Asking For Help Per The FAQ's

This computer came from my husband's office, and it wasn't clean when it got here. I spent all weekend reading your site and running programs. A bunch of stuff was cleaned off, including "winshow" which was just annoying the heck out of me.

I still have a pop-up problem though - can I please post my hijackthis log (as an attachment, of course!) for review?

So far, I have run Panda, Trend Micro, Norton and E_Trust anti-virus programs. I have System Restore turned off. "Network Security Service" is disabled. Doxdesk doesn't see anything. I have updated and run Ad-Aware, SpyBot, About:Buster, HSRemove, CWShredder, Kill2Me, and CCLeaner. I ran all those programs in Safe Mode, as well as regular ol' mode.

But, I still get pop-ups (not "Messenger") - albeit not nearly as many as I was getting. The Hijack This file has a couple of items that look like they shouldn't be there, but if I just "fix" them they come right back.

So, please? Can I have a little help?

 

Thank you for helping me with this.

 

I forgot to add that, per your suggestion. I Googled some of the things that look odd. Like the XudY.exe file, plus the others that seem to be random character generations.

I did not get any hits on them though.

Angie

 

No, I don't need Kaaza. DH was downloading music, but I don't. How do people download stuff without messing up their computers, if Kaaza is such a horror?

I will get started on the list you gave me, and post again later.

Thanks again - I really, really appreciate this!

Angie

 

You said to end 4 processes: LgnJ8V3.exe, scvhost.exe, csrss32.exe and Microsoft.exe, but they were/are not running. (At least, when I open Task Manager they are not listed there.)

Then, per your suggestion, I went into safe mode and looked in several directories for 3 files to delete, but I did not see them in any of the directories you cited. So, I did a search on them, and did not come up with any results.

I only got results when I searched for files containing those words. Besides Ad-Aware logs and the HijackThis.txt, those file names appeared in backup.reg, CollectedData_3495 XML, and regLocal.reg.

Last night, I noticed that the XudY file was running when I was in Task Manager, but this a.m. it is not.

Also, I just had a thought - I have only been logging in as "Owner." Do I need to log in as "Administrator?"

 

I think I'll hold off on installing anything new for the time being . I don't need Kaaza - DH used it at his store, but I'm on dial-up. It takes me forever just to download pictures.

Can you give me the name of a file that should be hidden so I can be sure I'm viewing hidden files? I promise not to delete it.

Angie

 

Yes, they toggle on and off. And, the icons look faded compared to the regular ol' files. I was ok then - not forgetting anything.

I ran the searches again, and I do not have those files. I *do* have LgnJ8V3.exe though. But the instructions didn't say to look for or reomve it - I accidently was reading the wrong part of the message second time around.

Is that supposed to be there, or should I delete it?

Angie

 

YIkes - looks like my brain cells were hijacked.

Up until now, I had not done anything, but now I have.

I deleted the LgnJ8V3, the Xudy and the Txma1mq files. I also uninstalled Kazaa. I have not fixed any lines With HijackThis.

Is removing the P2P Networking a different step than removing the Kaaza? If it is, I have not done that.

What next?

 

Attached is the new logfile. I think something is changing names. I am going to try your "Generic Solution For "Only The Best" " advice, since your initial post specifically mentioned that it looked like some pieces of that were still around.

I uninstalled the P2P Networking thing.

I also am going to uninstall the "Musicnotes" thing - it is shareware. (Who knows where he got it). I figure if it is bringing me problems it needs to go, and if it isn't then I can just re-download it.

I am also going to find and run the program that removes the Kazaa spyware.

Let me know if there's anything else you want me to do.

 

The MemoryWatcher didn't flag me as finding anything. It just opened and then disappeared - I didn't see a report telling me it didn't find anything.

I fixed and deleted, but the chp.dll entry won't leave the HijackThis file. The searches say that it is gone from my computer, I even deleted it from my recycle bin.

I've been in and out of Safe Mode several times, and last night I saw about 50 files in the System32 directory that look suspicious, but I'm certainly not sure about anything.

I googled every one, and two of them appear to me to be spyware related: appsys.exe, and amcompat.tlb. Am I right?

THere's a "StopzillaBHO.dll" that looks suspicious, because I haven't downloaded "Stopzilla." (Remember, my DH had this computer before I did. Argh.)

The rest of them scored no Google hits, with an occasional exception of other people's posted "HijackTHis" logs. They all look like random character names, like Vva6i.exe, bhote.dll, and Tsd13Q.exe. None of them have any significant information in the hover box, just a version (usually 1.0.0.0) and an installation date.

Anyway. I ran Spybot and the Ad-Aware deep scan a couple of times, in both modes. Here's the most recent HijackThis log.

Angie

 

That would make sense - this had Norton on it before I took it off.

I ran the Trend-Micro scan again, and it deleted all those suspect files this time.

I deleted the StopzillaBHO.dll.

I do have system and hidden files visible - I check that all the time (but I checked again too.) I do not have the System Restore turned back on.

I ran Ad-Aware in Safe mode, "Scan Volume For Ads." It found 7 things - I am attaching a log.

about:Buster will not run now, in either mode. I get a message "Run Time error '339'. Component 'mscomctl.ocx' or one of its dependencies not currently registered: a file is missing or invalid."

I had already run 3about:Buster early on - prior to my initial post - so I tried that for kicks. It now gives me the same error.

 

Wow - You're fast! I am convinced it is because you are a god.


I found a MajorGeeks FAQ that told me how to fix my file, so I did that. Yes, Ad-Aware claimed to fix the problems it found.

I ran Buster once in Safe and once in Normal. The logs are attached, #1 is in Safe. The first scan found more.

 

Grrr...Nope. Can't find the file to delete it. c as in Charlie, h as in horse, p as in Paul (dot) d as in David, ll as in llama - no hits in either Safe or Normal mode, logged in as both Adminisrator and Owner (the only 2 ID's set up.)

I checked the box in Hijack this, pressed "fix" and it still appears. I tried rebooting before scanning again...basically every combination of modes, boots and scans I could think of.

I didn find and delete it several steps ago...

Maybe unistall/reinstall HijackThis?

Angie

 

After I click "go" the address line drops the "\\AppInit_DLLs". No AppInit.DLLs value exists on the right side

I searched function the entire registry for chp.dll . Attached is a screen shot - hope that's ok? My tpying sucks.

Also included a screen shot to show you that I swear I am viewing all the files. (It's like that in Safe Mode too.)

I am going to try the registry thing in the next post now, and will post again after that.

Angie

 

- I swear it's just like magic!

Atached is my HIjackthis.log - seems that I might actually be cured.


How can I thank you?

Angie

 

We seem to have a big difference in defining "fun"


Yes, I do have a SmartLink modem.


Really, the whole reason I made DH bring this one home was because the local repair shop screwed up mine so badly. It was a rebuilt machine, that started shutting down spontaneously. (I always kept my machine so clean - I didn't even open my mail in HTML.) I took it to the shop we bought it from, where they dx'd a bad motherboard. THey couldn't get an exact replacement, so they put "one that would work" in, but it didn't....they ended up formatting and restoring the C: drive, which awakened an amazing amount of viruses and trojans that the previous owner had apparently downloaded. ( I couldn't deny that DH might possibly have downloaded the porn, but I know darned well he didn't download massive amounts of rap and 70's disco tunes.)


I tried at least three other help-boards to get past the virus and spy stuff, finally just gave up and told DH to bring me his so I can get his books caught up. I just about *died* when I saw this one had issues too.

THANKS CHASLANG! YOU'VE SAVED MY MARRIAGE!

Seriously - you're a God!

Angie