Computer has a few things wrong, need cleaning up

  • Gearu
  • Novice
  • Novice
  • User avatar
  • Posts: 24

Post 3+ Months Ago

I've run both AdAware and Spybot in safe mode as instructed in the stickied topic above, but couldn't get housecall to work properly, it seemed to be scanning, but after an hour there didn't seem to be anything happening/had happened.
I've wiped out the majority of the viruses that were on my computer, there's just a few little stains to mop up, my system seems to run slower, I suspect I have a leftover virus that exists only to hog my ram and page files..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:20:45 PM, on 7/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\3 Mobile\3 Mobile Broadband\3 Mobile Broadband.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

O2 - BHO: lijzalit.dll - {1C954872-1230-6541-9548-6541025884C1} - C:\WINDOWS\system32\lijzalit.dll
O2 - BHO: opshbbty.dll - {22596546-2036-9451-6058-658402589722} - C:\WINDOWS\system32\opshbbty.dll
O2 - BHO: yxcschlp.dll - {35671234-7890-ABCD-CDEF-567801237653} - C:\WINDOWS\system32\yxcschlp.dll
O2 - BHO: (no name) - {398C9B84-4EF7-47B5-9862-DE29543B3C42} - C:\Program Files\Internet Explorer\PLUGINS\Nt_Sys32.Sys
O2 - BHO: ozfycbyt.dll - {3A069845-2036-6084-9054-6087502480A3} - (no file)
O2 - BHO: mnmhcsrv.dll - {3C8D1401-A58D-A81C-CD24-A5915C4517C3} - C:\WINDOWS\system32\mnmhcsrv.dll
O2 - BHO: zptlbsys.dll - {40940F85-F015-14F1-A05F-F69858AC6D04} - C:\WINDOWS\system32\zptlbsys.dll
O2 - BHO: ozfydbyt.dll - {4A069845-2036-6084-9054-6087502480A4} - C:\WINDOWS\system32\ozfydbyt.dll
O2 - BHO: oohxcbyt.dll - {4B1AEF69-DDAE-FDAD-DCAB-698F026ABDB4} - C:\WINDOWS\system32\oohxcbyt.dll
O2 - BHO: ypcqdhlp.dll - {50AF1289-F140-A140-D012-C1458759FC05} - C:\WINDOWS\system32\ypcqdhlp.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: zxmsbwin.dll - {5A041F13-A111-12A3-B0CF-F99818AA68A5} - C:\WINDOWS\system32\zxmsbwin.dll
O2 - BHO: zyzxeime.dll - {5A59145F-315D-BC23-AC1F-145DF81A34A5} - C:\WINDOWS\system32\zyzxeime.dll (file missing)
O2 - BHO: zyzxfime.dll - {6A59145F-315D-BC23-AC1F-145DF81A34A6} - C:\WINDOWS\system32\zyzxfime.dll (file missing)
O2 - BHO: ypdjebmp.dll - {71954FAC-1023-154F-895A-1458258AD817} - C:\WINDOWS\system32\ypdjebmp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: zyzxgime.dll - {7A59145F-315D-BC23-AC1F-145DF81A34A7} - C:\WINDOWS\system32\zyzxgime.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AcerNotebookManager] C:\Program Files\Acer\Notebook Manager\almxptray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/ ... leId=21871
O17 - HKLM\System\CCS\Services\Tcpip\..\{6218E1F1-F84E-49AD-AABF-51F729BFC251}: NameServer = 202.124.81.2 202.124.68.130
O20 - AppInit_DLLs: hnfgs.dll,gnfctt.dll,rthderr.dll,uksuk.dll,thrtgth.dll,hujfgt.dll,rhdhj.dll,jmkcgt.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gjjte.dll,xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll,xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,gfhynrth.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,ydgn.dll,dbfb.dll,fjnbv.dll,ghynjr.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ektvm.dll,rdthr.dll,rgfjj.dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dll,hkfgh.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs.dll,sthth.dll,wfhyt.dll,rgghjj.dll,ghjkdr.dll,gmjgty.dll,
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 7527 bytes

Something in there is attacking my svchost.exe, causing the following popups to appear at random intervals, except for the smaller one, which appears once, I can 'collect' about 5 or 6 of the larger ones before the internet connection disables mysteriously and I have to restart.
The largest of these pictures is what comes up when I look at what the error report contains, and when I click to see the technical info on that popup, it says these files would be sent in the report:
C:\DOCUME~1\COMPUT~1\LOCALS~1\Temp\WER9bb7.dir00\svchost.exe.mdmp
C:\DOCUME~1\COMPUT~1\LOCALS~1\Temp\WER9bb7.dir00\appcompat.txt

Image
Image
Image
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

Everything below has to go and if the name servers listed don't belong to your ISP, remove those as well.

O2 - BHO: lijzalit.dll - {1C954872-1230-6541-9548-6541025884C1} - C:\WINDOWS\system32\lijzalit.dll
O2 - BHO: opshbbty.dll - {22596546-2036-9451-6058-658402589722} - C:\WINDOWS\system32\opshbbty.dll
O2 - BHO: yxcschlp.dll - {35671234-7890-ABCD-CDEF-567801237653} - C:\WINDOWS\system32\yxcschlp.dll
O2 - BHO: (no name) - {398C9B84-4EF7-47B5-9862-DE29543B3C42} - C:\Program Files\Internet Explorer\PLUGINS\Nt_Sys32.Sys
O2 - BHO: ozfycbyt.dll - {3A069845-2036-6084-9054-6087502480A3} - (no file)
O2 - BHO: mnmhcsrv.dll - {3C8D1401-A58D-A81C-CD24-A5915C4517C3} - C:\WINDOWS\system32\mnmhcsrv.dll
O2 - BHO: zptlbsys.dll - {40940F85-F015-14F1-A05F-F69858AC6D04} - C:\WINDOWS\system32\zptlbsys.dll
O2 - BHO: ozfydbyt.dll - {4A069845-2036-6084-9054-6087502480A4} - C:\WINDOWS\system32\ozfydbyt.dll
O2 - BHO: oohxcbyt.dll - {4B1AEF69-DDAE-FDAD-DCAB-698F026ABDB4} - C:\WINDOWS\system32\oohxcbyt.dll
O2 - BHO: ypcqdhlp.dll - {50AF1289-F140-A140-D012-C1458759FC05} - C:\WINDOWS\system32\ypcqdhlp.dll
O2 - BHO: zxmsbwin.dll - {5A041F13-A111-12A3-B0CF-F99818AA68A5} - C:\WINDOWS\system32\zxmsbwin.dll
O2 - BHO: zyzxeime.dll - {5A59145F-315D-BC23-AC1F-145DF81A34A5} - C:\WINDOWS\system32\zyzxeime.dll (file missing)
O2 - BHO: zyzxfime.dll - {6A59145F-315D-BC23-AC1F-145DF81A34A6} - C:\WINDOWS\system32\zyzxfime.dll (file missing)
O2 - BHO: ypdjebmp.dll - {71954FAC-1023-154F-895A-1458258AD817} - C:\WINDOWS\system32\ypdjebmp.dll
  • Gearu
  • Novice
  • Novice
  • User avatar
  • Posts: 24

Post 3+ Months Ago

All except for four of those .dlls refused to die via HijackThis, I deleted all their registry entries, but the .dlls themselves still were invincible, then I noticed HT's ability to delete upon reboot, which won the day for me.
I considered the possibility that those .dlls weren't exactly official, thanks for confirming for me, they are all gone now and the 2 games I play that were running slower, C&Cs Red Alert 2 and Renegade, now run fine if not the same as they did originally.
However the only thing remaining is the svchost errors and the exception one, I was hoping to try using the XP cd's repair tool but it told me I need to insert the Restore Plus! CD, which the previous owner did not give me, or did not have.
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

Maybe you can get around not having that other CD. I can't find much on the svchost error you posted. Look at the event viewer.
Start, run, eventvwr.msc

Maybe there will be a clearer error message.
  • Gearu
  • Novice
  • Novice
  • User avatar
  • Posts: 24

Post 3+ Months Ago

Event Viewer gives me this, maybe I can get a replacement netapi32.dll somewhere? Registry had no entries on it.
And I should have said before, these errors only started coming up after putting my USB wireless internet into a PS3 to try and play games online, so I believe it may have something to do with that.

Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 9/06/2008
Time: 8:36:03 AM
User: N/A
Computer: COMPUTER-QGW14F
Description:
Faulting application svchost.exe, version 5.1.2600.2180, faulting module netapi32.dll, version 5.1.2600.2180, fault address 0x0000a3c0.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 73 76 63 ure svc
0018: 68 6f 73 74 2e 65 78 65 host.exe
0020: 20 35 2e 31 2e 32 36 30 5.1.260
0028: 30 2e 32 31 38 30 20 69 0.2180 i
0030: 6e 20 6e 65 74 61 70 69 n netapi
0038: 33 32 2e 64 6c 6c 20 35 32.dll 5
0040: 2e 31 2e 32 36 30 30 2e .1.2600.
0048: 32 31 38 30 20 61 74 20 2180 at
0050: 6f 66 66 73 65 74 20 30 offset 0
0058: 30 30 30 61 33 63 30 000a3c0
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

Yes, you can search Google for that .dll file, download it and replace it or you can go to
http://www.daniweb.com/forums/thread52681.html

which has other possible fixes for that error. Post #5 includes some post SP2 hot fixes.
  • Gearu
  • Novice
  • Novice
  • User avatar
  • Posts: 24

Post 3+ Months Ago

Tried to do all the silly messing around with their service pack adapter specially made converter reconfigurating slipstreamer but it failed, the larger the 3rd party mod, the more likely it is to do so, however there was a guy on there who posted to download/install these 2 Internet Explorer 6 hotfixes for security holes, I have been running the computer now for a couple of hours using the same programs and haven't got any errors yet so I believe it is all fixed now.
Thank you Don.

The names of the hotfixes I downloaded from MS website:
WindowsXP-KB921883-x86-ENU.exe
WindowsXP-KB894391-x86-ENU.exe
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

You're welcome. I'm glad it's ok.

Post Information

  • Total Posts in this topic: 8 posts
  • Users browsing this forum: No registered users and 44 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.