Re: another "warning you are in danger" wallpaper

My wallpaper was changed to Danger:spyware and a link to a website. when i right click nothing comes up. and when i go to display and try to change my desktop everything is locked. and there are no webpages under custimize desktop. here is my log file:
Logfile of HijackThis v1.99.1
Scan saved at 11:38:46 PM, on 3/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Edit by chaslang: Unrequested inline log removed. Please follow forum guidelines!

 

PUMKIN81,

Please follow forum guidelines. I will have this log removed and your post moved into your own thread so we can concentrate on your issue without confusion.

Please go ahead and follow every step in this thread.

READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

Also please do the following before posting a new HJT log.

Please download HOSTER and then follow the below steps.

• Unzip Hoster to a convenient folder such as C:\Hoster

• Run Hoster.exe, click Restore Original Hosts and then click OK.
• Click the X to exit the program.

After doing ALL of the above, attach a fresh HJT log if your thread!

 

Thanks Chas!

 

PUMKIN81,

Now that we have you into your own thread go ahead and follow my instructions in Post #2.

Complete ALL steps before posting a new HJT. Also from now on post in this thread only to avoid any further confusion.

Good Luck!

 

I did everything that you told me to do and it is still there here is my hack log:

Edit by chaslang: Inline log attached.

 

sorry i will do that next time.i know this is off topic butim used to the replies going on the bottom not the top of the thread.

 

should i run hijack this again. i have comcast doese that mean anything?

 

I have the folder and i ran it again with my browsers closed. here it is:

 

how do i stop those things from running?

 

You also did NOT run HOSTER as I requested. Please do this before attaching a new HJT log.

Please download HOSTER and then follow the below steps.

• Unzip Hoster to a convenient folder such as C:\Hoster

• Run Hoster.exe, click Restore Original Hosts and then click OK.
• Click the X to exit the program.

 

just ran hoster here is the log:

 

Give me some time to post you a fix as you have many baddies!

 

Ok thank you.

 

Please look in Add or Remove Programs for the following and Uninstall them if found:

Media Access


Please print out these instructions so that you can operate with All Browser Windows CLOSED.

Please make sure System Restore is OFF and the Viewing of Hidden Files & Folders is Enabled as per the tutorial.



Now, look in Task Manager (Ctrl-Alt-Del) for the following running process and, if you see it, try to END it:

Oet.exe

Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Coi] C:\WINDOWS\Oet.exe
O4 - HKLM\..\Run: [Fli] C:\WINDOWS\Aho.exe
O4 - HKLM\..\Run: [Hok] C:\WINDOWS\System32\Tkt.exe
O4 - HKLM\..\Run: [Gpe] C:\WINDOWS\Kbv.exe
O4 - HKLM\..\Run: [Hnl] C:\WINDOWS\Thv.exe
O4 - HKLM\..\Run: [Kuf] C:\WINDOWS\System32\Avh.exe
O4 - HKLM\..\Run: [Bjh] C:\WINDOWS\Jdr.exe
O4 - HKLM\..\Run: [Sdf] C:\WINDOWS\System32\Hbi.exe
O4 - HKLM\..\Run: [Eej] C:\WINDOWS\System32\Kha.exe
O4 - HKLM\..\Run: [Ngj] C:\WINDOWS\System32\Hpr.exe
O4 - HKLM\..\Run: [Crn] C:\WINDOWS\Prf.exe
O4 - HKLM\..\Run: [Vln] C:\WINDOWS\Dfc.exe
O4 - HKLM\..\Run: [Mgd] C:\WINDOWS\Pno.exe
O4 - HKLM\..\Run: [Kbf] C:\WINDOWS\Nci.exe
O4 - HKLM\..\Run: [Mfl] C:\WINDOWS\Njg.exe
O4 - HKLM\..\Run: [Ehd] C:\WINDOWS\System32\Vhd.exe
O4 - HKLM\..\Run: [Ogo] C:\WINDOWS\Vto.exe
O4 - HKLM\..\Run: [Nqu] C:\WINDOWS\System32\Qtp.exe
O4 - HKLM\..\Run: [Efo] C:\WINDOWS\Kve.exe
O4 - HKLM\..\Run: [Qsp] C:\WINDOWS\Ofb.exe
O4 - HKLM\..\Run: [Hgu] C:\WINDOWS\Qfr.exe
O4 - HKLM\..\Run: [Vun] C:\WINDOWS\Itp.exe
O4 - HKLM\..\Run: [Cad] C:\WINDOWS\Iho.exe
O4 - HKLM\..\Run: [Aaj] C:\WINDOWS\Eom.exe
O4 - HKLM\..\Run: [Bbm] C:\WINDOWS\System32\Rkv.exe
O4 - HKLM\..\Run: [Opv] C:\WINDOWS\System32\Gvi.exe
O4 - HKLM\..\Run: [Boe] C:\WINDOWS\Aic.exe
O4 - HKLM\..\Run: [Jlk] C:\WINDOWS\Rqd.exe
O4 - HKLM\..\Run: [Ugf] C:\WINDOWS\Kkn.exe
O4 - HKLM\..\Run: [Pdc] C:\WINDOWS\System32\Hoc.exe
O4 - HKLM\..\Run: [Dlh] C:\WINDOWS\System32\Khb.exe
O4 - HKLM\..\Run: [Dtt] C:\WINDOWS\System32\Aph.exe
O4 - HKLM\..\Run: [Ctd] C:\WINDOWS\System32\Dgn.exe
O4 - HKLM\..\Run: [Bai] C:\WINDOWS\System32\Lph.exe
O4 - HKLM\..\Run: [Jef] C:\WINDOWS\Mnc.exe
O4 - HKLM\..\Run: [Aql] C:\WINDOWS\System32\Skh.exe
O4 - HKLM\..\Run: [Utn] C:\WINDOWS\Fhs.exe
O4 - HKLM\..\Run: [Eln] C:\WINDOWS\Rsr.exe
O4 - HKLM\..\Run: [Gro] C:\WINDOWS\Piq.exe
O4 - HKLM\..\Run: [Mnt] C:\WINDOWS\System32\Urk.exe
O4 - HKLM\..\Run: [Hio] C:\WINDOWS\System32\Sqi.exe
O4 - HKLM\..\Run: [Pos] C:\WINDOWS\Iai.exe
O4 - HKLM\..\Run: [Tqb] C:\WINDOWS\Hbr.exe
O4 - HKLM\..\Run: [Drn] C:\WINDOWS\System32\Fmg.exe
O4 - HKLM\..\Run: [Kfn] C:\WINDOWS\Eif.exe
O4 - HKLM\..\Run: [Snn] C:\WINDOWS\System32\Reg.exe
O4 - HKLM\..\Run: [Dqp] C:\WINDOWS\System32\Ovh.exe
O4 - HKLM\..\Run: [Ufa] C:\WINDOWS\Fcr.exe
O4 - HKLM\..\Run: [Roi] C:\WINDOWS\Fpf.exe
O4 - HKLM\..\Run: [Uql] C:\WINDOWS\Skm.exe
O4 - HKLM\..\Run: [Gel] C:\WINDOWS\Tag.exe
O4 - HKLM\..\Run: [Tps] C:\WINDOWS\Qnq.exe
O4 - HKLM\..\Run: [Eiu] C:\WINDOWS\Vbp.exe
O4 - HKLM\..\Run: [Rau] C:\WINDOWS\System32\Cef.exe
O4 - HKLM\..\Run: [Rgj] C:\WINDOWS\Oas.exe
O4 - HKLM\..\Run: [Cmq] C:\WINDOWS\Opt.exe
O4 - HKLM\..\Run: [Tdq] C:\WINDOWS\Ruf.exe
O4 - HKLM\..\Run: [Djg] C:\WINDOWS\Edt.exe
O4 - HKLM\..\Run: [Pch] C:\WINDOWS\Ubt.exe
O4 - HKLM\..\Run: [Iuj] C:\WINDOWS\System32\Rgd.exe
O4 - HKLM\..\Run: [Ksd] C:\WINDOWS\System32\Ibh.exe
O4 - HKLM\..\Run: [Svg] C:\WINDOWS\Qia.exe
O4 - HKLM\..\Run: [Nlp] C:\WINDOWS\System32\Trg.exe
O4 - HKLM\..\Run: [Ihq] C:\WINDOWS\Aas.exe
O4 - HKLM\..\Run: [Mas] C:\WINDOWS\Ltr.exe
O4 - HKLM\..\Run: [Umm] C:\WINDOWS\System32\Vpe.exe
O4 - HKLM\..\Run: [Ahu] C:\WINDOWS\System32\Lkg.exe
O4 - HKLM\..\Run: [Eps] C:\WINDOWS\System32\Vgq.exe
O4 - HKLM\..\Run: [Moi] C:\WINDOWS\Hjj.exe
O4 - HKLM\..\Run: [Raj] C:\WINDOWS\Llt.exe
O4 - HKLM\..\Run: [Kgt] C:\WINDOWS\System32\Dgm.exe
O4 - HKLM\..\Run: [Toq] C:\WINDOWS\Qak.exe
O4 - HKLM\..\Run: [Luf] C:\WINDOWS\System32\Hid.exe
O4 - HKLM\..\Run: [Pst] C:\WINDOWS\System32\Ogo.exe
O4 - HKLM\..\Run: [Ppf] C:\WINDOWS\System32\Kii.exe
O4 - HKLM\..\Run: [Ees] C:\WINDOWS\Kaf.exe
O4 - HKLM\..\Run: [Pqj] C:\WINDOWS\Ivc.exe
O4 - HKLM\..\Run: [Sok] C:\WINDOWS\Nld.exe
O4 - HKLM\..\Run: [Lji] C:\WINDOWS\Ahr.exe
O4 - HKLM\..\Run: [Rpt] C:\WINDOWS\Gik.exe
O4 - HKLM\..\Run: [Qcf] C:\WINDOWS\Kht.exe
O4 - HKLM\..\Run: [Pbk] C:\WINDOWS\System32\Chu.exe
O4 - HKLM\..\Run: [Cct] C:\WINDOWS\System32\Vci.exe
O4 - HKLM\..\Run: [Nom] C:\WINDOWS\System32\Vll.exe
O4 - HKLM\..\Run: [Vfd] C:\WINDOWS\System32\Amd.exe
O4 - HKLM\..\Run: [Jqn] C:\WINDOWS\System32\Ndh.exe
O4 - HKLM\..\Run: [Vkl] C:\WINDOWS\Elv.exe
O4 - HKLM\..\Run: [Mqd] C:\WINDOWS\System32\Qhk.exe
O4 - HKLM\..\Run: [Uek] C:\WINDOWS\Tum.exe
O4 - HKLM\..\Run: [Bnc] C:\WINDOWS\Tkp.exe
O4 - HKLM\..\Run: [Tnj] C:\WINDOWS\Tqg.exe
O4 - HKLM\..\Run: [Ckp] C:\WINDOWS\Ruc.exe
O4 - HKLM\..\Run: [Ruc] C:\WINDOWS\Sao.exe
O4 - HKCU\..\Run: [Coi] C:\WINDOWS\Oet.exe
O4 - HKCU\..\Run: [Fli] C:\WINDOWS\Aho.exe
O4 - HKCU\..\Run: [Hok] C:\WINDOWS\System32\Tkt.exe
O4 - HKCU\..\Run: [Gpe] C:\WINDOWS\Kbv.exe
O4 - HKCU\..\Run: [Hnl] C:\WINDOWS\Thv.exe
O4 - HKCU\..\Run: [Kuf] C:\WINDOWS\System32\Avh.exe
O4 - HKCU\..\Run: [Bjh] C:\WINDOWS\Jdr.exe
O4 - HKCU\..\Run: [Sdf] C:\WINDOWS\System32\Hbi.exe
O4 - HKCU\..\Run: [Eej] C:\WINDOWS\System32\Kha.exe
O4 - HKCU\..\Run: [Ngj] C:\WINDOWS\System32\Hpr.exe
O4 - HKCU\..\Run: [Crn] C:\WINDOWS\Prf.exe
O4 - HKCU\..\Run: [Vln] C:\WINDOWS\Dfc.exe
O4 - HKCU\..\Run: [Mgd] C:\WINDOWS\Pno.exe
O4 - HKCU\..\Run: [Kbf] C:\WINDOWS\Nci.exe
O4 - HKCU\..\Run: [Mfl] C:\WINDOWS\Njg.exe
O4 - HKCU\..\Run: [Ehd] C:\WINDOWS\System32\Vhd.exe
O4 - HKCU\..\Run: [Ogo] C:\WINDOWS\Vto.exe
O4 - HKCU\..\Run: [Nqu] C:\WINDOWS\System32\Qtp.exe
O4 - HKCU\..\Run: [Efo] C:\WINDOWS\Kve.exe
O4 - HKCU\..\Run: [Qsp] C:\WINDOWS\Ofb.exe
O4 - HKCU\..\Run: [Hgu] C:\WINDOWS\Qfr.exe
O4 - HKCU\..\Run: [Vun] C:\WINDOWS\Itp.exe
O4 - HKCU\..\Run: [Cad] C:\WINDOWS\Iho.exe
O4 - HKCU\..\Run: [Aaj] C:\WINDOWS\Eom.exe
O4 - HKCU\..\Run: [Bbm] C:\WINDOWS\System32\Rkv.exe
O4 - HKCU\..\Run: [Opv] C:\WINDOWS\System32\Gvi.exe
O4 - HKCU\..\Run: [Boe] C:\WINDOWS\Aic.exe
O4 - HKCU\..\Run: [Jlk] C:\WINDOWS\Rqd.exe
O4 - HKCU\..\Run: [Ugf] C:\WINDOWS\Kkn.exe
O4 - HKCU\..\Run: [Pdc] C:\WINDOWS\System32\Hoc.exe
O4 - HKCU\..\Run: [Dlh] C:\WINDOWS\System32\Khb.exe
O4 - HKCU\..\Run: [Dtt] C:\WINDOWS\System32\Aph.exe
O4 - HKCU\..\Run: [Ctd] C:\WINDOWS\System32\Dgn.exe
O4 - HKCU\..\Run: [Bai] C:\WINDOWS\System32\Lph.exe
O4 - HKCU\..\Run: [Jef] C:\WINDOWS\Mnc.exe
O4 - HKCU\..\Run: [Aql] C:\WINDOWS\System32\Skh.exe
O4 - HKCU\..\Run: [Utn] C:\WINDOWS\Fhs.exe
O4 - HKCU\..\Run: [Eln] C:\WINDOWS\Rsr.exe
O4 - HKCU\..\Run: [Gro] C:\WINDOWS\Piq.exe
O4 - HKCU\..\Run: [Mnt] C:\WINDOWS\System32\Urk.exe
O4 - HKCU\..\Run: [Hio] C:\WINDOWS\System32\Sqi.exe
O4 - HKCU\..\Run: [Pos] C:\WINDOWS\Iai.exe
O4 - HKCU\..\Run: [Tqb] C:\WINDOWS\Hbr.exe
O4 - HKCU\..\Run: [Drn] C:\WINDOWS\System32\Fmg.exe
O4 - HKCU\..\Run: [Kfn] C:\WINDOWS\Eif.exe
O4 - HKCU\..\Run: [Snn] C:\WINDOWS\System32\Reg.exe
O4 - HKCU\..\Run: [Dqp] C:\WINDOWS\System32\Ovh.exe
O4 - HKCU\..\Run: [Ufa] C:\WINDOWS\Fcr.exe
O4 - HKCU\..\Run: [Roi] C:\WINDOWS\Fpf.exe
O4 - HKCU\..\Run: [Uql] C:\WINDOWS\Skm.exe
O4 - HKCU\..\Run: [Gel] C:\WINDOWS\Tag.exe
O4 - HKCU\..\Run: [Tps] C:\WINDOWS\Qnq.exe
O4 - HKCU\..\Run: [Eiu] C:\WINDOWS\Vbp.exe
O4 - HKCU\..\Run: [Rau] C:\WINDOWS\System32\Cef.exe
O4 - HKCU\..\Run: [Rgj] C:\WINDOWS\Oas.exe
O4 - HKCU\..\Run: [Cmq] C:\WINDOWS\Opt.exe
O4 - HKCU\..\Run: [Tdq] C:\WINDOWS\Ruf.exe
O4 - HKCU\..\Run: [Djg] C:\WINDOWS\Edt.exe
O4 - HKCU\..\Run: [Pch] C:\WINDOWS\Ubt.exe
O4 - HKCU\..\Run: [Iuj] C:\WINDOWS\System32\Rgd.exe
O4 - HKCU\..\Run: [Ksd] C:\WINDOWS\System32\Ibh.exe
O4 - HKCU\..\Run: [Svg] C:\WINDOWS\Qia.exe
O4 - HKCU\..\Run: [Nlp] C:\WINDOWS\System32\Trg.exe
O4 - HKCU\..\Run: [Ihq] C:\WINDOWS\Aas.exe
O4 - HKCU\..\Run: [Mas] C:\WINDOWS\Ltr.exe
O4 - HKCU\..\Run: [Umm] C:\WINDOWS\System32\Vpe.exe
O4 - HKCU\..\Run: [Ahu] C:\WINDOWS\System32\Lkg.exe
O4 - HKCU\..\Run: [Eps] C:\WINDOWS\System32\Vgq.exe
O4 - HKCU\..\Run: [Moi] C:\WINDOWS\Hjj.exe
O4 - HKCU\..\Run: [Raj] C:\WINDOWS\Llt.exe
O4 - HKCU\..\Run: [Kgt] C:\WINDOWS\System32\Dgm.exe
O4 - HKCU\..\Run: [Toq] C:\WINDOWS\Qak.exe
O4 - HKCU\..\Run: [Luf] C:\WINDOWS\System32\Hid.exe
O4 - HKCU\..\Run: [Pst] C:\WINDOWS\System32\Ogo.exe
O4 - HKCU\..\Run: [Ppf] C:\WINDOWS\System32\Kii.exe
O4 - HKCU\..\Run: [Ees] C:\WINDOWS\Kaf.exe
O4 - HKCU\..\Run: [Pqj] C:\WINDOWS\Ivc.exe
O4 - HKCU\..\Run: [Sok] C:\WINDOWS\Nld.exe
O4 - HKCU\..\Run: [Lji] C:\WINDOWS\Ahr.exe
O4 - HKCU\..\Run: [Rpt] C:\WINDOWS\Gik.exe
O4 - HKCU\..\Run: [Qcf] C:\WINDOWS\Kht.exe
O4 - HKCU\..\Run: [Pbk] C:\WINDOWS\System32\Chu.exe
O4 - HKCU\..\Run: [Cct] C:\WINDOWS\System32\Vci.exe
O4 - HKCU\..\Run: [Nom] C:\WINDOWS\System32\Vll.exe
O4 - HKCU\..\Run: [Vfd] C:\WINDOWS\System32\Amd.exe
O4 - HKCU\..\Run: [Jqn] C:\WINDOWS\System32\Ndh.exe
O4 - HKCU\..\Run: [Vkl] C:\WINDOWS\Elv.exe
O4 - HKCU\..\Run: [Mqd] C:\WINDOWS\System32\Qhk.exe
O4 - HKCU\..\Run: [Uek] C:\WINDOWS\Tum.exe
O4 - HKCU\..\Run: [Bnc] C:\WINDOWS\Tkp.exe
O4 - HKCU\..\Run: [Tnj] C:\WINDOWS\Tqg.exe
O4 - HKCU\..\Run: [Ckp] C:\WINDOWS\Ruc.exe
O4 - HKCU\..\Run: [Ruc] C:\WINDOWS\Sao.exe

O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 213.159.117.202
O15 - Trusted IP range: 213.159.117.202 (HKLM)

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c282.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled and navigate to and DELETE the following if they should remain:

C:\Program Files\Media Access ←–– Delete this whole folder if it exist!

C:\WINDOWS\Oet.exe
C:\WINDOWS\Aho.exe
C:\WINDOWS\Kbv.exe
C:\WINDOWS\Thv.exe
C:\WINDOWS\Jdr.exe
C:\WINDOWS\Prf.exe
C:\WINDOWS\Dfc.exe
C:\WINDOWS\Pno.exe
C:\WINDOWS\Nci.exe
C:\WINDOWS\Njg.exe
C:\WINDOWS\Vto.exe
C:\WINDOWS\Kve.exe
C:\WINDOWS\Ofb.exe
C:\WINDOWS\Qfr.exe
C:\WINDOWS\Itp.exe
C:\WINDOWS\Iho.exe
C:\WINDOWS\Eom.exe
C:\WINDOWS\Aic.exe
C:\WINDOWS\Rqd.exe
C:\WINDOWS\Kkn.exe
C:\WINDOWS\Mnc.exe
C:\WINDOWS\Fhs.exe
C:\WINDOWS\Rsr.exe
C:\WINDOWS\Piq.exe
C:\WINDOWS\Iai.exe
C:\WINDOWS\Hbr.exe
C:\WINDOWS\Eif.exe
C:\WINDOWS\Fcr.exe
C:\WINDOWS\Fpf.exe
C:\WINDOWS\Skm.exe
C:\WINDOWS\Tag.exe
C:\WINDOWS\Qnq.exe
C:\WINDOWS\Vbp.exe
C:\WINDOWS\Oas.exe
C:\WINDOWS\Opt.exe
C:\WINDOWS\Ruf.exe
C:\WINDOWS\Edt.exe
C:\WINDOWS\Ubt.exe
C:\WINDOWS\Qia.exe
C:\WINDOWS\Aas.exe
C:\WINDOWS\Ltr.exe
C:\WINDOWS\Hjj.exe
C:\WINDOWS\Llt.exe
C:\WINDOWS\Qak.exe
C:\WINDOWS\Kaf.exe
C:\WINDOWS\Ivc.exe
C:\WINDOWS\Nld.exe
C:\WINDOWS\Ahr.exe
C:\WINDOWS\Gik.exe
C:\WINDOWS\Kht.exe
C:\WINDOWS\Elv.exe
C:\WINDOWS\Tum.exe
C:\WINDOWS\Tkp.exe
C:\WINDOWS\Tqg.exe
C:\WINDOWS\Ruc.exe
C:\WINDOWS\Sao.exe
C:\WINDOWS\Oet.exe
C:\WINDOWS\Aho.exe
C:\WINDOWS\Kbv.exe
C:\WINDOWS\Thv.exe
C:\WINDOWS\Jdr.exe
C:\WINDOWS\Prf.exe
C:\WINDOWS\Dfc.exe
C:\WINDOWS\Pno.exe
C:\WINDOWS\Nci.exe
C:\WINDOWS\Njg.exe
C:\WINDOWS\Vto.exe
C:\WINDOWS\Kve.exe
C:\WINDOWS\Ofb.exe
C:\WINDOWS\Qfr.exe
C:\WINDOWS\Itp.exe
C:\WINDOWS\Iho.exe
C:\WINDOWS\Eom.exe
C:\WINDOWS\Aic.exe
C:\WINDOWS\Rqd.exe
C:\WINDOWS\Kkn.exe
C:\WINDOWS\Mnc.exe
C:\WINDOWS\Fhs.exe
C:\WINDOWS\Rsr.exe
C:\WINDOWS\Piq.exe
C:\WINDOWS\Iai.exe
C:\WINDOWS\Hbr.exe
C:\WINDOWS\Eif.exe
C:\WINDOWS\Fcr.exe
C:\WINDOWS\Fpf.exe
C:\WINDOWS\Skm.exe
C:\WINDOWS\Tag.exe
C:\WINDOWS\Qnq.exe
C:\WINDOWS\Vbp.exe
C:\WINDOWS\Oas.exe
C:\WINDOWS\Opt.exe
C:\WINDOWS\Ruf.exe
C:\WINDOWS\Edt.exe
C:\WINDOWS\Ubt.exe
C:\WINDOWS\Qia.exe
C:\WINDOWS\Aas.exe
C:\WINDOWS\Ltr.exe
C:\WINDOWS\Hjj.exe
C:\WINDOWS\Llt.exe
C:\WINDOWS\Qak.exe
C:\WINDOWS\Kaf.exe
C:\WINDOWS\Ivc.exe
C:\WINDOWS\Nld.exe
C:\WINDOWS\Ahr.exe
C:\WINDOWS\Gik.exe
C:\WINDOWS\Kht.exe
C:\WINDOWS\Elv.exe
C:\WINDOWS\Tum.exe
C:\WINDOWS\Tkp.exe
C:\WINDOWS\Tqg.exe
C:\WINDOWS\Ruc.exe
C:\WINDOWS\Sao.exe
C:\WINDOWS\System32\Rkv.exe
C:\WINDOWS\System32\Gvi.exe
C:\WINDOWS\System32\Hoc.exe
C:\WINDOWS\System32\Khb.exe
C:\WINDOWS\System32\Aph.exe
C:\WINDOWS\System32\Dgn.exe
C:\WINDOWS\System32\Lph.exe
C:\WINDOWS\System32\Skh.exe
C:\WINDOWS\System32\Urk.exe
C:\WINDOWS\System32\Sqi.exe
C:\WINDOWS\System32\Rgd.exe
C:\WINDOWS\System32\Ibh.exe
C:\WINDOWS\System32\Cef.exe
C:\WINDOWS\System32\Reg.exe
C:\WINDOWS\System32\Ovh.exe
C:\WINDOWS\System32\Fmg.exe
C:\WINDOWS\System32\Vpe.exe
C:\WINDOWS\System32\Lkg.exe
C:\WINDOWS\System32\Vgq.exe
C:\WINDOWS\System32\Dgm.exe
C:\WINDOWS\System32\Hid.exe
C:\WINDOWS\System32\Ogo.exe
C:\WINDOWS\System32\Kii.exe
C:\WINDOWS\System32\Tkt.exe
C:\WINDOWS\System32\Qhk.exe
C:\WINDOWS\System32\Chu.exe
C:\WINDOWS\System32\Vci.exe
C:\WINDOWS\System32\Vll.exe
C:\WINDOWS\System32\Amd.exe
C:\WINDOWS\System32\Ndh.exe
C:\WINDOWS\System32\Trg.exe
C:\WINDOWS\System32\Qtp.exe
C:\WINDOWS\System32\Vhd.exe
C:\WINDOWS\System32\Hbi.exe
C:\WINDOWS\System32\Kha.exe
C:\WINDOWS\System32\Hpr.exe
C:\WINDOWS\System32\Avh.exe
C:\WINDOWS\System32\Tkt.exe
C:\WINDOWS\System32\Qhk.exe
C:\WINDOWS\System32\Chu.exe
C:\WINDOWS\System32\Vci.exe
C:\WINDOWS\System32\Vll.exe
C:\WINDOWS\System32\Amd.exe
C:\WINDOWS\System32\Ndh.exe
C:\WINDOWS\System32\Hid.exe
C:\WINDOWS\System32\Ogo.exe
C:\WINDOWS\System32\Kii.exe
C:\WINDOWS\System32\Dgm.exe
C:\WINDOWS\System32\Vpe.exe
C:\WINDOWS\System32\Lkg.exe
C:\WINDOWS\System32\Vgq.exe
C:\WINDOWS\System32\Trg.exe
C:\WINDOWS\System32\Rgd.exe
C:\WINDOWS\System32\Ibh.exe
C:\WINDOWS\System32\Cef.exe
C:\WINDOWS\System32\Reg.exe
C:\WINDOWS\System32\Ovh.exe
C:\WINDOWS\System32\Fmg.exe
C:\WINDOWS\System32\Urk.exe
C:\WINDOWS\System32\Sqi.exe
C:\WINDOWS\System32\Skh.exe
C:\WINDOWS\System32\Hoc.exe
C:\WINDOWS\System32\Khb.exe
C:\WINDOWS\System32\Aph.exe
C:\WINDOWS\System32\Dgn.exe
C:\WINDOWS\System32\Lph.exe
C:\WINDOWS\System32\Rkv.exe
C:\WINDOWS\System32\Gvi.exe
C:\WINDOWS\System32\Qtp.exe
C:\WINDOWS\System32\Vhd.exe
C:\WINDOWS\System32\Hbi.exe
C:\WINDOWS\System32\Kha.exe
C:\WINDOWS\System32\Hpr.exe
C:\WINDOWS\System32\Avh.exe

NEXT:
Run CCleaner

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

Reboot to Normal Windows , Scan with HijackThis and attach the new log.
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

Good Luck!

 

I did everything you said and the wall paper is still there. here is my log:

 

First:
Make a backup of your registry before modifying it to be safe!
How to make a backup of the Windows registry


Now, Click Start, and then click Run.

Type regedit

Then click OK.

Navigate to the following key and delete it:

HKEY_CLASSES_ROOT\CLSID\{0A323FA1-38DE-44EC-B2FA-4002183C143E}


Navigate to the key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
In the right pane, delete the value:

"Wintime"="Wintime.exe"


Navigate to the key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
In the right pane, delete the value:

"ShellServiceObjectDelayLoadSystem"="{0A323FA1-38DE-44EC-B2FA-4002183C143E}"

Second:
Now, look in Task Manager (Ctrl-Alt-Del) for the following running process and, if you it, try to END it:

Ipv.exe

Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm

O4 - HKLM\..\Run: [Qrf] C:\WINDOWS\Ipv.exe
O4 - HKLM\..\Run: [Gvm] C:\WINDOWS\Nrn.exe
O4 - HKLM\..\Run: [Vrr] C:\WINDOWS\System32\Jqq.exe
O4 - HKLM\..\Run: [Lpo] C:\WINDOWS\System32\Jrp.exe
O4 - HKLM\..\Run: [Ped] C:\WINDOWS\Odj.exe
O4 - HKLM\..\Run: [Ljd] C:\WINDOWS\Ovv.exe
O4 - HKLM\..\Run: [Biq] C:\WINDOWS\Mbh.exe
O4 - HKLM\..\Run: [Aji] C:\WINDOWS\System32\Uar.exe
O4 - HKLM\..\Run: [Osc] C:\WINDOWS\System32\Bbr.exe
O4 - HKLM\..\Run: [Gnp] C:\WINDOWS\Coa.exe
O4 - HKLM\..\Run: [Eoo] C:\WINDOWS\Rau.exe
O4 - HKLM\..\Run: [Aef] C:\WINDOWS\System32\Jvg.exe
O4 - HKLM\..\Run: [Jvl] C:\WINDOWS\System32\Qno.exe
O4 - HKLM\..\Run: [Tiu] C:\WINDOWS\System32\Akn.exe
O4 - HKLM\..\Run: [Vpf] C:\WINDOWS\Chk.exe
O4 - HKLM\..\Run: [Opu] C:\WINDOWS\System32\Emu.exe
O4 - HKLM\..\Run: [Unp] C:\WINDOWS\System32\Dot.exe
O4 - HKLM\..\Run: [Joo] C:\WINDOWS\Dle.exe
O4 - HKLM\..\Run: [Jul] C:\WINDOWS\Lou.exe
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\Kpu.exe
O4 - HKLM\..\Run: [Cvh] C:\WINDOWS\Geo.exe
O4 - HKLM\..\Run: [Upl] C:\WINDOWS\System32\Okq.exe
O4 - HKLM\..\Run: [Qim] C:\WINDOWS\Qal.exe
O4 - HKLM\..\Run: [Ajt] C:\WINDOWS\System32\Jrj.exe
O4 - HKLM\..\Run: [Dcr] C:\WINDOWS\Lfs.exe
O4 - HKCU\..\Run: [Qrf] C:\WINDOWS\Ipv.exe
O4 - HKCU\..\Run: [Gvm] C:\WINDOWS\Nrn.exe
O4 - HKCU\..\Run: [Vrr] C:\WINDOWS\System32\Jqq.exe
O4 - HKCU\..\Run: [Lpo] C:\WINDOWS\System32\Jrp.exe
O4 - HKCU\..\Run: [Ped] C:\WINDOWS\Odj.exe
O4 - HKCU\..\Run: [Ljd] C:\WINDOWS\Ovv.exe
O4 - HKCU\..\Run: [Biq] C:\WINDOWS\Mbh.exe
O4 - HKCU\..\Run: [Aji] C:\WINDOWS\System32\Uar.exe
O4 - HKCU\..\Run: [Osc] C:\WINDOWS\System32\Bbr.exe
O4 - HKCU\..\Run: [Gnp] C:\WINDOWS\Coa.exe
O4 - HKCU\..\Run: [Eoo] C:\WINDOWS\Rau.exe
O4 - HKCU\..\Run: [Aef] C:\WINDOWS\System32\Jvg.exe
O4 - HKCU\..\Run: [Jvl] C:\WINDOWS\System32\Qno.exe
O4 - HKCU\..\Run: [Tiu] C:\WINDOWS\System32\Akn.exe
O4 - HKCU\..\Run: [Vpf] C:\WINDOWS\Chk.exe
O4 - HKCU\..\Run: [Opu] C:\WINDOWS\System32\Emu.exe
O4 - HKCU\..\Run: [Unp] C:\WINDOWS\System32\Dot.exe
O4 - HKCU\..\Run: [Joo] C:\WINDOWS\Dle.exe
O4 - HKCU\..\Run: [Jul] C:\WINDOWS\Lou.exe
O4 - HKCU\..\Run: [Dsi] C:\WINDOWS\Kpu.exe
O4 - HKCU\..\Run: [Cvh] C:\WINDOWS\Geo.exe
O4 - HKCU\..\Run: [Upl] C:\WINDOWS\System32\Okq.exe
O4 - HKCU\..\Run: [Qim] C:\WINDOWS\Qal.exe
O4 - HKCU\..\Run: [Ajt] C:\WINDOWS\System32\Jrj.exe
O4 - HKCU\..\Run: [Dcr] C:\WINDOWS\Lfs.exe

Again, make sure All Browser Windows are Closed when you Click FIX.


Third:
Please Boot into Safe Mode with the viewing of hidden files and folders enabled per the tutorial.
Now navigate to and delete the following files if they exist:

Right-click Start then click Search… or Find…, depending on the version of Windows you are running.

In the Named input box, type:

DESKTOP.HTML

In the Look In drop-down list, select the drive that contains Windows, then press Enter.

Once located, select the file then press Delete.

Now procede to deleting the following files:

C:\WINDOWS\System\secure32.txt
C:\WINDOWS\System32\secure32.txt
C:\WINDOWS\system.exe
C:\WINDOWS\System32\system32.dll
C:\WINDOWS\desktop.exe
C:\WINDOWS\toolbar.exe
C:\WINDOWS\mstasks1.exe
C:\WINDOWS\mstasks2.exe
C:\WINDOWS\test
C:\WINDOWS\seksdialer.exe
C:\WINDOWS\System32\wintime.exe
C:\WINDOWS\System32\dkdial.exe
C:\WINDOWS\System32\dial32.exe
C:\WINDOWS\Web\i_xx.gif (Where xx is a number between 01 and 20.)
C:\WINDOWS\Web\desktop.html

C:\WINDOWS\Ipv.exe
C:\WINDOWS\Nrn.exe
C:\WINDOWS\Odj.exe
C:\WINDOWS\Ovv.exe
C:\WINDOWS\Mbh.exe
C:\WINDOWS\Coa.exe
C:\WINDOWS\Rau.exe
C:\WINDOWS\Chk.exe
C:\WINDOWS\Dle.exe
C:\WINDOWS\Lou.exe
C:\WINDOWS\Kpu.exe
C:\WINDOWS\Geo.exe
C:\WINDOWS\Qal.exe
C:\WINDOWS\Lfs.exe
C:\WINDOWS\Ipv.exe
C:\WINDOWS\Nrn.exe
C:\WINDOWS\Odj.exe
C:\WINDOWS\Ovv.exe
C:\WINDOWS\Mbh.exe
C:\WINDOWS\Coa.exe
C:\WINDOWS\Rau.exe
C:\WINDOWS\Chk.exe
C:\WINDOWS\Dle.exe
C:\WINDOWS\Lou.exe
C:\WINDOWS\Kpu.exe
C:\WINDOWS\Geo.exe
C:\WINDOWS\Qal.exe
C:\WINDOWS\Lfs.exe

C:\WINDOWS\System32\Jqq.exe
C:\WINDOWS\System32\Jrp.exe
C:\WINDOWS\System32\Uar.exe
C:\WINDOWS\System32\Bbr.exe
C:\WINDOWS\System32\Jvg.exe
C:\WINDOWS\System32\Qno.exe
C:\WINDOWS\System32\Akn.exe
C:\WINDOWS\System32\Emu.exe
C:\WINDOWS\System32\Dot.exe
C:\WINDOWS\System32\Jrj.exe
C:\WINDOWS\System32\Okq.exe
C:\WINDOWS\System32\Jqq.exe
C:\WINDOWS\System32\Jrp.exe
C:\WINDOWS\System32\Uar.exe
C:\WINDOWS\System32\Bbr.exe
C:\WINDOWS\System32\Jvg.exe
C:\WINDOWS\System32\Qno.exe
C:\WINDOWS\System32\Akn.exe
C:\WINDOWS\System32\Emu.exe
C:\WINDOWS\System32\Dot.exe
C:\WINDOWS\System32\Okq.exe
C:\WINDOWS\System32\Jrj.exe

NEXT:
Run CCleaner

Let me know how this goes, after your done with this reboot and attach a new HJT log.