Mieke,
The link you gave me didn't work for me, so here is the reg. file.
Robin
Full Version: Reg. export (Attn. Miekiemoes)
Hi,
Thank you.
This one should be detected by Mbam by now, but I know you can't update, so let's deal with this one manually again..
* Open hijackthis, click 'config' (bottom right)
Choose the tab 'misc Tools' on top.
Choose 'delete a file on reboot'
In the field, copy and paste next:
C:\WINDOWS\xqqvw.mfo
Click open.
Hijackthis will tell you that this file will be deleted on next reboot and if you want to reboot now. Click Yes/ok
Your system should reboot now.
Then, Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)
Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this:
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
Let me know if that solved it.
I also suggest you use Firefox as a browser in combination with the noscript extension for now, because you most probably got infected through the same website again (which is in most cases a legitimate website).
Thank you.
This one should be detected by Mbam by now, but I know you can't update, so let's deal with this one manually again..
* Open hijackthis, click 'config' (bottom right)
Choose the tab 'misc Tools' on top.
Choose 'delete a file on reboot'
In the field, copy and paste next:
C:\WINDOWS\xqqvw.mfo
Click open.
Hijackthis will tell you that this file will be deleted on next reboot and if you want to reboot now. Click Yes/ok
Your system should reboot now.
Then, Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)
QUOTE
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"aux2"="wdmaud.drv"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"aux2"="wdmaud.drv"
Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this:
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
Let me know if that solved it.
I also suggest you use Firefox as a browser in combination with the noscript extension for now, because you most probably got infected through the same website again (which is in most cases a legitimate website).
QUOTE (miekiemoes @ Apr 17 2009, 02:11 PM) 
Hi,
Thank you.
This one should be detected by Mbam by now, but I know you can't update, so let's deal with this one manually again..
* Open hijackthis, click 'config' (bottom right)
Choose the tab 'misc Tools' on top.
Choose 'delete a file on reboot'
In the field, copy and paste next:
C:\WINDOWS\xqqvw.mfo
Click open.
Hijackthis will tell you that this file will be deleted on next reboot and if you want to reboot now. Click Yes/ok
Your system should reboot now.
Then, Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)
Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this:
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
Let me know if that solved it.
I also suggest you use Firefox as a browser in combination with the noscript extension for now, because you most probably got infected through the same website again (which is in most cases a legitimate website).
Thank you.
This one should be detected by Mbam by now, but I know you can't update, so let's deal with this one manually again..
* Open hijackthis, click 'config' (bottom right)
Choose the tab 'misc Tools' on top.
Choose 'delete a file on reboot'
In the field, copy and paste next:
C:\WINDOWS\xqqvw.mfo
Click open.
Hijackthis will tell you that this file will be deleted on next reboot and if you want to reboot now. Click Yes/ok
Your system should reboot now.
Then, Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)
Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this:
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
Let me know if that solved it.
I also suggest you use Firefox as a browser in combination with the noscript extension for now, because you most probably got infected through the same website again (which is in most cases a legitimate website).
You saved the day again. You're the best!
You're most welcome. Now please update mbam asap 
QUOTE (miekiemoes @ Apr 17 2009, 03:32 PM)
You're most welcome. Now please update mbam asap
I did, and am running the full scan. Nothing detected so far.
I have also installed Noscript in Firefox.
Good to hear. Not sure where you exactly got infected, but try to avoid sites hosted by IX Webhosting
Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.