Jump to content

tj416

Trusted Malware Techs
  • Content Count

    10
  • Joined

  • Last visited

Posts posted by tj416


  1. Hi jinja1,

     

    The 023 seems to be persistant. To remove it:

    • Click Start>Run.
    • Type in services.msc.
    • Scroll down till you find a entry with Hardware Clock Driver as its Display Name.
    • Right-click it and select Stop.
    • Double click that entry and under the General tab, select Disabled under "Startup type:".
    • Click Ok.
    • Open HijackThis.
    • Click the Config button.
    • Click the Misc Tools button.
    • Select Delete an NT service.
    • Copy and paste the following into the box:

      hwclock

    • Click Ok.
    Then, reboot and post a fresh HijackThis log.

  2. Hi jinja1,

     

    Open HijackThis, run a scan and check these items:

    F2 - REG:system.ini: UserInit=userinit.exe,userinit32.exe

     

    O4 - HKLM\..\Run: [vFr97B] C:\WINDOWS\hbqgm.exe

    O4 - HKLM\..\Run: [180ax] c:\windows\180ax.exe

    O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe

    O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\System32\picsvr\picsvr.exe

    O4 - HKLM\..\Run: [iPOT USB Service DRV32] hpsebc08.exe

    O4 - HKLM\..\RunServices: [iPOT USB Service DRV32] hpsebc08.exe

    O4 - HKCU\..\Run: [ukwr] C:\PROGRA~1\COMMON~1\ukwr\ukwrm.exe

    O4 - HKCU\..\Run: [iPOT USB Service DRV32] hpsebc08.exe

    O4 - HKCU\..\RunServices: [iPOT USB Service DRV32] hpsebc08.exe

     

    O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

     

    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971C...Bridge-c139.cab

     

    O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)

     

    Now please close all windows and browsers, except HijackThis, and have HijackThis fix them by clicking on Fix Checked.

     

    Then,reboot in Safe mode. To reboot in Safe mode:

    Restart your computer and immediately begin tapping the F8 key on your keyboard. If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

     

    You will need to configure Windows XP to show all files and folders.

    1. Open My Computer.

    2.Select the Tools menu and click Folder Options.

    3. Select the View Tab.

    4.Under the Hidden files and folders heading select Show hidden files and folders.

    5.Uncheck the Hide protected operating system files (recommended) option.

    6.Click Yes to confirm.

    7.Click OK.

     

    Then, delete these files:

    C:\WINDOWS\hbqgm.exe

    c:\windows\180ax.exe

     

    Then, delete these folders:

    C:\WINDOWS\System32\nsvsvc

    C:\WINDOWS\System32\picsvr

    C:\PROGRA~1\COMMON~1\ukwr

     

    Then, search for these files and delete them:

    userinit32.exe

    hpsebc08.exe

     

    Then, delete Temp Files. To delete temp files:

    Click on Start and then run, and type %temp% and press the ok button.

     

    This should open up the temp directory that your machine uses. Please delete all files that are found there.

     

    Do this same process for %windir%\temp.

     

    Then, delete Temporary Internet Files. To delete Temporary Internet Files:

    Open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted.

     

    Then,reboot (in the normal mode) and post a new log in this thread.

×
×
  • Create New...