Cleaning my computer up

Discussion in 'adware, spyware & hijack cleaning' started by DMS, Feb 28, 2004.

Thread Status:
Not open for further replies.
  1. DMS

    DMS Registered Member

    Joined:
    Feb 28, 2004
    Posts:
    5
    I'm in the process of cleaning up my computer. I ran Bitdefender for the first time and cleaning a lot. I ran Hijackthis next, but not sure what's needed, I turn to your help. Below is my log from the Hijackthis.

    Please advise.

    thank you :)

    Logfile of HijackThis v1.97.7
    Scan saved at 11:13:58 AM, on 2/28/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\Program Files\Speed Disk\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\pcs\pcsvc.exe
    C:\WINDOWS\wt\updater\wcmdmgr.exe
    C:\HP\KBD\KBD.EXE
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\Program Files\WildTangent\Apps\GameChannel.exe
    C:\Program Files\Common Files\Dpi\dpi.exe
    C:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
    C:\program files\softwin\bitdefender free edition\bdnagent.exe
    C:\Program Files\The Cleaner\tca.exe
    C:\Program Files\The Cleaner\tcm.exe
    C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Owner\My Documents\spyware programs\HijackThis.exe

    O2 - BHO: (no name) - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: 2by2.net Toolbar - {2B144C1E-B0C5-4667-95B4-4025B885D156} - C:\WINDOWS\System32\2by2Bar.dll
    O3 - Toolbar: 2by2Bar - {D94293A8-568A-4BED-992B-94B9CBDC2148} - C:\WINDOWS\System32\2by2Bar.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
    O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
    O4 - HKLM\..\Run: [service] C:\WINDOWS\services.exe -serv
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppta.exe /ICON
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
    O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
    O4 - HKLM\..\Run: [BDNewsAgent] c:\program files\softwin\bitdefender free edition\bdnagent.exe
    O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
    O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [BeachHead2002.exe] C:\DOCUME~1\Owner\Desktop\Games\BEACHH~1.EXE /r
    O4 - HKCU\..\Run: [Notn] C:\Documents and Settings\Owner\Application Data\eber.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: PopThis! Options... (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - https://adv2.advanta.com/CFIDE/classes/CFJava.cab
    O16 - DPF: {6F0C8A3E-8B0D-11D2-801B-00105AA78F4A} (CobAgent Class) - http://ecare2.netopia.com/horizon/cobAgent.cab
    O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181/chaincast/proxy/CCMP.cab
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4011/ftp.coupons.com/v3121/cpbrkpie.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37600.410775463
    O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://www.constructionmonitor.com/viewer/activeXViewer/activexviewer.cab
    O16 - DPF: {C6B086D2-146B-47A4-A218-B82DCAF2D872} (cpbrxpie Control) - http://a19.g.akamai.net/7/19/7125/4007/ftp.coupons.com/r3120/cpbrxpie.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    o_O
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,429
    Location:
    Netherlands
    Hi DMS,

    First, download and run http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.b@mm.removal.tool.html
    (You'll have to copy and paste the link, the boards software does not recognize the rest of the link, because of the @)

    Did you install the 2by2.net toolbar knowingly?
    I've never come across it before, so you will have to tell me if you want to get rid of it. I will spare it for now.

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
    O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
    O4 - HKLM\..\Run: [service] C:\WINDOWS\services.exe -serv

    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe

    O4 - HKCU\..\Run: [BeachHead2002.exe] C:\DOCUME~1\Owner\Desktop\Games\BEACHH~1.EXE /r
    O4 - HKCU\..\Run: [Notn] C:\Documents and Settings\Owner\Application Data\eber.exe

    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4011/ftp.coupons.com/v3121/cpbrkpie.cab

    O16 - DPF: {C6B086D2-146B-47A4-A218-B82DCAF2D872} (cpbrxpie Control) - http://a19.g.akamai.net/7/19/7125/4007/ftp.coupons.com/r3120/cpbrxpie.cab

    Then reboot and delete:
    C:\WINDOWS\system32\pcs <= entire folder
    C:\Program Files\AutoUpdate <= entire folder
    C:\Program Files\Common Files\Dpi <= entire folder
    C:\Documents and Settings\Owner\Application Data\eber.exe

    Regards,

    Pieter
     
  3. DMS

    DMS Registered Member

    Joined:
    Feb 28, 2004
    Posts:
    5
    Thank you for your quick response. I only just had time to go and fix the items you suggested. As for the 2by2.net bar, I did install it, but if you have an idea for a good tool bar, I'm open? :)

    After the clean up here is my Hijack log now. Any other suggestions?

    Much appreciation.

    Logfile of HijackThis v1.97.7
    Scan saved at 7:04:01 PM, on 2/28/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\Program Files\Speed Disk\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\WINDOWS\Explorer.EXE
    C:\HP\KBD\KBD.EXE
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\program files\softwin\bitdefender free edition\bdnagent.exe
    C:\Program Files\The Cleaner\tca.exe
    C:\Program Files\The Cleaner\tcm.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    c:\progra~1\softwin\bitdef~1\bdmcon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Owner\My Documents\spyware programs\HijackThis.exe

    O2 - BHO: (no name) - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: 2by2.net Toolbar - {2B144C1E-B0C5-4667-95B4-4025B885D156} - C:\WINDOWS\System32\2by2Bar.dll
    O3 - Toolbar: 2by2Bar - {D94293A8-568A-4BED-992B-94B9CBDC2148} - C:\WINDOWS\System32\2by2Bar.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppta.exe /ICON
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
    O4 - HKLM\..\Run: [BDNewsAgent] c:\program files\softwin\bitdefender free edition\bdnagent.exe
    O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
    O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: PopThis! Options... (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - https://adv2.advanta.com/CFIDE/classes/CFJava.cab
    O16 - DPF: {6F0C8A3E-8B0D-11D2-801B-00105AA78F4A} (CobAgent Class) - http://ecare2.netopia.com/horizon/cobAgent.cab
    O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181/chaincast/proxy/CCMP.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37600.410775463
    O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://www.constructionmonitor.com/viewer/activeXViewer/activexviewer.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
  4. Zealot

    Zealot Registered Member

    Joined:
    Feb 26, 2004
    Posts:
    5
    Google tool bar has to be the best i recomment it. Very handy tool for the best search engine on earth. Just choose not to install that tracking option crap in the installation its unnecessary.
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,429
    Location:
    Netherlands
    Your log looks good now.
    I hardly ever use IE, so I will skip recommending another toolbar. :)

    Regards,

    Pieter
     
  6. DMS

    DMS Registered Member

    Joined:
    Feb 28, 2004
    Posts:
    5
    Thank you both for the information. My computer is booting up faster and I have now recovered about 5 gig :eek: of hard drive space, between the viruses and some other programs that I didn't need.

    I went ahead and got rid of the toolbar, I really didn't use it that much anyway and I will probably not get another.

    Thank you again for your time and wisdom. I have already recommended this forum to others and will continue to use it myself. :D
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.