Jump to content


Trusted Malware Techs
  • Content Count

  • Joined

  • Last visited

About tj416

  • Rank
  • Birthday 04/16/1991

Contact Methods

  • Website URL
  • ICQ

Profile Information

  • Location
    Doha, Qatar
  • Interests
    Killing Malware

Previous Fields

  • System Specifications:
    Microsoft Windows XP Home Edition
  • Teams:
    Nothing Selected
  1. This shows that your version of Windows and IE is outdated. Try fixing the following entry and then try running Windows Update: O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1113973588957 Thanks, TJ
  2. Hi jinja1, MOST IMPORTANT: You Need to Update Windows and IE to get all the Latest Security Patches to protect your computer from the malware that is around on the internet. Please go to Microsoft Windows and Internet Explorer Updates to get the critical updates. Then, post a fresh HijackThis log.
  3. Hi jinja1, The 023 seems to be persistant. To remove it: Click Start>Run. Type in services.msc. Scroll down till you find a entry with Hardware Clock Driver as its Display Name. Right-click it and select Stop. Double click that entry and under the General tab, select Disabled under "Startup type:". Click Ok. Open HijackThis. Click the Config button. Click the Misc Tools button. Select Delete an NT service. Copy and paste the following into the box:hwclock Click Ok. Then, reboot and post a fresh HijackThis log.
  4. Hi jinja1, Open HijackThis, run a scan and check these items: F2 - REG:system.ini: UserInit=userinit.exe,userinit32.exe O4 - HKLM\..\Run: [vFr97B] C:\WINDOWS\hbqgm.exe O4 - HKLM\..\Run: [180ax] c:\windows\180ax.exe O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\System32\picsvr\picsvr.exe O4 - HKLM\..\Run: [iPOT USB Service DRV32] hpsebc08.exe O4 - HKLM\..\RunServices: [iPOT USB Service DRV32] hpsebc08.exe O4 - HKCU\..\Run: [ukwr] C:\PROGRA~1\COMMON~1\ukwr\ukwrm.exe O4 - HKCU\..\Run: [iPOT USB Service DRV32] hpsebc08.exe O4 - HKCU\..\RunServices: [iPOT USB Service DRV32] hpsebc08.exe O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971C...Bridge-c139.cab O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing) Now please close all windows and browsers, except HijackThis, and have HijackThis fix them by clicking on Fix Checked. Then,reboot in Safe mode. To reboot in Safe mode: Restart your computer and immediately begin tapping the F8 key on your keyboard. If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter. You will need to configure Windows XP to show all files and folders. 1. Open My Computer. 2.Select the Tools menu and click Folder Options. 3. Select the View Tab. 4.Under the Hidden files and folders heading select Show hidden files and folders. 5.Uncheck the Hide protected operating system files (recommended) option. 6.Click Yes to confirm. 7.Click OK. Then, delete these files: C:\WINDOWS\hbqgm.exe c:\windows\180ax.exe Then, delete these folders: C:\WINDOWS\System32\nsvsvc C:\WINDOWS\System32\picsvr C:\PROGRA~1\COMMON~1\ukwr Then, search for these files and delete them: userinit32.exe hpsebc08.exe Then, delete Temp Files. To delete temp files: Click on Start and then run, and type %temp% and press the ok button. This should open up the temp directory that your machine uses. Please delete all files that are found there. Do this same process for %windir%\temp. Then, delete Temporary Internet Files. To delete Temporary Internet Files: Open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted. Then,reboot (in the normal mode) and post a new log in this thread.
  5. Sorry for not replying I was busy this week. Please post a new log and I'll help you.
  6. Hi jinja1, Please run atleast two of the following Online virus scanners: Housecall Panda RAV Anti-virus Online eTrust Anti-virus Scanner Then, post a new Hijack this log. In your reply, also mention what the Online virus scanners had found.
  • Create New...