Windows XP help for my hijackthis log file!

Joined
Jun 22, 2004
Messages
9
Reaction score
0
i disabled few apps on my startup in my msconfig (googled everything i dont know)...but there are some apps that i dont know if i should disable or not....these are the ff:

1) int339890.exe (even if i google it i cnt find any specific definition of what it is and what it does)

2)HPWuSchd.exe (it is a Hewlett Packard software installed with one of their printer installations It apparently checks for HP driver updates.)

3)hpztsb08.exe (this is the driver for HP Deskjet 3550)

4)NvCpl.exe (this one im having problems with, even if i disable it on my startup, msconfig, it still runs on the next time i startup my pc...some forums said that it is a worm...."This EXE moves itself to the Windows system folder as NVCPL.EXE or REDAEMON.EXE and creates entries in the registry at the following locations to run itself on system restart:".....cn anybody clear that up for me...or suggest on what i can do to disable this file)

after fixing my msconfig...i ran CWshredder and Spybot 1.3...then i rebooted...and performed hijackthis...this is my fresh log file:

Logfile of HijackThis v1.97.7
Scan saved at 6:45:40 PM, on 6/29/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\Resources\Themes\DameK UltraBlue\Desktop Sidebar\sidebar.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
O2 - BHO: (no name) - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\Program Files\DAP\DAPIEBar.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [websx] C:\Program Files\websx\int339890.exe -auto
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [SIDEBAR] "C:\WINDOWS\Resources\Themes\DameK UltraBlue\Desktop Sidebar\sidebar.exe"
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37995.9044791667
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

any suggestion on what i should fix on my log file...tnx!

 

muckshifter

I'm not weird, I'm a limited edition.
Moderator
Joined
Mar 5, 2002
Messages
25,735
Reaction score
1,204
I've never been able to "understand" any Highjack Log ... may I suggest you pop over to their forum, they "see" these things every day.

However, I can tell you that you do indeed have a Trojan that is somewhat of a bugger to eradicate ... try this;
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.S

Also, ensure you have ALL the critical updates from Windows Update Site ... download and install Ad-aware and SpywareBlaster (from my sig) make sure you check for updates and run 'em, delete anything Ad-aware finds.
 

muckshifter

I'm not weird, I'm a limited edition.
Moderator
Joined
Mar 5, 2002
Messages
25,735
Reaction score
1,204
I've never been able to "understand" any Highjack Log ... may I suggest you pop over to their forum, they "see" these things every day.



However, I can tell you that you do indeed have a Trojan that is somewhat of a bugger to eradicate ... try this;

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.S



Also, ensure you have ALL the critical updates from Windows Update Site ... download and install Ad-aware and SpywareBlaster (from my sig) make sure you check for updates and run 'em, delete anything Ad-aware finds.
 

gabriella

Sunflower Queen
Joined
Jun 1, 2004
Messages
1,394
Reaction score
0
Dear Mucks

You are always such a mine of information....

On the subject of AV etc... stuff - I have so much on my machine and wonder whether I need it all. Your 'pearls' wouldbe helpful...I have Norton AV 2004, Adaware, Hijack This, Spyware Blaster and Tune Up Utilities (actually I quite like the last one, v easy to use). I also have a copy of Zone Alarm which I haven't loaded yet, but could do if advised...........

What do you recommend please?

Gabriella xx
 

muckshifter

I'm not weird, I'm a limited edition.
Moderator
Joined
Mar 5, 2002
Messages
25,735
Reaction score
1,204
gabriella said:
Dear Mucks

You are always such a mine of information....
Well thank you ... with over 20 years "on the job" I have learn't a thing or two.
I also learn something new every day. :D


On the subject of AV etc... stuff - I have so much on my machine and wonder whether I need it all. Your 'pearls' would be helpful...I have Norton AV 2004, Adaware, Hijack This, Spyware Blaster and Tune Up Utilities (actually I quite like the last one, v easy to use). I also have a copy of Zone Alarm which I haven't loaded yet, but could do if advised...........

What do you recommend please?
As I said above ... I do not know how to "interrogate" a 'highjackthis log', so I don't use it. That's not to say it's not useful.

I personally like to keep things simple, well for me they are, so I only have "what I need" ... now the unfortunate thing about the internet is the "little nasties" that perpetuate it and the 'annoyance' of not having ONE program that can "inoculate" your system once, and be done with it. We have to rely on several programs to do that job with any degree, fortunately for us a lot of the good ones are Free.

First and foremost on the "list of must have" is a Firewall ... XP's own firewall does the job but has restrictions, so it comes as no surprise that Zone Alarm comes top of most peoples list.

Next, no system should be without an Antivirus program, as I have been an avid supporter of Norton since is conception; it’s at the top on MY list for AV protection.

Now for some of the other little "nasties" ...
Trojans are NOT viruses; the likes of Norton do detect some of the more common strains, so, we could well do with a "Trojan Scanner" in the arsenal. A free TS that springs to mind (as I have use it myself) is http://www.emsisoft.com/en/a squared2 (look on the left side of the page to get the Free version), it covers a gap in our protection, but, top marks has to go to http://www.trojanhunter.com/TrojanHunter, this is not a free program but you can 'Trial it' for 30days. This is a far superior TS and I'll be sending my electronic $$£$$ off in about 3 days.

We've all heard about Malware/Spyware/BrowserHighjackers, if you haven't, then you've had your head up your ... watch your mouth Mucks your talking to a Lady ... anyway that brings me to ... Ad-Aware ... also in the same league is http://www.safer-networking.org/index.php?lang=en&page=downloadSpybot-S&D ... quite a few people use both ... but I have also seen quite a few people find it "messing up" their system. Now, to be fair, this is not entirely the fault of SS&D but rather the "operator" not "paying attention" to SS&D correctly. I only recommend Ad-aware, its more "user friendly".

One last note ... NO PROGRAM will give you a 100% guarantee of protection or quick fixes ... disconnection from the Internet will give you 95% protection.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Windows Vista Essearch redirecting my broswer 1
Windows XP Hijackthis 4
Windows XP Windows XP Malware, Please Help. 2
Windows 7 "Windows cannot find svchost.exe?" 1
Windows XP Dell PC: c:\WINDOWS\system32\wavojami.dll not valid Windows image 2
Windows XP Control Panel Missing 1
Windows XP Rundll32.exe not responding while shutting down 2
Windows XP Windows cannot find c:/windows/svchost.exe 2

Top