XP Issues

G'day there

I am fairly new to using 'hijack this', but after many years of problems with my computer i finally decided that i would give it a go.

I have followed all the steps listed on MG before posting my hijackthis logfile - as such the BitDefender, Lavasoft AdAware and Norton scans have all been run.

I am still unsure as to what the problem actually is with my computer but some of the 'symptoms have been:

1) a programme called ToolBar888 has been installed and i cannot seem to uninstall it in add remove programmes

2) pop ups

3) my Norton Internet Secrity presents me with a message at ever startup and login (regarless of user logged onto) which says that the repair feature is incompatible and 'please unisntall and reinstall...Norton seems to work fine though...

4)My volume icon on the taskbar on all users has dissapeared. I cannot re-instate it through the control pannel sound menu, or reinstall volume control from the add windows components under add/remove programmes menu. what is going on here?

5) System is slow on startup...but that may be die to a whole heap of utilities which are running...i dont need them there...grr!

I would appreciate any help from a person who is more knowledgable than I

Cheers
/
mpearse

P.S.
os = windows xp home edition

 

Silly me...I forgotto attatch the HijackThis scan logfile

here it is

 

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {C3A89EF9-21B2-1ED9-BD37-9B773B07026C} - (no file)

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Win32 USB2 Driver] wuampdr.exe
O4 - HKCU\..\Run: [System Services] wxhvkups.exe
O4 - HKCU\..\RunServices: [System Services] wxhvkups.exe

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O16 - DPF: DigiChat Applet -
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} -
O16 - DPF: {D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E} -
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) -

Again, make sure ALL browser windows are closed when you click FIX.

Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

wuampdr.exe Manually search for these two files and delete if found. They will most likely be in C:\WINDOWS or C:\WINDOWS\System32.

wxhvkups.exe

Next, run CCleaner to clean up cookies and temp files.

After you complete the above, REBOOT and proceed with the rest of this fix...

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

sucesfully deleted all boxes listed above on hijakthis

after a safemode reboot, neither of the two .exe files were found after both a manual and electronic search of the entire computer...strange...

ccleaner was run and deleted round 290mb of files and folders

PROBLEM
when i clicked on the link to 'disable and reenable system restore in your post, i navigated to a webpage which stated:

im unsure what to do next...i havnt done anything after that step...what should i do next?

how are things running now? well, im not getting popups which is good! and the computer seems to be running more efficiently. i am still gettingthe message on startup about norton internet security...how 'the repair feature was not installed', please uninstall and reinstall'...norton itself seems to be running effectively though.

i will attatch the hijackthis log in the next post

 

here is the log:
cheers
mpearse

 

Have HJT fix the entry below and your log will be clean.

Are you having any current problems?

 

entry fixed...running normally and well

cheers for all your help
mpearse

 

Your Welcome!

You should see this article on How to Protect yourself from malware!

Surf Safely!