Hijack This Log (hubbys computer)

Hi,

Thanks for fixing my problems. My husband is also having problems with his computer. It has been running incredibly slow and does not appear to be reading from the cd-rom.

I have done all the steps and appear to have found some major problems that panda could not fix. I am now going to attach all the logs. There are 2 counterspy logs, because I accidentally ran it the first time without all the updates.

Thanks in advance for your help.

 

More logs

 

one last log

 

Download Pocket KillBox

• Save it to your desktop or a place easy to find.
• Do not run it yet

Please look in Add/Remove Programs for the following and uninstall them if found:

J2SE Runtime Environment 5.0 Update 5

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://xyojgmwdookslblawtcnh.com/Wu2OFNHEMItqizOkgsaubZ5XSuduwolrGIWlfSMDHHV5SN_ JMQ0JQkZ42YIvCJj8.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fltgzfvhdfrlaflpedlcx.com/Wu2OFNHEMIudeNOnXa_hQ8pAntaFRWwP5etGxm1pqRs .cgi
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yah oo.com

O2 - BHO: (no name) - {04148FDD-1F38-EBFB-257C-E78D00362708} - (no file)

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ulamnxiy] c:\windows\system32\ulamnxiy.exe ulamnxiy
O4 - HKCU\..\Run: [insidehelp] C:\DOCUME~1\Amanda\APPLIC~1\PUREDE~1\2exit.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O16 - DPF: ChatSpace Full Java Client 3.1.0.235N - http://205.177.13.50/Java/cfsn31235.cab
O16 - DPF: {95460ABD-946A-46FF-9F56-268718323EEE} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1068_XP.cab
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downloadv3.com/binaries/IA/sysinetsvc32_EN_XP.cab

Again, make sure ALL browser windows are closed when you click FIX.

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixme.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixme.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

C:\Program Files\video1 ← Delete this whole folder if it exist!

C:\Program Files\siteicons ← Delete this whole folder if it exist!

Next, run CCleaner to clean up cookies and temp files.

Locate PocketKillbox
(Procede with this step even if they do not show in blue)


Next, you will be entering items into Pocket KillBox. Please select the “Delete on Reboot” Option. Copy&Paste each of the file names listed below into the box one by one, making sure Delete on Reboot is Checked for each entry. Click the Red X for each entry, but DO NOT Allow your machine to be rebooted until the last item has been entered:

** Note: For any of the .dll files, check the Unregister .dll Before Deleting box as well. If this option is not enabled, don't worry about it.

• If you get an error message about Pending Operations, just reboot your computer manually.

After you complete the above, REBOOT and proceed with the rest of this fix...

Next Reset Web Settings & Default Security Settings

To Reset Web Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK

To Default Security Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Security Tab and click Default Level for Internet, Local Intranet, Trusted Sites, and Restricted Sites.

Note for IE 7 users:
Select Internet Options, then the Advanced Tab and then the Reset button under Reset Internet Explorer Settings.

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

Thanks for the quick response. The computer is still running very slow, taking 5-6 minutes to reboot after login.

I was unable to find the following file in hijack this when I ran it the first time in your instructions

O4 - HKLM\..\Run: [ulamnxiy] c:\windows\system32\ulamnxiy.exe ulamnxiy

I managed to get everything else done as instructed. Please find the new hijack this log attached.

 

I have never seen this app so let me ask, are you familiar with Mail Skinner and are you comfortable with it?

 

I had never heard of mail skinner before you mentioned it. So definately not familiar or comfortable with it.

 

Okay, look in Add/Remove Programs and uninstall if found. Afterwards reboot and attach a fresh HJT log.

 

I found it in add/remove programs, but when I clicked to remove it, it told me that it had already been uninstalled and asked if I wanted to remove it from the add/remove programs list. I did this and ran HJT, but it still showed up on the HJT list, I then used search and found and deleted the mailskinner folder and clicked to remove the entry using HJT.

This computer is taking about 10 minutes to startup after you log on. Anything you try to do is also incredibly slow. Some programs take up to 10 minutes to respond to being opened.

I just uninstalled counter spy as that appeared to be taking up 98% of the cpu time, and that appears to have sped it up a bit. I also uninstalled some programs that he never uses via add/remove programs, and stopped his Pimero calendar from loading on startup using HJT.

 

Please download Blacklight to its own folder...

F-Secure Blacklight

After download is complete, double click to run the program. Click "Accept" to procede. Then click SCAN to begin scanning your system.

Once the scan is complete it will attempt to clean the found infections. There should be a log in the folder that you ran the program from, attach this log to your next post along with a fresh HJT log.

 

Hi,

It didn't find anything. I have attached both logs as requested.

 

Your logs look good to me, I don't think your problem is Malware related.

Download Reg Supreme 1.4

When prompted, run the "Aggressive" scan and fix all found problems. Reboot once complete and let me know if anything has changed.

 

The computer is now running like a dream. That found 1637 errors and they are now all fixed. Thanks so much for all of your help.

 

Glad to hear it's running good, you can now delete and uninstall anything I had you install or run during this thread.

You should see this article on How to Protect yourself from malware!