdj] C:\WINDOWS\Njk.exe
    O4 - HKCU\..\Run: [Snb] C:\WINDOWS\system32\Ipp.exe
    O4 - HKCU\..\Run: [Ncn] C:\WINDOWS\system32\Dog.exe
    O4 - HKCU\..\Run: [Jie] C:\WINDOWS\system32\Lsu.exe
    O4 - HKCU\..\Run: [Dhq] C:\WINDOWS\Mhq.exe
    O4 - HKCU\..\Run: [Otj] C:\WINDOWS\system32\Gnj.exe
    O4 - HKCU\..\Run: [Onr] C:\WINDOWS\system32\Lmc.exe
    O4 - HKCU\..\Run: [Cfr] C:\WINDOWS\Hjh.exe
    O4 - HKCU\..\Run: [Aft] C:\WINDOWS\system32\Ohe.exe
    O4 - HKCU\..\Run: [Bcq] C:\WINDOWS\system32\Tpd.exe
    O4 - HKCU\..\Run: [Vsm] C:\WINDOWS\system32\Dfi.exe
    O4 - HKCU\..\Run: [Ukt] C:\WINDOWS\Hde.exe
    O4 - HKCU\..\Run: [Rlb] C:\WINDOWS\Hra.exe
    O4 - HKCU\..\Run: [Cat] C:\WINDOWS\system32\Nsj.exe
    O4 - HKCU\..\Run: [Jqn] C:\WINDOWS\Ppf.exe
    O4 - HKCU\..\Run: [Ihe] C:\WINDOWS\Hfa.exe
    O4 - HKCU\..\Run: [Joh] C:\WINDOWS\Ito.exe
    O4 - HKCU\..\Run: [Umm] C:\WINDOWS\system32\Beo.exe
    O4 - HKCU\..\Run: [Dko] C:\WINDOWS\system32\Pni.exe
    O4 - HKCU\..\Run: [Mmp] C:\WINDOWS\system32\Bds.exe
    O4 - HKCU\..\Run: [Fps] C:\WINDOWS\system32\Ilb.exe
    O4 - HKCU\..\Run: [Tst] C:\WINDOWS\Nkv.exe
    O4 - HKCU\..\Run: [Jvi] C:\WINDOWS\system32\Sch.exe
    O4 - HKCU\..\Run: [Pth] C:\WINDOWS\system32\Lit.exe
    O4 - HKCU\..\Run: [Aqb] C:\WINDOWS\system32\Heu.exe
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Startup: winupdate67274781[1].exe
    O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
    O15 - Trusted Zone: *.blazefind.com
    O15 - Trusted Zone: *.clickspring.net
    O15 - Trusted Zone: *.flingstone.com
    O15 - Trusted Zone: *.horse-active.net
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.my-internet.info
    O15 - Trusted Zone: *.searchbarcash.com
    O15 - Trusted Zone: *.searchmiracle.com
    O15 - Trusted Zone: *.skoobidoo.com
    O15 - Trusted Zone: *.slotch.com
    O15 - Trusted Zone: *.slotchbar.com
    O15 - Trusted Zone: *.windupdates.com
    O15 - Trusted Zone: *.xxxtoolbar.com
    O15 - Trusted Zone: *.ysbweb.com
    O15 - Trusted Zone: *.blazefind.com (HKLM)
    O15 - Trusted Zone: *.clickspring.net (HKLM)
    O15 - Trusted Zone: *.flingstone.com (HKLM)
    O15 - Trusted Zone: *.horse-active.net (HKLM)
    O15 - Trusted Zone: *.mt-download.com (HKLM)
    O15 - Trusted Zone: *.my-internet.info (HKLM)
    O15 - Trusted Zone: *.searchbarcash.com (HKLM)
    O15 - Trusted Zone: *.searchmiracle.com (HKLM)
    O15 - Trusted Zone: *.skoobidoo.com (HKLM)
    O15 - Trusted Zone: *.slotch.com (HKLM)
    O15 - Trusted Zone: *.slotchbar.com (HKLM)
    O15 - Trusted Zone: *.windupdates.com (HKLM)
    O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
    O15 - Trusted Zone: *.ysbweb.com (HKLM)
    O15 - Trusted IP range: 64.62.171.156
    O15 - Trusted IP range: 64.62.171.156 (HKLM)
    O16 - DPF: {037790A6-1576-11D6-903D-00105AABADD3} (Seagull Web-to-Host Control Module v3) - https://bz1.matson.com/bluezone/sglw2hcm.ocx
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
    O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab
    O21 - SSODL: MSMserv - {ED2593C3-D799-47C1-A1D9-9320F85BCADD} - C:\WINDOWS\system32\regsclnt.dll
    O21 - SSODL: NTWSMON - {B20D0F02-59A9-437C-83C7-397C029B7188} - C:\WINDOWS\system32\sis7resp.dll

    After clicking Fix, exit HJT.

    Boot into safe mode and use Windows Explorer to delete:
    C:\WINDOWS\System32\DSMANA~1.DLL
    C:\Program Files\WildTangent <--- the whole folder
    NOW FOR EACH OF THE O4 items I had you fix in your HJT log above locate the files and delete them.

    Some of those 015 lines may come back. If they do, we will address that problem later.

    If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

    Now run Ccleaner (installed while running the READ ME FIRST).
    Now reboot in normal mode and post a new HJT log. And tell us how things are working.
     
    chaslang, Mar 15, 2005
    #18
  19. wedge24

    wedge24 Private E-2

    AT 22:25 you told me to fix some stuff and send you the hslog.txt, so i did that and i attached it...I also did what you told me to do at 23:00 last night and I have attached the log i ran after i deleted all of these files....my computer seems to be running at warp speed again...I will let you know if emails still send from my computer...I was also able to attach files to this message which i could not do last night...thanks for the help you kick A$$....I will keep you updated on how my computer runs......
     

    Attached Files:

    wedge24, Mar 15, 2005
    #19
  20. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You still have a bunch of problems showing in your log from that long list I gave you. Are you sure you did not miss any.

    Also you still are not running HijackThis properly. You are still running it directly from the ZIP file. You are not getting any backups this way. He you make a mistake while trying to repairs these problems and delete the wrong thing you are going to have big problems. Please follow the instructions given on where to put the HijackThis.exe program file.

    Also, the last log you posted was from safe mode. We need logs to always be from normal boot mode unless requested otherwise.

    You still have all the below baddies in your HJT log which need to be Fixed and the files delete (from safe mode) like the last time.

    O4 - HKLM\..\Run: [Fje] C:\WINDOWS\Stf.exe
    O4 - HKLM\..\Run: [Lcd] C:\WINDOWS\Qmj.exe
    O4 - HKLM\..\Run: [Gff] C:\WINDOWS\system32\Rqn.exe
    O4 - HKLM\..\Run: [Hqp] C:\WINDOWS\Rka.exe
    O4 - HKLM\..\Run: [Scd] C:\WINDOWS\Jdc.exe
    O4 - HKLM\..\Run: [Osn] C:\WINDOWS\Jvr.exe
    O4 - HKLM\..\Run: [Hml] C:\WINDOWS\Hik.exe
    O4 - HKLM\..\Run: [Vau] C:\WINDOWS\system32\Lvq.exe
    O4 - HKLM\..\Run: [Fna] C:\WINDOWS\Fjs.exe
    O4 - HKLM\..\Run: [Llc] C:\WINDOWS\system32\Vse.exe
    O4 - HKLM\..\Run: [Taj] C:\WINDOWS\system32\Bbg.exe
    O4 - HKLM\..\Run: [Vou] C:\WINDOWS\system32\Nnq.exe
    O4 - HKLM\..\Run: [Rto] C:\WINDOWS\system32\Cae.exe
    O4 - HKLM\..\Run: [Dir] C:\WINDOWS\system32\Cnt.exe
    O4 - HKLM\..\Run: [Bej] C:\WINDOWS\system32\Jbg.exe
    O4 - HKLM\..\Run: [Mni] C:\WINDOWS\system32\Dqu.exe
    O4 - HKLM\..\Run: [Qse] C:\WINDOWS\Dfv.exe
    O4 - HKLM\..\Run: [Gvu] C:\WINDOWS\system32\Qkr.exe
    O4 - HKLM\..\Run: [Emn] C:\WINDOWS\Mjn.exe
    O4 - HKLM\..\Run: [Sjn] C:\WINDOWS\system32\Ttg.exe
    O4 - HKLM\..\Run: [Kes] C:\WINDOWS\system32\Iuk.exe
    O4 - HKLM\..\Run: [Usq] C:\WINDOWS\system32\Qkg.exe
    O4 - HKLM\..\Run: [Sak] C:\WINDOWS\Ehh.exe
    O4 - HKLM\..\Run: [Iht] C:\WINDOWS\Iav.exe
    O4 - HKLM\..\Run: [Kfb] C:\WINDOWS\system32\Saf.exe
    O4 - HKLM\..\Run: [Tjp] C:\WINDOWS\Bgt.exe
    O4 - HKLM\..\Run: [Vbu] C:\WINDOWS\system32\Kfg.exe
    O4 - HKLM\..\Run: [Cpn] C:\WINDOWS\system32\Lqk.exe
    O4 - HKLM\..\Run: [Fbs] C:\WINDOWS\Vsd.exe
    O4 - HKLM\..\Run: [Dhr] C:\WINDOWS\Rrd.exe
    O4 - HKLM\..\Run: [Lgo] C:\WINDOWS\Ipm.exe
    O4 - HKLM\..\Run: [Ubf] C:\WINDOWS\system32\Src.exe
    O4 - HKLM\..\Run: [Ieo] C:\WINDOWS\Hhl.exe
    O4 - HKLM\..\Run: [Nal] C:\WINDOWS\system32\Ehe.exe
    O4 - HKLM\..\Run: [Tlk] C:\WINDOWS\Ekl.exe
    O4 - HKLM\..\Run: [Tpq] C:\WINDOWS\Poh.exe
    O4 - HKLM\..\Run: [Klr] C:\WINDOWS\system32\Lsg.exe
    O4 - HKLM\..\Run: [Hjm] C:\WINDOWS\Uaf.exe
    O4 - HKLM\..\Run: [Shf] C:\WINDOWS\system32\Pbj.exe
    O4 - HKLM\..\Run: [Gpr] C:\WINDOWS\Vcr.exe
    O4 - HKLM\..\Run: [Olh] C:\WINDOWS\system32\Smi.exe
    O4 - HKLM\..\Run: [Ovd] C:\WINDOWS\system32\Jin.exe
    O4 - HKLM\..\Run: [Cit] C:\WINDOWS\system32\Idi.exe
    O4 - HKLM\..\Run: [Huh] C:\WINDOWS\Bjg.exe
    O4 - HKCU\..\Run: [Fje] C:\WINDOWS\Stf.exe
    O4 - HKCU\..\Run: [Lcd] C:\WINDOWS\Qmj.exe
    O4 - HKCU\..\Run: [Gff] C:\WINDOWS\system32\Rqn.exe
    O4 - HKCU\..\Run: [Hqp] C:\WINDOWS\Rka.exe
    O4 - HKCU\..\Run: [Scd] C:\WINDOWS\Jdc.exe
    O4 - HKCU\..\Run: [Osn] C:\WINDOWS\Jvr.exe
    O4 - HKCU\..\Run: [Hml] C:\WINDOWS\Hik.exe
    O4 - HKCU\..\Run: [Vau] C:\WINDOWS\system32\Lvq.exe
    O4 - HKCU\..\Run: [Fna] C:\WINDOWS\Fjs.exe
    O4 - HKCU\..\Run: [Llc] C:\WINDOWS\system32\Vse.exe
    O4 - HKCU\..\Run: [Taj] C:\WINDOWS\system32\Bbg.exe
    O4 - HKCU\..\Run: [Vou] C:\WINDOWS\system32\Nnq.exe
    O4 - HKCU\..\Run: [Rto] C:\WINDOWS\system32\Cae.exe
    O4 - HKCU\..\Run: [Dir] C:\WINDOWS\system32\Cnt.exe
    O4 - HKCU\..\Run: [Bej] C:\WINDOWS\system32\Jbg.exe
    O4 - HKCU\..\Run: [Mni] C:\WINDOWS\system32\Dqu.exe
    O4 - HKCU\..\Run: [Qse] C:\WINDOWS\Dfv.exe
    O4 - HKCU\..\Run: [Gvu] C:\WINDOWS\system32\Qkr.exe
    O4 - HKCU\..\Run: [Emn] C:\WINDOWS\Mjn.exe
    O4 - HKCU\..\Run: [Sjn] C:\WINDOWS\system32\Ttg.exe
    O4 - HKCU\..\Run: [Kes] C:\WINDOWS\system32\Iuk.exe
    O4 - HKCU\..\Run: [Usq] C:\WINDOWS\system32\Qkg.exe
    O4 - HKCU\..\Run: [Sak] C:\WINDOWS\Ehh.exe
    O4 - HKCU\..\Run: [Iht] C:\WINDOWS\Iav.exe
    O4 - HKCU\..\Run: [Kfb] C:\WINDOWS\system32\Saf.exe
    O4 - HKCU\..\Run: [Tjp] C:\WINDOWS\Bgt.exe
    O4 - HKCU\..\Run: [Vbu] C:\WINDOWS\system32\Kfg.exe
    O4 - HKCU\..\Run: [Cpn] C:\WINDOWS\system32\Lqk.exe
    O4 - HKCU\..\Run: [Fbs] C:\WINDOWS\Vsd.exe
    O4 - HKCU\..\Run: [Dhr] C:\WINDOWS\Rrd.exe
    O4 - HKCU\..\Run: [Lgo] C:\WINDOWS\Ipm.exe
    O4 - HKCU\..\Run: [Ubf] C:\WINDOWS\system32\Src.exe
    O4 - HKCU\..\Run: [Ieo] C:\WINDOWS\Hhl.exe
    O4 - HKCU\..\Run: [Nal] C:\WINDOWS\system32\Ehe.exe
    O4 - HKCU\..\Run: [Tlk] C:\WINDOWS\Ekl.exe
    O4 - HKCU\..\Run: [Tpq] C:\WINDOWS\Poh.exe
    O4 - HKCU\..\Run: [Klr] C:\WINDOWS\system32\Lsg.exe
    O4 - HKCU\..\Run: [Hjm] C:\WINDOWS\Uaf.exe
    O4 - HKCU\..\Run: [Shf] C:\WINDOWS\system32\Pbj.exe
    O4 - HKCU\..\Run: [Gpr] C:\WINDOWS\Vcr.exe
    O4 - HKCU\..\Run: [Olh] C:\WINDOWS\system32\Smi.exe
    O4 - HKCU\..\Run: [Ovd] C:\WINDOWS\system32\Jin.exe
    O4 - HKCU\..\Run: [Cit] C:\WINDOWS\system32\Idi.exe
    O4 - HKCU\..\Run: [Huh] C:\WINDOWS\Bjg.exe

    After fixing all of those files and the HJT entries, reboot into normal mode and post a new HJT log.
     
    chaslang, Mar 15, 2005
    #20
  21. wedge24

    wedge24 Private E-2

    I have downloaded the hijackthis.zip and it is now saved in a folder on my desktop, in the folder there is a hijackthis.exe in this folder...does this mean it has been correctly unziped?
     
    wedge24, Mar 15, 2005
    #21
  22. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No! It is unzipped but you must not run it from that folder (see my first message).
    Create a folder named HJT in your existing C:\Program Files folder. Thus you would have:
    C:\Program Files\HJT and put hijackthis.exe in this folder. That is where you want to run it from so that it properly and safely creates backups.
     
    chaslang, Mar 15, 2005
    #22
  23. wedge24

    wedge24 Private E-2

    I thought I got all the baddies last time, i could just be a moron though...here is the most recent HJT log, let me know what you think, Not a single porn email has been sent through my computer today, so that is a a bonus already....
     

    Attached Files:

    wedge24, Mar 15, 2005
    #23
  24. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    That looks better. But one item still concerns me. I ask about this much earlier.

    Do you know what the below is:

    O4 - HKCU\..\Run: [SlimShield] C:\PROGRA~1\SLIMSH~1\SlimShield.exe

    I think it may be related to the problem!
     
    chaslang, Mar 15, 2005
    #24
  25. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You need to get back to me on the Slimshield.exe file. I really think that it is trouble and could respawn all the bad files again.
     
    chaslang, Mar 15, 2005
    #25
  26. wedge24

    wedge24 Private E-2

    Ok, slim shield is supposed to be a spyware remover, i just got rid of it, wierd thing about it, it will randomly pop up on the screen as an internet explorer window, which is odd because i actually use firefox...I got rid of this application by removing the program and fixing it on hijack this, do you want me to do another system scan and resend it to you?
     
    wedge24, Mar 15, 2005
    #26
  27. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No that should do it. I probably would have been a good idea to look in Add/Remove programs first for an uninstall to Slimshield.
     
    chaslang, Mar 15, 2005
    #27

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds