Please review Hijackthis log (Pop-ups)

I've sent you an e-mail. Thanks.

 

I got the email but the zip file is empty. Please delete the zip file you created and try again. BTW, if you clicked 'select all>export' on the three search results, there will only be one backup file created.

 

Sent you the e-mail again! I hope it works!

 

I've attached a zip file. Download and extract. Open the folder and double click the Permissions.bat to run. Post the contents of the two text files it creates.

The download may want to save as attachment.php.....simply rename it to SevicePermissions.zip after downloading.

 

Here's the first file named service.txt


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_KJSXLGQO6:
(CI) ALLOW Full access NT AUTHORITY\SYSTEM
(CI) ALLOW Read Everyone


Here's the second file named service1.txt

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_KJSXLGQO6]
"NextInstance "=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_KJSXLGQO6\0000]
"Service "= "kjsxlgqo6 "
"Legacy "=dword:00000001
"ConfigFlags "=dword:00000000
"Class "= "LegacyDriver "
"ClassGUID "= "{8ECC055D-047F-11D1-A537-0000F8753ED1} "
"DeviceDesc "= "bfjhwoliaxrj "

 

Download and install Reglite. Open and copy/paste the following string in the address window, then click go.

The forum format puts a space in the word Root that you will need to edit out before clicking Go.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_KJSXLGQO6

In the left pane, the LEGACY_KJSXLGQO6 key will be highlighted purple. Right click it and select properties. Click permissions on the next window. Highlight Everyone in the top pane, then check the full control box below. Apply and click OK to close the permissions and properties boxes. Now, again right click the LEGACY_KJSXLGQO6 key and select delete. Close RegLite and reboot. Run another HJT scan and let us know if the rogue service is gone.

 

For some reason, I followed the steps but when I clicked delete my access was denied.

 

Open Reglite again. It should still be located at that key. Again choose properties and click Take Ownership. Click OK to close properties box and try deleting the key. If no luck, open properties then permissions again, then click Add under Group or user names on the Security tab. Type your username in the Enter object names to select window, then click Check Names. YourComputerName\YourUserName should appear in the window. Click OK. Select your username on the Security tab and check full control in the access column below. Click OK on permissions and Properties boxes, then try deleting the key.

 

Wow, I took all the steps but still I was denied access, so I deleted a file named 0000 that was under the file LEGACY_KJSXLGQO6 and then deleted LEGACY_KJSXLGQO6 and it worked. I wonder if that's ok? Oh, and this still shows up though.
O23 - Service: kjsxlgqo6 - Unknown owner - C:\WINDOWS\system32\bczhrhpy6.exe (file missing)

 

Delete the following key if present.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KJSXLGQO6

note the space in the word services that needs edited out

 

I haven't rebooted yet, but I think it's gone. Yeay! Thank you so much!

 

Allright! Pat yourself on the back. You did good!

Happy to help.