C:\WINDOWS\SYSTEM\blank.htm!!! Hijacker?

[ibanez7]

Hello!
Been having problems with freezing and errors every now on a friend's computer and then so I ran a few scans and here is what I got.I'm wondering if I got everything out.Could someone please have a look.I scanned with lavasoft, spybot,ewido,and mcaffe antivirus.I've incuded the log files.I also did a scan with trend micro.It found ADW-SE 2 kinds and Dial-SE 2 kinds.I then re-took a hijack this and believe his browser is hijacked from C:\WINDOWS\SYSTEM\blank.htm.Can someone please have a look at the scans and point me in the right directions? thanks
I attached the ewido scan and hijack but the adaware scan log was too big.

 

[howard_hopkinso]

Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

rqsvfuc.exe

Close task manager.

Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)

O4 - HKLM\..\Run: [iaptwv] C:\WINDOWS\system32\rqsvfuc.exe r

O9 - Extra button: (no name) - {F2B441CC-E026-47fb-BDC3-A07750FA3D2C} - file://C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm (file missing) (HKCU)

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145122242539
O16 - DPF: {D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E} - http://dialup.carpediem.fr/CABS/1,0,3,8/fr/AccesMembre.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?


O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files(if there).

C:\WINDOWS\system32\rqsvfuc.exe r
C:\WINDOWS\SYSTEM\blank.htm

Reboot into normal mode and turn system restore back on.


Regards Howard

 

[ibanez7]

ok here is what i got now:



Thanks very much for your help!!!

 

[howard_hopkinso]

Your HJT log is clean.

However, you should`ve posted it as an attachment, like you did the first time.

No matter, I`ll delete it.

Regards Howard

 

[ibanez7]

Thanks very much and sorry about screwing up on proper posting og log i'll be very careful not to do that again.Again thanks very much